Fighting cybercrime with AI

Carlos Rodrigues (Siemens)

14:35–15:15 Thursday, 17 October 2019

Location: Buckingham Room - Palace Suite

Implementing AI

Secondary topics: Deep Learning, Machine Learning

Average rating:

(5.00, 3 ratings)

Who is this presentation for?

Data scientists, security professionals, and any enthusiast with midlevel knowledge of applied machine learning

Level

Intermediate

Description

In 2017, an average of 200,000 new malware samples were captured each day. This value increased by 328%. Cybercriminals have stepped up their game, and they already use advanced techniques to penetrate organization defenses and steal critical data, causing millions in losses. The average total cost of a data breach is $3.62 million. Organizations’ cyberdefense departments have to reinvent their defense mechanisms to keep up with the new threats, and regular detection systems are not enough. Adding more bodies to defensive efforts no longer improves defense due to diminished returns from increased human labor and manual defensive tactics. These limitations converge into a significant problem for organizations’ last line of defense, the security analysts team. Therefore, this evolving landscape of threats demands innovation. A plethora of new defensive tactics is mandatory to advance a defensive posture in a challenging and impactful cyber war zone. It is time to bring AI to the fight.

Carlos Rodrigues outlines the impact of using bleeding-edge technology such as deep learning in production to improve threat detection in a worldwide company, namely, Siemens, with a corporate network that has more than 500,000 hosts. It inherently imposes a highly atypical set of challenges with regard to malware detection.

Carlos walks you through the status quo of cybercrime, its motivations, and a very concrete use case of malware, domain generation algorithms. Once you understand how it works in practice, you’ll see some real examples of domains and have to determine which were legitimate domain names and malicious ones that were generated by malware. Most people, including security professionals, are only able to make random guesses.

You’ll be introduced to the sequence of approaches taken to tackle the problem using traditional machine learning, and Carlos outlines the ones that have not worked and why. You’ll enter the realm of deep learning, where the building blocks to assemble a network capable of producing outstanding results are illustrated with diagrams and code. The training process of these neural networks requires attention, and many times it does not converge. But, when it does, a threat detection solution emerges that even the most convoluted malware will have a hard time trying to bypass.

Prerequisite knowledge

An intermediate understanding of machine learning (useful but not required)

What you'll learn

Learn about cybersecurity and why it matters
Discover how to apply bleeding-edge AI in your daily work and that you shouldn't be discouraged if machine learning takes multiple trials
See complete examples of code that compose a neural network with TensorFlow and Keras capable of using text as input (domain names) to produce a suspiciousness score (malware or not)

Carlos Rodrigues

Siemens

Carlos Rodrigues is a lead cloud engineer and data scientist at Siemens Cyber Defense Department. Previously, Carlos worked at a financial institution that manages more than £20 billion of assets, helping them to design a data-driven strategy, among other things. During his spare time, Carlos teaches postgraduates in data science at Rumos.