synthetic teammates and the future of cybersecurity · 1 synthetic teammates and the future of...
Post on 01-Aug-2020
2 Views
Preview:
TRANSCRIPT
1
Synthetic Teammates andthe Future of Cybersecurity
Dr. Fernando Maymí Lead Scientist, Cyberspace Operations
Soar Technology, Inc.fernando.maymi@soartech.com
8 August 2017
2
- THE FUTURE THREAT LANDSCAPE- SYNTHETIC TEAMMATES- WORKFORCE DEVELOPMENT
3
- THE FUTURE THREAT LANDSCAPE- SYNTHETIC TEAMMATES- WORKFORCE DEVELOPMENT
4
The Tactical Battlefield of 2050
• Augmented humans
• Automated decision making and autonomous processes
• Misinformation as a weapon
• Micro-targeting
• Large-scale self-organization and collective decision making
• Cognitive modeling of the opponent
• Ability to understand and cope in a contested, imperfect, information environment
6
7
8
9
10
11
12
Concerns
• War on reality: the weaponization of data
• Blended attacks
• Micro-targeting
• Efficiency is easy to hack
• Complex autonomous systems
Understanding the context is essential
13
- THE FUTURE THREAT LANDSCAPE- SYNTHETIC TEAMMATES- WORKFORCE DEVELOPMENT
14
Partial Artificial Intelligence Taxonomy
Machine Learning Cognitive Modeling
15
(Oversimplifying) Artificial Intelligence
Source, Fair use, https://en.wikipedia.org/w/index.php?curid=36632393,
https://readingraphics.com/book-summary-thinking-fast-and-slow/
Analogous to
Machine Learning
Analogous to
Cognitive Modeling
16
Autonomous Agents
Sense
Act
Think
Learn
17
MACHINE LEARNING
System 1
17
18
Machine Learning
Extract
Features
Filter
Noise
Sense
Data
Classify
Sample
External agent validates
results during training phase
Production (trained) system
outputs results to other systems
19
Adversarial Machine Learning
Original image
classified as a panda
with 60% confidence
Imperceptibly modified
image classified as a
gibbon with 99%
confidence
Tiny adversarial
perturbation
This is a gibbon
Source, Fair use, http://www.kdnuggets.com/2015/07/deep-learning-adversarial-examples-misconceptions.html,
https://www.ippl.org/gibbon/wp-content/uploads/2010/09/peppyaction-269x300.jpg
20
Adversarial Machine Learning
Original image
classified as malware
with 60% confidence
Imperceptibly modified
file classified as
whitelisted software
with 99% confidence
Tiny adversarial
perturbation
Source, Fair use, http://www.kdnuggets.com/2015/07/deep-learning-adversarial-examples-misconceptions.html,
https://stixproject.github.io/documentation/idioms/maec-malware/
21
Towards a Solution
22
COGNITIVE MODELING
System 2
22
23
Towards a Common Model of TTPs
Procedures: the algorithmic, atomic unit of cyberspace operations
Techniques: unique ways to perform procedures
Tactics: directed subgraphs of procedures with one or more goals
as their terminal nodes
24
Towards a Common Model of TTPs
Procedures: the algorithmic, atomic unit of cyberspace operations
Techniques: unique ways to perform procedures
Tactics: directed subgraphs of procedures with one or more goals
as their terminal nodes
25
Towards Common Models of Threat Actors
Partial model of APT28 (Fancy Bear) during Operation Pawn Storm
26
Simulated Cognitive Cyber Red-team Attack Model
Command & Control
Situation Reports
Human
Controller
Cyber Actions
Network Under Test
SC2RAM
27
SC2RAM Graphical User Interface
28
Network Attack Visualization
Developed by IHMC for SC2RAM
29
Using Synthetic Attackers for Cybersecurity
30
Autonomous Hunt Teammate
Hypothesis
Generator
Learning Module
Hypothesis
Evaluation
Threat Intel Feeds Other Feeds Internal Models
DHS
ISAC
Commercial
Dark
Web
Social
MediaAssets TTPs
Attacks
Logs
IDS
Firewalls
Internal Sensors
31
- THE FUTURE THREAT LANDSCAPE- SYNTHETIC TEAMMATES- WORKFORCE DEVELOPMENT
32
Workforce Pipeline
Access Employ Develop Retain
33
What Are We Looking For?
Source, fair use: http://host.madison.com/ct
Access Employ Develop Retain
34
Why?
Source, fair use: http://dailymail.co.uk
Access Employ Develop Retain
35
Key Hiring Trends in Cybersecurity
• Companies are seeking certified candidates- 35% of positions required a certification
• Companies are seeking educated candidates
- 80% of positions require a Bachelor’s degree
• Hands-on skills are more valuable than managerial ones- Lead Software Developer average salary: $ 233,333
- Chief Security Officer average salary: $ 225,000
• Openings are harder to fill- Cybersecurity openings remain open 8% longer than IT ones
- Security clearances or financial sector experience is even harder to fill
• Next-generation gap- Younger generation is not as interested in cybersecurity, particularly women
Access Employ Develop Retain
36
Developing the Cybersecurity Workforce
Access Employ Develop Retain
Source, fair use: http://www.naturethruphotos.com
37
Developing the Cybersecurity Workforce
Access Employ Develop Retain
Source, fair use: https://certification.comptia.org
38
Retention
Access Employ Develop Retain
39
Most Importantly…
Source: https://www.123rf.com/profile_garagestock
Access Employ Develop Retain
40
fernando.maymi@soartech.com
top related