Artificial Intelligence for Cybersecurity · Artificial Intelligence and Machine Learning. Machine...
Transcript of Artificial Intelligence for Cybersecurity · Artificial Intelligence and Machine Learning. Machine...
Artificial Intelligence for Cybersecurity
Andrea Saracino, IIT-CNR
Roma - 29 Ottobre 2018
Application of Artificial Intelligence
Application of Artificial Intelligence
Application of Artificial Intelligence
Artificial Intelligence and Machine Learning
Machine Learning
Unsupervised Learning
Clustering
Clustering (2)
• Can be aggregative or divisive
• Able to work on unlabeled data
• Automatically infers patterns out of input data
• Fast thanks to low complexity
• Does not characterize results
Supervised Learning
Supervised Learning - Training
Machine Learning
Algorithm
Input
ExpectedOutput
Model
Supervised Learning - Application
ModelInput Output
Classification
• Assigning a label (class) to each sample of a dataset.
Machine Learning
Algorithm
Input
Label
Model
Feature Extraction
Feature Apple Orange
Shape Not Round Round
Skin Smooth Non-Smooth
Color Not Orange Orange
A1: 0,1,0O1: 1,0,1
Error
Evaluation Indexes
True Acceptance (Match) Rate (TAR) - Probability to correctly match input pattern to a
matching template. It measures the percent of valid inputs which are correctly accepted.
True Rejection (Non Match) Rate (TRR) - Probability to correctly detect non-matching input
pattern to any template stored in the database. It measures the percent of invalid inputs which
are correctly rejected.
False Acceptance Rate (FAR) - Probability to incorrectly match input pattern to a non-matching
template stored in the database. It measures the percent of invalid inputs which are incorrectly
accepted. It is more dangerous than FRR.
False Rejection Rate (FRR) - Probability to fail to detect a match between the input pattern and
a matching template in the database. It measures the percent of valid inputs which are
incorrectly rejected.
Deep Learning-based Methodologies
• Techniques very effective for image recognition problems• Classify objects
• Detecting presence
• Identifying similarities
• Applied widely to face detection starting from 2014
Difference With Machine Learning
Deep learning: architecture structure
Deep CNN architecture example
Applications to Cybersecurity
SPAM email analysis
SPAM
• Unsolicited advertisement message sent to a large number of Internet users via email
SPAM analysis services
Anti-Spam Filter: HAM vs SPAM
• Based on Deep Learning and Bayesian Classifiers
SPAM analysis service
Threat Identification:
• Advertisement
• Phishing
• Confidential Trick
• Malware
• Portal
Advertisement
Phishing
Scam
Malware
Portal
Spam Campaign
Spammer
BotBot Bot
Bot
SPAM analysis service
• Campaign Clustering
Categorical Clustering Tree (CCTree)
• Entropy-based clustering algorithm and classifier
• Exploting structural features• Not based on semantic
• Fast and accurate
Malware Analysis
Network Traffic Analysis
Techniques
• Sketch analysis for DDoS prevention
• Text analysis for DGA Recognition
• Cybersquatting automated detection
Behavioral Authentication
Gait-Based Authentication
• Using the walking pattern of a person to verify her identity.
• Each person as a completely unique walking pattern• Mix of physical (biometric) elements and behavioral ones.
Gait Analysis
• Analyzing a person movement pattern.• Monitor clinical conditions related to walking pattern
• Fall detection for early assistance to elderly people
• Extraction of features for user identification
Gait Analysis (2)
• Can be performed by means of accelerometers
• Extraction of acceleration on the three axis
• Multiple accelerometers allow to monitor different parts of the body.
Workflow
• Usage of deep learning and accelerometers for user authentication.
Authenticated
Not Authenticated
Monitoring Extraction Filtering Classification
Framework
• Classifier based on Convolutional Neural Network (CNN).
• Features extracted from 5 body sensors
• Readings normalized and filtered for noise reduction
• Normalized readings are used to train and then test deep learningCNN.
Results
Concluding
• More and more application related to cybersecurity exploit AI
• Increasing need of knowledge to design and tune-up specific machine learning methodologies
• Beware of possible malicious use of machine learning
Thank You