Role of AI in Threat Detection and Zero-day Attacks
R
o
l
e
o
f
A
I
i
n
T
h
r
e
a
t
D
e
t
e
c
t
i
o
n
a
n
d
Z
e
r
o
-
d
a
y
A
t
t
a
c
k
s
Presented by:
Kelly Morgan
Introduction
Cybercrime and attack methods have been steadily increasing since 2019 (pandemic)
In the years f
ollowing 2019, the number of victims and attacks per hour has rapidly increased
T
hreat landscape has grown rapidly as more technologies are introduced and businesses continue
to go digita
l
Zero-day exploits have skyrocketed across all industries with increasing internet of things (IoT),
cloud hosting, and more advanced mobile technologies
State-sponsored actors, led by Chinese groups, are the primary attackers of zero-days
Zero-days bypass the traditional signature and anomaly-based detections and antivirus software
Frameworks incorporating
AI, such as machine learning and deep learning along with traditional
techniques are more effective at detecting zero-days and other novel malware
Artificial Intelligence (AI) Background
F
irst appeared around the 1940s
S
imulation of humanlike properties, namely
intelligence, by a machine
AI Applications
Automobiles
C
omputer applications
Agriculture
Medicine
C
ybersecurity ranges and defense
methods
Subsets of AI
Machine
learning (ML)
Deep learning (DL)
Expert Syste
ms
Ne
ural Networks
Machine Learning and Deep Learning
M
a
c
h
i
n
e
l
e
a
r
n
i
n
g
E
nables systems to learn and evolve
without explicit programming
Commonly uses structure labeled data
D
e
e
p
l
e
a
r
n
i
n
g
S
ubset of ML
Utilizes
artificial neural networks
to
mimic
human thinking
Uses unstructured data
S
u
p
e
r
v
i
s
e
d
l
e
a
r
n
i
n
g
L
abelled data sets used in training
models, which is used for subsequent
data sets and outcome prediction
Human intervention is required
U
n
s
u
p
e
r
v
i
s
e
d
l
e
a
r
n
i
n
g
M
odels are trained using raw, unlabeled
data
Without human intervention
E
x
p
l
a
i
n
a
b
i
l
i
t
y
a
n
d
C
h
a
l
l
e
n
g
e
s
Obscurity of AI systems
Reasoning involving decisions and outcome predictions
Data poisoning- attacker alters the data used for learning
I
nherent system vulnerabilities
T
hreat of advanced attacks by enemies
T
h
r
e
a
t
L
a
n
d
s
c
a
p
e
Z
e
r
o
-
d
a
y
A
t
t
a
c
k
s
E
xploits of unknown vulnerabilities, or
flaws in software and hardware
M
ade up 80% of successful incidents
involving compromised data in 2019
(Ponemon, 2020)
Resistant to traditional techniques:
antivirus, signature-based, and patching
N
o
t
a
b
l
e
Z
e
r
o
-
d
a
y
s
Stuxnet- computer worm that targeted
Iranian SCADA systems
Sony hacks- data breach
RSA attack- zero-day Adobe Flash exploit
DNC hacks- data breach
T
y
p
e
s
P
olymorphic Worms
Viruses
T
rojans
M
e
t
h
o
d
s
P
hishing/spamming (malicious emails)
E
mbedding exploits in compromised
sites/browsers
Software/hardware vulnerability hunting
Traditional Cybersecurity Techniques
S
i
g
n
a
t
u
r
e
-
b
a
s
e
d
d
e
t
e
c
t
i
o
n
Repository of signatures of known malware/attacks
Used for inspecting current programs and activities for malicious code or patterns.
C
h
a
l
l
e
n
g
e
Failure to detect zero-days
F
ailure to detect evolving threats: polymorphic and metamorphic malwares
A
n
o
m
a
l
y
-
b
a
s
e
d
d
e
t
e
c
t
i
o
n
O
perates on the established baseline of normal or good behavior and activities
D
etect patterns of deviations or anomalous activity
C
h
a
l
l
e
n
g
e
Susceptibility to high false alarm rate
P
r
o
p
o
s
e
d
S
t
r
a
t
e
g
y
A
I
-
b
a
s
e
d
f
r
a
m
e
w
o
r
k
c
o
m
b
i
n
i
n
g
s
u
p
e
r
v
i
s
e
d
a
n
d
u
n
s
u
p
e
r
v
i
s
e
d
M
a
c
h
i
n
e
l
e
a
r
n
i
n
g
i
n
a
d
d
i
t
i
o
n
t
o
t
r
a
d
i
t
i
o
n
a
l
c
y
b
e
r
s
e
c
u
r
i
t
y
p
r
a
c
t
i
c
e
s
S
u
p
e
r
v
i
s
e
d
M
a
c
h
i
n
e
L
e
a
r
n
i
n
g
Rapidly analyze
large volumes of data
generated in system
Models train and learn from their own
evolving sample sets
A
utomating tasks: threat detection,
response, and classifying new threat
patterns
Powerful
computational analysis improves
accuracy of threat detection
C
h
a
l
l
e
n
g
e
(
S
u
p
e
r
v
i
s
e
d
)
D
etecting novel malware
B
uilding precise classification models
U
n
s
u
p
e
r
v
i
s
e
d
M
a
c
h
i
n
e
L
e
a
r
n
i
n
g
U
tilizes unlabeled data sets, without the
need for human intervention to discover:
o
U
nknown relationships
o
Trends
o
Key
patterns within data
Capable of revealing previously unknown
insights and making predictions
Generates vast amounts of probability-
based calculations to:
o
D
etect new threat patterns and novel
malware
o
Establish normal behaviors and
deviations
o
Detect unseen threats or zero-days
(without relying solely on past threat
information)
Thank You
Cybercrime has been on the rise, especially with the surge in zero-day attacks targeting various industries. State-sponsored actors, like Chinese groups, dominate zero-day exploits, challenging traditional detection methods. Incorporating AI, machine learning, and deep learning is vital in enhancing threat detection capabilities to combat these advanced attacks effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Role of AI in Threat Detection and Zero-day Attacks Presented by: Kelly Morgan
Introduction Cybercrime and attack methods have been steadily increasing since 2019 (pandemic) In the years following 2019, the number of victims and attacks per hour has rapidly increased Threat landscape has grown rapidly as more technologies are introduced and businesses continue to go digital Zero-day exploits have skyrocketed across all industries with increasing internet of things (IoT), cloud hosting, and more advanced mobile technologies State-sponsored actors, led by Chinese groups, are the primary attackers of zero-days Zero-days bypass the traditional signature and anomaly-based detections and antivirus software Frameworks incorporating AI, such as machine learning and deep learning along with traditional techniques are more effective at detecting zero-days and other novel malware
Artificial Intelligence (AI) Background First appeared around the 1940s AI Applications Automobiles Computer applications Agriculture Medicine Cybersecurity ranges and defense methods Simulation of humanlike properties, namely intelligence, by a machine Subsets of AI Machine learning (ML) Deep learning (DL) Expert Systems Neural Networks
Machine Learning and Deep Learning Machine learning Enables systems to learn and evolve without explicit programming Commonly uses structure labeled data Supervised learning Labelled data sets used in training models, which is used for subsequent data sets and outcome prediction Human intervention is required Deep learning Subset of ML Utilizes artificial neural networks to mimic human thinking Uses unstructured data Unsupervised learning Models are trained using raw, unlabeled data Without human intervention
Explainability and Challenges Obscurity of AI systems Reasoning involving decisions and outcome predictions Data poisoning- attacker alters the data used for learning Inherent system vulnerabilities Threat of advanced attacks by enemies
Threat Landscape Zero-day Attacks Exploits of unknown vulnerabilities, or flaws in software and hardware Made up 80% of successful incidents involving compromised data in 2019 (Ponemon, 2020) Resistant to traditional techniques: antivirus, signature-based, and patching Types Polymorphic Worms Viruses Trojans Methods Phishing/spamming (malicious emails) Embedding exploits in compromised sites/browsers Software/hardware vulnerability hunting Notable Zero-days Stuxnet- computer worm that targeted Iranian SCADA systems Sony hacks- data breach RSA attack- zero-day Adobe Flash exploit DNC hacks- data breach
Traditional Cybersecurity Techniques Signature-based detection Repository of signatures of known malware/attacks Used for inspecting current programs and activities for malicious code or patterns. Challenge Failure to detect zero-days Failure to detect evolving threats: polymorphic and metamorphic malwares Anomaly-based detection Operates on the established baseline of normal or good behavior and activities Detect patterns of deviations or anomalous activity Challenge Susceptibility to high false alarm rate
Proposed Strategy AI-based framework combining supervised and unsupervised Machine learning in addition to traditional cybersecurity practices Supervised Machine Learning Rapidly analyze large volumes of data generated in system Models train and learn from their own evolving sample sets Automating tasks: threat detection, response, and classifying new threat patterns Powerful computational analysis improves accuracy of threat detection Unsupervised Machine Learning Utilizes unlabeled data sets, without the need for human intervention to discover: o Unknown relationships o Trends o Key patterns within data Capable of revealing previously unknown insights and making predictions Generates vast amounts of probability- based calculations to: o Detect new threat patterns and novel malware o Establish normal behaviors and deviations o Detect unseen threats or zero-days (without relying solely on past threat information) Challenge (Supervised) Detecting novel malware Building precise classification models
