Role of AI in Threat Detection and Zero-day Attacks
Cybercrime has been on the rise, especially with the surge in zero-day attacks targeting various industries. State-sponsored actors, like Chinese groups, dominate zero-day exploits, challenging traditional detection methods. Incorporating AI, machine learning, and deep learning is vital in enhancing threat detection capabilities to combat these advanced attacks effectively.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Role of AI in Threat Detection and Zero-day Attacks Presented by: Kelly Morgan
Introduction Cybercrime and attack methods have been steadily increasing since 2019 (pandemic) In the years following 2019, the number of victims and attacks per hour has rapidly increased Threat landscape has grown rapidly as more technologies are introduced and businesses continue to go digital Zero-day exploits have skyrocketed across all industries with increasing internet of things (IoT), cloud hosting, and more advanced mobile technologies State-sponsored actors, led by Chinese groups, are the primary attackers of zero-days Zero-days bypass the traditional signature and anomaly-based detections and antivirus software Frameworks incorporating AI, such as machine learning and deep learning along with traditional techniques are more effective at detecting zero-days and other novel malware
Artificial Intelligence (AI) Background First appeared around the 1940s AI Applications Automobiles Computer applications Agriculture Medicine Cybersecurity ranges and defense methods Simulation of humanlike properties, namely intelligence, by a machine Subsets of AI Machine learning (ML) Deep learning (DL) Expert Systems Neural Networks
Machine Learning and Deep Learning Machine learning Enables systems to learn and evolve without explicit programming Commonly uses structure labeled data Supervised learning Labelled data sets used in training models, which is used for subsequent data sets and outcome prediction Human intervention is required Deep learning Subset of ML Utilizes artificial neural networks to mimic human thinking Uses unstructured data Unsupervised learning Models are trained using raw, unlabeled data Without human intervention
Explainability and Challenges Obscurity of AI systems Reasoning involving decisions and outcome predictions Data poisoning- attacker alters the data used for learning Inherent system vulnerabilities Threat of advanced attacks by enemies
Threat Landscape Zero-day Attacks Exploits of unknown vulnerabilities, or flaws in software and hardware Made up 80% of successful incidents involving compromised data in 2019 (Ponemon, 2020) Resistant to traditional techniques: antivirus, signature-based, and patching Types Polymorphic Worms Viruses Trojans Methods Phishing/spamming (malicious emails) Embedding exploits in compromised sites/browsers Software/hardware vulnerability hunting Notable Zero-days Stuxnet- computer worm that targeted Iranian SCADA systems Sony hacks- data breach RSA attack- zero-day Adobe Flash exploit DNC hacks- data breach
Traditional Cybersecurity Techniques Signature-based detection Repository of signatures of known malware/attacks Used for inspecting current programs and activities for malicious code or patterns. Challenge Failure to detect zero-days Failure to detect evolving threats: polymorphic and metamorphic malwares Anomaly-based detection Operates on the established baseline of normal or good behavior and activities Detect patterns of deviations or anomalous activity Challenge Susceptibility to high false alarm rate
Proposed Strategy AI-based framework combining supervised and unsupervised Machine learning in addition to traditional cybersecurity practices Supervised Machine Learning Rapidly analyze large volumes of data generated in system Models train and learn from their own evolving sample sets Automating tasks: threat detection, response, and classifying new threat patterns Powerful computational analysis improves accuracy of threat detection Unsupervised Machine Learning Utilizes unlabeled data sets, without the need for human intervention to discover: o Unknown relationships o Trends o Key patterns within data Capable of revealing previously unknown insights and making predictions Generates vast amounts of probability- based calculations to: o Detect new threat patterns and novel malware o Establish normal behaviors and deviations o Detect unseen threats or zero-days (without relying solely on past threat information) Challenge (Supervised) Detecting novel malware Building precise classification models
