The future of cybersecurity will pit AI against AI. In this talk, we explore the role of AI in strengthening security defenses as well as the role of security in protecting AI services. We expect that the scale, scope and frequency of cyber attacks will increase disruptively with attackers harnessing AI to develop attacks that are even more targeted, sophisticated and evasive. At the same time, analysts in security operations centers are being increasingly overwhelmed in their efforts to keep up with the tasks of detecting, managing and responding to attacks. To cope, the security industry and practitioners are experimenting with the application of AI and machine learning technologies in different areas of security operations. These include a diverse set of areas such as detecting (mis)behaviors and malware, extracting and consolidating threat intelligence, reasoning over security alerts, and recommending countermeasures and/or protective measures.
At the same time, adversarial attacks on machine learning systems have become an indisputable threat. Attackers can compromise the training of machine learning models by injecting malicious data into the training set (so-called poisoning attacks), or by crafting adversarial samples that exploit the blind spots of machine learning models at test time (so-called evasion attacks). Adversarial attacks have been demonstrated in a number of different application domains, including malware detection, spam filtering, visual recognition, speech-to-text conversion, and natural language understanding. Devising comprehensive defenses against poisoning and evasion attacks by adaptive adversaries is still an open challenge. Thus, gaining a better understanding of the threat by adversarial attacks and developing more effective defense systems and methods are paramount for the adoption of machine learning systems in security-critical real-world applications.
The talk will provide an industrial research perspective and will cover research conducted at IBM Security Research over the several years.
As one of the most interesting areas in cyber forensics, multimedia forensics faces many challenges as users are generating a humongous amount of data with different operations. Forgery detection and steganography detection are two hotspots in multimedia forensics. To solve some highly challenging problems in multimedia forensics, especially in image forensics, we will introduce in this tutorial large feature mining-based approaches with ensemble learning in image forgery detection, including seam-carving forgery and inpainting forgery in JPEG images with the subsequent anti-forensics' operations. We will also introduce deep learning and apply the well-known deep learning models that were transferred and used for image forgery detection and image steganalysis, which considerably improve the detection accuracy.
The preponderance of smart devices, such as smartphones, has boosted the development and use of mobile applications (apps) in the recent years. This prevalence induces a large volume of mobile app usage data. The analysis of such information could lead to a better understanding of users' behaviours in using the apps they have installed, even more if these data can be coupled with a given context (location, time, date, sociological data...). However, mobile and apps usage data are very sensitive, and are today considered as personal. Their collection and use pose serious concerns associated with individuals' privacy. To reconcile harnessing of data and privacy of users, we investigate in this paper the possibility to conduct privacy-preserving mobile data usage statistics that will prevent any inference or re-identification risks. The key idea is for each user to encrypt their (private and sensitive) inputs before sending them to the data processor. The possibility to perform statistics on those data is then possible thanks to the use of functional encryption, a cryptographic building block permitting to perform some allowed operations over encrypted data. In this paper, we first show how it is possible to obtain such individuals' usage of their apps, which step is necessary for our use case, but can at the same time pose some security problems w.r.t. those apps. We then design our new encryption scheme, adding some fault tolerance property to a recent dynamic decentralized function encryption scheme. We finally show how we have implemented all that, and give some benchmarks.
Smartphones contain intimate details of users that are inferred from collected data or explicitly stored on the device. These details include daily travel patterns including most frequently visited locations, private photos, addresses and birthdays of their contacts, and more. Consumers have a general awareness that services they use without a financial payment are paid for in part by advertisements. Additionally, they have a general awareness that these services collect detailed information while they use the service. In iOS, applications must provide a detailed description in how they will use data that requires permission from the user. However, the provided description often only tells part of the story. Behind the scenes, consumers are unable to see how applications share information or which part of data the application utilizes. Additionally, consumers are unable to see how often applications communicate with advertisement services and if they share data gathered through permissions from the application. In this paper we created EMPAware, a system that provides users an enhanced awareness in how applications use their data. Users are able to view in real-time through a web portal how applications use their data and how they communicate with advertisement servers. Using EMPAware, we performed a study measuring the impact that an enhanced awareness has on the perception of mobile privacy with 32 participants. From this study, users became more concerned with privacy where 79% believe applications misuse data and 89% believe they have little control of their data. EMPAware demonstrates that when users have a better understanding in how applications use their data, they become more concerned with the privacy.
When multiple parties that deal with private data aim for a collaborative prediction task such as medical image classification, they are often constrained by data protection regulations and lack of trust among collaborating parties. If done in a privacy-preserving manner, predictive analytics can benefit from the collective prediction capability of multiple parties holding complementary datasets on the same machine learning task. This paper presents PRICURE, a system that combines complementary strengths of secure multi-party computation (SMPC) and differential privacy (DP) to enable privacy-preserving collaborative prediction among multiple model owners. SMPC enables secret-sharing of private models and client inputs with non-colluding secure servers to compute predictions without leaking model parameters and inputs. DP masks true prediction results via noisy aggregation so as to deter a semi-honest client who may mount membership inference attacks. We evaluate PRICURE on neural networks across four datasets including benchmark medical image classification datasets. Our results suggest PRICURE guarantees privacy for tens of model owners and clients with acceptable accuracy loss. We also show that DP reduces membership inference attack exposure without hurting accuracy.
Nowadays, the number of services is increasing which allows users to perform their tasks easily. A huge amount of data is published regularly where the personal data takes the lion's share. In fact, personal data protection remains a big issue as far as how the service provider collected the data and for what purpose. Therefore, the privacy of the data owner has to be preserved by putting a strategy to control the data usage by the services. The concept of inter services privacy has been marginalized in the previous privacy preserving works. This paper proposes SDGchain, a secure and privacy-preserving decentralized model that uses secure service dependency graph (SDG) combined with permissioned blockchain Hyperledger fabric, which cooperates with an off-chain storage. In our design the SDG is used to control inter services interactions by building dependencies, measuring the level of trust, calculating the quality of service to ensure the privacy preservation of the service using blockchain to support authentication, access control and the logging operations for immutable and auditable history.
Role-based access control (RBAC) model has gained significant attention in cybersecurity in recent years. RBAC restricts system access only to authorized users based on the roles and regulations within an organization. The flexibility and usability of this model have encouraged organizations to migrate from traditional discretionary access control (DAC) models to RBAC. However, this transition requires accomplishing a very challenging task called role mining in which users' roles are generated from the existing access control lists. Although various approaches have been proposed to address this NP-complete problem in the literature, they suffer either from low scalability such that their execution time increases exponentially with the input size, or they rely on fast heuristics with low optimality that generate too many roles. In this paper, we introduce a highly scalable yet optimal approach to tackle the role mining problem. To this end, we utilize a non-negative rank reduced matrix decomposition method to decompose a large-scale user-permission assignment into two constitutive components, i.e. the user-role and role-permission assignments. Then, we apply a thresholding technique to convert real-valued components into binary-valued factors. We employ various access control configurations and demonstrate that our proposed model is able to effectively discover the latent relationship behind the user-permission data even with large datasets.
This paper presents TrollHunter2020, a real-time detection mechanism we used to hunt for trolling narratives on Twitter during and in the aftermath of the 2020 U.S. elections. Trolling narratives form on Twitter as alternative explanations of polarizing events with the goal of conducting information operations or provoking emotional responses. Detecting trolling narratives thus is an imperative step to preserve constructive discourse on Twitter and remove the influx of misinformation. Using existing techniques, the detection of such content takes time and a wealth of data, which, in a rapidly changing election cycle with high stakes, might not be available. To overcome this limitation, we developed TrollHunter2020 to hunt for trolls in real-time with several dozen trending Twitter topics and hashtags corresponding to the candidates' debates, the election night, and the election aftermath. TrollHunter2020 utilizes a correspondence analysis to detect meaningful relationships between the top nouns and verbs used in constructing trolling narratives while they emerge on Twitter. Our results suggest that the TrollHunter2020 indeed captures the emerging trolling narratives in a very early stage of an unfolding polarizing event. We discuss the utility of TrollHunter2020 for early detection of information operations or trolling and the implications of its use in supporting a constrictive discourse on the platform around polarizing topics.
As social engineering attacks have become prevalent, people are increasingly convinced to give their important personal or financial information to attackers. Telephone scams are common and less well-studied than phishing emails. We have found that social engineering attacks can be characterized by a set of speech acts which are performed as part of the scam. A speech act is statements or utterances expressed by an individual that not only conveys information but also performs an action. Although attackers adjust their delivery and wording on the phone to match the victim, scams can be grouped into classes that all share common speech acts. Each scam type is identified by a set of speech acts that are collectively referred to as a scam signature. We present a social engineering detection approach called the Anti-Social Engineering Tool ASsET, which detects attacks based on the semantic content of the conversation. Our approach uses word embedding techniques from natural language processing to determine if the meaning of a scam signature is contained in a conversation. In order to evaluate our approach, a dataset of telephone scams has been gathered which are written by volunteers based on examples of real scams from official websites. This dataset is the first telephone-based scam dataset, to the best of our knowledge. Our detection method was able to distinguish scam and non-scam calls with high accuracy.
Nowadays, it is increasingly difficult even for a machine learning expert to incorporate all of the recent best practices into their modeling due to the fast development of state-of-the-art machine learning techniques. For the applications that handle big data sets, the complexity of the problem of choosing the best performing model with the best hyper-parameter setting becomes harder. In this work, we present an empirical evaluation of automated machine learning (AutoML) frameworks or techniques that aim to optimize hyper-parameters for machine learning models to achieve the best achievable performance. We apply AutoML techniques to the malware detection problem, which requires achieving the true positive rate as high as possible while reducing the false positive rate as low as possible. We adopt two AutoML frameworks, namely AutoGluon-Tabular and Microsoft Neural Network Intelligence (NNI) to optimize hyper-parameters of a Light Gradient Boosted Machine (LightGBM) model for classifying malware samples. We carry out extensive experiments on two data sets. The first data set is a publicly available data set (EMBER data set), that has been used as a benchmarking data set for many malware detection works. The second data set is a private data set we have acquired from a security company that provides recently-collected malware samples. We provide empirical analysis and performance comparison of the two AutoML frameworks. The experimental results show that AutoML frameworks could identify the set of hyper-parameters that significantly outperform the performance of the model with the known best performing hyper-parameter setting and improve the performance of a LightGBM classifier with respect to the true positive rate from $86.8%$ to $90%$ at $0.1%$ of false positive rate on EMBER data set and from $80.8%$ to $87.4%$ on the private data set.