Artificial intelligence (AI) and machine learning (ML) are incredibly powerful tools for the security industry as a whole, not to mention their capabilities when applied to any industry. The example for this chapter focuses on identifying botnet command and control panels, utilizing decision trees and logistic regression to be able to make such a classification in very few requests, hence minimizing the noise a command and control operator might notice. For the example in this chapter, we tackle the classic problem of machine learning in security: identifying spam messages. The book our Data Science team has written is focused on being an introduction to machine learning for people in information security or even into software engineering.
Michal Kosinski – the Stanford University professor who went viral last week for research suggesting that artificial intelligence (AI) can detect whether people are gay or straight based on photos – said sexual orientation was just one of many characteristics that algorithms would be able to predict through facial recognition. Kosinski, an assistant professor of organizational behavior, said he was studying links between facial features and political preferences, with preliminary results showing that AI is effective at guessing people's ideologies based on their faces. That means political leanings are possibly linked to genetics or developmental factors, which could result in detectable facial differences. Facial recognition may also be used to make inferences about IQ, said Kosinski, suggesting a future in which schools could use the results of facial scans when considering prospective students.
The City of Espoo has initiated a unique artificial intelligence experiment in collaboration with Tieto, a Finnish software and service company. The experiment involves combining a huge amount of social and health data concerning every Espoo resident, and customer data relating to early childhood education from 2002 to 2016. This will help the city to provide more individualized services, thereby preventing problems such as social exclusion more cost-effectively. The City of Espoo has been a customer of Tieto's for several years as the company provides information system services for Espoo's health care, social and early childhood education services.
Assistants falling for the ploy included Amazon Alexa, Apple's Siri, Google Now, Samsung S Voice, Microsoft Cortana and Huawei HiVoice, as well as some voice control systems used in cars. When a voice assistant hears these sounds, they still recognise them as legitimate commands, even though they are imperceptible to the human ear. The owner's voice had to be surreptitiously recorded for playback as Apple's system recognises the speaker. To secure voice assistants in the future, sounds outside the human voice range could be suppressed or machine learning algorithms could listen out for similar style attacks, Vaidya says.
Before the devastation throughout southern Texas, lawmakers and trade groups representing drone manufacturers specifically urged the FAA to adopt policies providing swift regulatory exemptions in the event of emergency applications. Since the FAA began clearing the way for unmanned aircraft around Houston, people familiar with the details said at least one company has received the green light to survey coastal damage using drones operating beyond the sight of ground-based pilots. Despite FAA flexibility, drone industry groups have called for further easing of rules. All drone operations were prohibited without specific FAA approval, and the FAA explicitly warned that "flying an unauthorized drone could interfere" with official rescue and recovery efforts.
Before autonomous trucks and taxis hit the road, manufacturers will need to solve problems far more complex than collision avoidance and navigation (see "10 Breakthrough Technologies 2017: Self-Driving Trucks"). These vehicles will have to anticipate and defend against a full spectrum of malicious attackers wielding both traditional cyberattacks and a new generation of attacks based on so-called adversarial machine learning (see "AI Fight Club Could Help Save Us from a Future of Super-Smart Cyberattacks"). When hackers demonstrated that vehicles on the roads were vulnerable to several specific security threats, automakers responded by recalling and upgrading the firmware of millions of cars. The computer vision and collision avoidance systems under development for autonomous vehicles rely on complex machine-learning algorithms that are not well understood, even by the companies that rely on them (see "The Dark Secret at the Heart of AI").
Apple bowed to China's censorship pressure, which is completely unsurprising but nevertheless disappointing. Car and Driver reports that security researchers at the University of Washington confused autonomous cars into misidentifying road signs, and they did it with simple stickers they made a home computer. The researchers put stickers on road signs and managed to convince the car's image-detecting alogorithms that they were seeing, say, a speed limit sign instead of a stop sign. Buzzfeed this week reported that federal agents are now using secret spy planes to hunt for cartel leaders in Mexico.
The automation wave is the progression of technology and machine learning into intelligent software that can act to both identify and remediate incidents, leaving security professionals to tackle more complex and relevant issues. Graduating from a traditional rule-based system, experts have employed machine-learning techniques, drawing on data insight to identify patterns and apply machine-readable context to events. Information security professionals have battled for years to gain better insight into threat behaviour and utilising the most up-to-date technology to protect against attacks. A hybrid approach to security operations combining automation and humans, or supervised machine learning, is not only critical in alleviating the current skills shortage in the information security and cyber security industry, but also provides significantly improved results over either a human or machine working alone.
As companies promote AI and advanced machine learning in cybersecurity, CISOs need to ask some tough questions to get past the hype: Are these technologies bolted on to get investments as well as customers, or are they core to an innovative security platform that solves a business problem (too many alerts to efficiently monitor)? Is the company's expertise in machine learning and AI or information security? Advances in machine learning and security can help in areas such as antimalware, dynamic risk analysis and anomaly detection, found Robert Lemos, who reports on machine learning in cybersecurity in this month's cover story. The technology is really good at "crunching through data," Joseph Blankenship, senior analyst for security and risk at Forrester Research, tells Lemos.