AI And Deception In Cyber Security by Boris Taratine

thank you very much i understand it would be recorded right how's my hair thank you very much okay my name is boris we'll be talking today about ai and deception inside this view previous speaker has been talking a lot about this so i can skip half of these

so we will be talking today about your ai whatever it is and the deception whatever it is and what would be those means for adaptation

official intelligence

definition is on the screen [Music] is [Music]

your deception is is deception bad yes of course the old depends some will make you cry off

at the same time and it's definitely [Music]

we will be talking today about deception against

deception against a.i ai-based deception and ai based difference was doing my peace

this one

deception against users based

so i started somewhere here

and i would say that it was a fantastic time those outbreaks

[Music] i will not go through this because you understand adversary is used

and there are many ways to do this okay slice deception be available and you can go through this and actually go through and read a lot of materials which i used because

usually

so you know what the deception is you know what you need to watch for and then you still believe that no matter what you did the employees in your organization still fall into that deception and the previous speaker

[Music] but not only there are many many many reasons why those educational awareness fails is [Music]

absolutely

have you ever been suspended for breaking or fishing three times i was and i was teaching people how to actually not fall a victim why call them

[Music]

is a lack of lack of communication and facial expression when i sent a sentence

we don't have that [Music]

um

[Music]

just think about it you want to help others you will be suspended by hr three times on their own that was not easy so people were laughing at me did they or they find but it was very interesting that was very interesting kind of self-reflection what is the reason actually if i at a moment i knew it was a freight thing i needed more space in my inbox

[Music]

anyways a little bit about here you choose machine learning so what is machine learning it is an example in most of the cases minimization of the error function that's it nothing more so ar in this area is a minimization of error function that's easy we know how to do it mathematics not how to do what you don't know very well how to find the function it's really nice these are the couple of algorithms so they have supervised machine learning you supervise machine learning you do cats machines understand what they are and then when you give them head starts and wherever they are they say this cat is not tax machine would know whether it is

i will just tell you it is local it's good for classification so that's not cats in some regression analysis where you find something

unsupervised you give them all the animal kingdom and they will say wow this is group 1 this is group 2 before we say it will tell you they are jesus so this is cluster very important [Music] application is anomaly detection and anomaly detection is also true so how to learn from machine learning the deception well first of all you can look for something what is normal and then identify something which is different so you have something which is normal and identify something which is decent another way is to identify what is bad and find something which is similar to it so you identify something bad and find what is similar to you see the difficulty here

but what i would like to say is we can understand that they are almost the same

and then we say our users are not good maybe but it depends how you help them and this is another side of the phone yes we are successful so are the machines

so who say this is bad you say this is bad so this is good this is bad where you will be looking at right here amazon web services somebody just spamming the change yes and then now send the email

okay what did the scientist say one study they look at the participants in many different paths this particular case of a dozen these figures it says accuracy what is that obviously when they value the accuracy gives you the understanding of how close the something is to the real after something is too long you know this precision is how close all the results are together you can be very inaccurate you cards in the target they're all outside but in a very very small cloud so what they found they found that people are actually reliable

[Music]

so it appears that people actually could be available citizens you just need to find the conditions on which the sensors work well same study also had a different experiment they talked about age groups male female very interesting results so across age groups almost zero older people a little bit on the lower side so of the more success in that particular study could be understandable because the technology is for not for law many people

potentially potentially maybe also the case yes say again of course so that are the results what can we do with this result [Music] another study was asking what would be useful

self-starting will useful for reality or frequency access to a specific platform or software et cetera but formal education lectures like this one are not very useful so if you want to have details here and you will get find the results another remarkable study was 26 participants for 45 days and then even 11 attacks most attacks were manually created

and then the users the participants were given ability to import if they found something uh suspicious and then machines did some magic and provided some results this is moving forward so in a poem these are different there's different different perceptions this horizontal line is human senses they reported when machine defined decided whether the user was exploited or ignored or reported these are the results so if it's spread then potentially

if it's green that means it was successful if you ignore that means you you was not you will not come it's very interesting result how does it compare to the machines this is some antivirus software browsers like these etc etc and as you can see very little trick in the attack made the machines useless what about humans you want to blame only one these days over all those changes in space so yes we can say that if a user is susceptible to a deception path and let's say click on the link then whole organization will compound on the other hand it requires only one person to report properly to defend all and this is quite a part of this

i think uh many years ago these are stupidest have no idea what they are doing well they do

can you demonstrate that the system you build is actually secure [Music]

so what can we do we definitely can have users as a strong disclaimer together with machines they will work better than either of us

deception against users but now we will be talking about internet things so is it possible to give this safe technology some time ago when we had an application you touched it beeps and the

[Music] somebody wants to have an attack on your smartphone so that game may have some sound signals you should be picked up by your

other things again smartphone you have couple of sensors some talk about time-based weather and this is your mobile devices somebody potentially spoofs your location as well as the weather conditions you can come home and you will have your goldfish cooked in your fishbowl because

markets which was the second

and 2017 you imagine that the water pressure in the sensor will show that everything is okay but in fact the wall is off so

well we know this kind of so what i would like to say is defending against at-based reception

let's go and move forward let's talk about now about deception against air machine learning

and this is where we can deceive machine learning first of all we can receive machine learning at the release during modern truth so we will feed the algorithm you feed them dogs that you need children with their fats another way could be around the wrong time so you have something that machine would take as something else so this would be attached and we've already

here you see the taxonomy of disinterrace to attack on truths never tested for researchers the attacks would be at the preparation stage for the station stage i don't know all those uh details what i would like to say is that that field is very very interesting very very uh challenging and if you are in the house the referees are in if you are here is

[Music]

deception that is also very interesting very interesting um you now know how to make very registered faith photos [Music] those

[Music]

is

another thing is people usually have a project in one part of the world

is

is

yes you will say that this is not the type of thing yes that is true but we think it's much more difficult to make high quality

is

[Music]

absolutely

[Music]

[Music] here we go

thank you for the talk um i was interested in what you said about possible times

security

in amazon

city

you

with the poisoning you do not know whether something is in this case

is

is

yes

then

whatever

yes

we identify something based on what we know you just say this is the thing from this one you should try to do more precise you will have so many clusters

[Music] is

yes

so it was december 13th 2016 when fire eye give us report it had four domains us1 usb something like this and just provided only four domains we have eu

[Music] thank you very much it was good questions and thank you