XAI: Unmasking Cyber Threats Without Crying Wolf

thank you so um one I'm going to talk 14 minutes and just let you see and watch me okay so let's start with some familiar game I would like to ask you make a pair introduce yourself to the next person tell why you are here and five run rock paper Cesar okay ready find someone all of you I need you find someone introduce yourself while you are here spon Rock pap

you

yes if you have a phone okay now raise your hand if your first one you bring the rock guys your hand Rock okay rise your hand if you the first one was Cesar okay rise your hand if you want okay and most the people who walk one of you I would like to become volunteer and tell me how you manage to be who wants to say CH okay any any more idea how how you manage to Wi lock so keep keep the T lock cheating statistics statistics nice more to go sorry I people i s people more likely to go so it's kind of predictable [Music] okay so remember what we were talking we are talking

about you trying to somehow read the mind of your component isn't it um if your friends ask you I want to be in this game how how can I do that what you would do you provide some rules and explanation isn't it you aesthetic six shows maor people for first time bring the rock so you bring the pap you might say that whatever during the season I would say you will lose the first one but your componen that next one you the paper so somehow there is a roomle and some sort of uh prediction and mind setting if you like the philosophy things on you can manage the game but why this paper rock paper Cesar and

explainable AR let's find it out before I explain the explainable AI let's go through the AI first how many of you familiar with the AI model rise your hand I just wanted to adjust okay cool that's very good so I'm just going to roughly explain not a very fancy uh difficult things so I'm just going to take you through that what is the what type of ml uh model we have generally speaking we have two category some of you might say that oh no we have um apart from the supervis and unsupervised we have rainforce we have self deep learning yes I do know but let's take it simple so there is two category Super

Wise and unsup so superise technically is saying that you name them is Mal B cancer s hethy Sals cat dog and unwise is like clustering this is all of them for example animal this is a shape okay why I try to explain this to you because I noticed in the cyber security when we using different type of tools like xdr like SAS anything we don't know how these tools work okay let me give you one examp example how we can use this AI mod machine learning mod for finding out the for example M okay this is based on my one of my research uh done with the a do you know what's the a a advanced persistant tread

those technically those advanc malare they're targeting the big organization or the country like isra attack the pistan China election of American and go on and so forth so I was working on the research how can I separate the different family of AP from China Russia Iran why just so in this model so see see this is very lower level of the explaining the machine learning model so first of all we need a feature in this scenario I use the op code what's the up code does machine ad push pop the lower level of the code so with the uses of op code we need to create a feature why feature because machines or let's say uh AI

doesn't understand the data by itself it needs something feature like a color of hair or size of the tail or taste of for the wine different smell of it so for malware we do different kind of things like API like up Cod mining so this one is based on the up Cod mining so after we have collected some feature while using the feature engineering Technique we pass it to the training section and then after training section the machine base of for example here clustering decided this sample is similar to KN my well KN family and this sample no Bingo is it like that no in real life we will face a lot of false positive so why you are saying

why still a the system what's wrong raise your hand if you use a GPS to go to your destination and you [Music] lost imagine you use a Smart application and that application tell you we don't need a medical proed will you blindly accept it would you or you question or imagine you applying for the mortgage have W house in the UK that's a different story okay but imagine you applying for mortgage and your request has been rejected would you like to know why that explanation could you could help you the next round will be successful or not yes or no no you are not interested in buying house okay pay rent in cyber security what's the problem is we're

receiving a mount of false false positive who in this group comes from the blue team they you know the pain yes I'm all right how many times you said this is crying WF ignore it I've seen it this one and how many times you didn't receive the alarm and you face that huge Bridge of course you can disclose to us that's that's one so the problem with the AI model is look if we're dealing with the black box we don't know how they make a decision we don't know how they choose or hire this person how many of you apply for the getting the job and your CV rejected the all of you are lawyer sure all of your

BL so the point is I'm not going to tell you that a are going to take over of the world or take over of your job but we reach the point that we are going to question the organization the government the researcher how how we can deal with this black books how we can see inside of it the government how the solution rules and regulation after 4 years which is not useful at all you might say that point the playing finger towards the recession will me but let me tell you the data scientist and machine learning engineer after some point they do know why machine this we don't know so it's not my responsibility so who's

responsibility AI cannot responsible for this researcher cannot government SS so how we can solve this problem how we can create the solution not black well as a black was like a glass box you can see so what we want from the model we want to understand first of all we want to it be transparent no I would love to know if the small app tell me also you have the uh for example cancer cell okay I will consider that go for another lab but if you say that we need to chop one or take out one of your organ I would say why so we needed to explain to me I would love to know

why to these things happen so we watch the machines be reliable inclusion and cross forcy this seen a lot of talk and research about the biasness in the AI model we heard the story about Amazon and Facebook and all some sorts of the things so what we can do about it so far explainable AR which is a compiation of X AI why X AI not AI because X is so cool it's more futuristic you know so explainable AR is is not the ml I will tell I will show you later on it's try to examine the result of the model and get back to the training why training because the data the s to the machine

can be rubbish can be outdated and it can be deliberately or IND So currently successfully explainable AI implemented in this sector in the crime system they can predict that how much a crime it might rise okay or for the you see the automatic car of course how they are in advance but the question is how security why Health Care system is so advanced in terms of image processing and we have an image of the memory in our in our computer still we cannot find it out the now what we behind so let's see how the S can improve the sber security of course maybe the people who are in the blut lose their work I'm not saying that and they help

them they help them to make sure they're doing the right things at the right time and the right location in in instead of dealing with loots of blocks and feeling tense they can understand why machine give this aarm yes you might tell me we have some sort of customization I would tell you that's the rules don't care about it still that is M it's not explainable ai explainable ai needs someone professional as all so that that's different story if you customize your tools and you see colorful magical zero day tools that is marketing okay that's not explainable so what will happen as I said you can make a decision you spending more time on the research or spending F in your

lock so how how amazing would be how how amazing it would be we feel we can trust this thing we can trust these souls and do some more rather than being the cat and rat um like a chasing the uh Rat we can do more we can be practice instead of being active okay [Music] what if you look would like to see the different type of model the explainable AI include this type of model lots of them depends on the model and application you are working you might sacrifice Effectiveness and you say that I need explainability what right now we doing cyber security we are much focus on Effectiveness and we losing the term of

being explainable so let me tell you there's two way one way is the AI unexplainable uh AI they they are not go in hands of each other the other one they meet each other and carry on but there is a one drawback is we need to sacrif effectiveness so are we happy to pay this pay this cost I told you earlier I'm going to show you explainable AI is not AI let's have a look it would be nice to know but if the people talking about chat GPT and talk about the NLP where they are so if you look at at this when the complexity go high what we losing what we losing exactly and when we go towards

the explainability what we losing complexity what does it mean Effectiveness so explainable AI models those that are show you Rong run run check are here and majority of uh like IPS IDs xdr name it EDR any more tools n and all of them they are somehow in between we haven't reached to that fully implement this one we have there is some tools but not fully there is still is still need more time to reach to that point otherwise we wouldn't have much bre okay before my talk I talk to the jie and she she's a dinosaur and she has a talk tomorrow if you like the Jurassic car she's going to talk about Jurassic R

by the way she comes from the red hat she slow this morning here I said I'm on dinosaur love as well my first project which I show you for was uh back and the C project I'm working is the two University one University Sheffield H and one University in Australia yes at some point I'm going to see the congur and scare of the spider this project is named trodon trodon is a kind of the dinosaur any dinosaur L here no shame on you and so dinosaur is a kind TR is a time it comes from the creek War me Shar wound te it because was like a I don't know why I'm talking about the

dinosur um so it was a vegetarian over and it has a compared to the other dinos so it has a big brain and big eyes that's why I choose it why I choose it because currently I'm working on research how I can improve the IPS by usage of AI to detect and cl different type of a who is the name how can I achieve it is EST stages it's a first year this is a like four years project it's not easy so I just wanted to show you when we talk about applying explainable your what does it me okay so have a look that's all s first section is a ml pre modeling what does it mean uh let

me tell you one more thing um when we talk about Amo we talk about feature engineering feature reduction and then training section and then we have another as well so is not one it's the complex terms working together and you see the Netflix results or watch this go the second phas after the oh let me tell you about this you might see that sample that this is a husky or uh WS have you seen that how the AI can distinguish this is a husky or wolf but considering the background is the snow but most of the time Mak because they use the image processing as a pattern the pattern so that's why we use it in the healthare system this is a

B cell sorry this is a cancer cell orine so first stage is using the feature engineering kind of working with the data to find the relevant feature why you looking the relevant feature because time is matter uh progress is matter performance is matter if we have a more rant and we dealing with a more important feature definitely we have better results the second phase is a mixture of the M model and explainable AI so if you look at the last phase you will see the whatever let me use this fan settings so whatever the model give you as a result if doesn't make a sense you will returning to the system so system try to explain to you it's not

black spoke anymore it will tell you why why we need to chop that organ so what's the point my point is next time when you playing Rock SE no next time when using a small any small P it show you you need this one buy this one watch this one navigate through this [Music] question think it why why should I trust this result and also if you use any tools for detection or prediction model ask yourself why the system reach to this point but who I am I am also Ai and cyber security researcher currently I'm working on two project one project which as I mentioned earlier is T on with uh CH and lot of mbour and other project

I'm working with Manchester University we trying to figure it out how we can Harden the job of vulnerability in in terms of the memory uh with the arm if you heard about it um so I my my job is much involving the writing the code and also working on the so many solution how we can Harden that aspect of the hardware and the other research is much involving with the AR explain AR and I as as you notice I'm dinosaur lover that's why you called me also um and I'm dog Mom that's my baby b and I feel that look like a crying dog because Mommy is here and also I'm a artist as well on painting

occasionally any question yes I'm just interested conversation explain exactly exactly so uh I'm not saying that rules and regulation doesn't it does but you know that are uh people on top L are lazy they love to have a cup of tea okay so it's too late that rules and regulation come to the iot say and so many things yes it would help but it should be rules and regulation as well but you know that's too late when they come out yes I miss the first part Sor I missed the first part this but surely a system to identify how operates Sur that same system be to make yes so so see that the AR is a is a 2 so

it can cut and it can help protect us yes as much as we we are here and say that we can be pretend and detect and uh whatever protect ourself against a m they can do the differently to aate the system that's why we have AP attack that's that's why we have a data Bridge they are smarter than us you know why you know why hacker are smarter than us because they are working in a team they are good team worker and I don't think so we are we are still lacking of s if we work together very good we can go on yes you think it' be harder for AI to explain it it result

when it thinks something is negative you don't think it is okay that's a very good question we reason with the result we bring emotion and logic to the result but do they really understand and reasoning this is why the they trying to reach to the point that the AI can make a decision not only by Logic but can understand some level of uh this is not right even imagine if you using the chat GPT and if you say that write the Mal for me what do you see you said no but what did you say that how can I Harden the memory leak it will show you so it depends it's quite tricky when it comes to the AI

mean as I say again if any data scientist or engineer machine learning engineer claim that I know what my system does know that is a good lawyer any question yes um just have a question about um do you mind going back to your um process the oops

so you got me which one

yes is GRA with the arrows in the oh okay you been the throw on yeah that's it okay sorry I try to be fancy and entertain you you know yeah um this uh post modeling explainability where you're checking explanations to group system yeah um are you aware of other people doing that in research at the moment yes they do I'm not I'm not a very I'm a researcher yeah means that I'm reading other people's work so it's the applicational domain of this this okay currently there is application even outside but it just is like a sector we have a health sector we don't have for AP if that's Mak a sense uh yeah I'm just wondering

so is this all based on is is this a classification problem or no okay when we talk about the classification people interchange with the name of the ml classification because we have a dog and cat but classification of Mal is different clustering the family clustering the so this is clust yes yes a question you said the like accuracy versus ability trade off black and glass you s like okay the is going not insane very unfortunately again that's why I say that how much you want to sacrifice remember human climb Everest why because he see the to of the mountain he see to the Ari and we want to get there so somehow we get there

maybe right now or I'm pretty sure uh especially with the activity very Advanced version they just release not to the public and I know some people working with the army so I shouldn't tell you but the are quite advance so yeah okay thank you so much question