back to article Deck the halls with HALs: AI steals the show at Infosec Europe

Artificial intelligence and machine learning - rather than Europe's General Data Protection Regulation – emerged as a key theme of the Infosecurity Europe Conference. Many security vendors - particularly in the field of endpoint security - have been talking up the potential for artificial intelligence for years. That’s the …

  1. Daedalus

    Please

    Every time there's a Big Thing the other vendors trot out a version of their Thing as being the thing the Big Thing really needs. Back when Object Orientation was the Thing, suddenly the DB salesmen were on stage pushing Object Oriented Databases. You could tell they were salesmen because they watched the audience intently as they came into the room. Gurus stand in quiet contemplation before their spiel.

    Now AI is the Thing for Infosec's Big Thing. Plus ca change.

    1. tfewster

      Re: Please

      AV packages have been including "Heuristics" for a while; Genuine question, how do AI/Machine Learning differ from that?

      1. Nick 65

        Re: Please

        In AV vendor land, heuristics are, roughly, generalised signatures - "looks like it belongs to this family of known bad things, based on certain characteristics."

        ML/AI is more like "Not seen this before, but it's similar enough to these bad things that I don't like it" or "this is doing bad things, so it must be bad" depending on which vendor/flavour or solution.

  2. Anonymous Coward
    Anonymous Coward

    "Known AI-facilitated attacks have yet to actually happen but security firms are nonetheless taking the threat seriously and preparing for what might come around the corner.

    TFTFY

  3. Destroy All Monsters Silver badge
    Headmaster

    COULD BE DRIVER!!

    AI and automation could be a driver for cybersecurity spending and behaviour in the next five years but its benefits could be outweighed by the skills required to work with

    Translation: Glitzy stuff that is not ready to come out of academic cleanrooms and that no-one knows how to effectively use or integrate into existing enterprise environments will pull in the money as it is being pushed by oily salespeople during the next five years; however everybody will be too occupied with the grunt-work of filling the enormous holes of technical debt left over the last 15 years of deranged spending decisions and frenetic organizational mismanagement to even consider taking a look at the cover blurb of that new shelfware. (Or they are busy repropgramming everything in Node.Js + MongoDb and basically on the technolure train ride of death)

  4. Destroy All Monsters Silver badge

    ...although I gotta say this (sadly paywalled) article is good stuff:

    The Past, Present, and Future of Cyberdyne.

    It's a toolset that tries to find potentially exploitable bugs in libraries and programs using input fuzzing and a genetic algorithm that looks for inputs generating largest code coverage. The code to inspect is run on in a Python emulator and on a very pared-down "operating system" used in the Darpa Grand Challenge. This is not AI and definitely not "turnkey" as the code to analyze has to be specially prepared, compiled and linked and missing operating system functionality suitably mocked. It was used to analyze zlib with the result being that exploitable bugs could not be found.

  5. Anonymous Coward
    Headmaster

    One box to server them all - To stop phishing attacks

    To stop phishing attacks or to severely limit them, Limit eMail to only one server set (SEM){Secure email server} in every country, everybody uses it for business, work, banking, tax, gov, business.

    The principle is everybody is known to that email system, anything malicious here and it can be traced and followed. All email can be verified from a known source. A plain text email with an attachment for communication, no images links (these , such as logo's and diagrams could be in an attachment i.e. pdf, other links would not be used.

    Once SEMs have been established they can be joined to other approved SEMs {secure email servers} in other countries. allowing secure international business, trade and politics etc.

    So all people only use one server system for important email. If a user wanted other email fro chat rooms or forums etc they could use Google/Yahoo/Bing etc but could not send to the SEM from them.

    Using a SEM system would still allow a user to email their family or friends using the system, and would infer a more trustworthy source, as long as it was managed properly.

    1. Nate Amsden

      Re: One box to server them all - To stop phishing attacks

      Oh my that sounds absolutely terrible. The likes of facebook are already trying to get people walled into their gardens, don't need yet another garden.

      Just because you know the source doesn't mean that source wasn't compromised and sending out bad messages, or hijacked DNS to send requests for a site to another location or taking over BGP routes to redirect traffic, or a legit message sending a user to a legit website that just happened to be compromised.

      Phishing has never been an issue in my life. I find it amusing that so many people still seem to fall for it. But as long as people can be convinced they are sending $10,000 via wire transfer to a Nigerian prince who will then send back $1 million, so convinced that they get angry when the wire transfer service refuses to process the transaction -- there will be 1000x more that will fall for other social engineering attacks.

      (I have been running email servers since 1996 -- though I haven't had to support corporate email since 2001, only personal email and data center applications since)

  6. Anonymous Coward
    Anonymous Coward

    Macine learning creates its own vulnerabilities

    The results of Machine Learning depend on data used / encountered in training and on the associations "inferred" by the ML system from that data. These inferences are statistical and the features by which the ML system distinguishes different cases need not, in human terms, make sense.

    As a result, there have been numerous reported cases whereby machine recognition can be "fooled" by miniscule changes to an input pattern.

    Macine Learning may create vulnerabilities that are exteremy difficult to detect or eliminate, not least because of scale.

    1. Mystery Machine

      Re: Macine learning creates its own vulnerabilities

      "As a result, there have been numerous reported cases whereby machine recognition can be "fooled" by miniscule changes to an input pattern."

      Is it not the same for humans?

  7. Electric Panda

    Security is another passing IT bandwagon and people will soon get bored of it. It is already becoming boring on account of it seeping into everything, everyone being an instant expert, everyone talking about it... it's like politics in that you just cannot escape anywhere you turn.

    The job market will stabilise, salaries will drop to the usual dismal levels, the recruiters and academics will move on. Most security jobs are already extremely boring or require a wizard-level of technical competence - and that doesn't get you promoted.

    We've already had: software engineering (which was the default for all graduates circa 2009); "Big Data"; "Cloud"; "DevOps"; and now "Security". Security is rolling past and into the distance, so stick your thumb out and flag down the next bandwagon.

    The big question is what the next bandwagon will be. Machine Learning and AI both sound like safe bets.

    1. Nate Amsden

      ML and AI just seem like an extension of "big data" and analytics. Is ML and AI even feasible without a fairly significant data set? Probably not a coincidence that the main leaders in this space(publicly at least) are the ones with the most amount of data.

  8. John G Imrie
    Facepalm

    I'm sorry Dave

    Of all the three letter combinations to use when talking about AI, HAL should be at the bottom of the list.

  9. Anonymous Coward
    Anonymous Coward

    Electric Panda says "Security is another passing IT bandwagon and people will soon get bored of it."

    Definitely not running on Duracell are you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like