NETWAYS, profile picture
Uploaded byNETWAYS
68 views

stackconf 2021 | Data Driven Security

The document discusses the significance of machine learning in cybersecurity, emphasizing data-driven security strategies that enhance threat prevention and detection. It outlines methods for leveraging human experience in machine learning processes, including vectorizing elements like language and images for better predictive accuracy. The text highlights practical applications and innovations in applying machine learning, such as classifying malware and optimizing resources in defense against cyber attacks.

Embed presentation

Download to read offline
1 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO May 2021 The value of Machine Learning in Cyber Security DATA DRIVEN SECURITY
2 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Need for Data Driven Security • Methods used • Value of Machine Learning powered by human experience • Effectivness of Data Driven Security Today we look at …
3 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Collaboration Intelligence Experience Key Ingredients For Success Check Point Software Technologies Founded in 1993, about 5.400 employees Securing more than 100.000 customers 27 Years
4 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ “Important decision points are taken by machines with logic created from data.” Check Point, Data Scientists Team October 2020
5 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting Results Using Machine Learning Humans deciding on features and labels oval round smooth surface undulating surface sweet sour ‘for pie’ ‘for vine’ Data remains Data destroid Human experience is key when assigning characteristics (features) for predicting a result (label)
6 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting?
7 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Logic Created From Data Computer Logic Data Program Deterministic result Humans deciding for the best logic to achieve a result prior to ‘feeding’ the machine Context Assumptions Conceptions Machine Learning Algorithm Data Result Characteristics of data (features) of historic results (labels) are presented to machine Program / Model Logic Program / Model Logic New Data Probablistic result
8 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic results?
9 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic Deterministic
10 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising
11 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Feeding more data into the machine increases accuracy
12 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Limited resources Increasing attack surface
13 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Attacking Is Easier Than Defending Surface • Intent • Idea • Plan • Design Logic • Source Code • Compile • Stream of bits Process Effort for defending Effort for defending
14 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding Intent Optimizing Resources
15 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ 8 : 1 Applying Machine Learning requires eight times less resources than preparing the data
16 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Mathematical Representation Abstraction
17 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An image of 224x224 RGB is transformed by filters becoming a number • Convolutional filters capture 3x3 pixels to capture notion of ... • right/left • up/down • center • Accuracy of 92,7% Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Neurohive – VGG16 Convolutional Network for Classification and Detection:
18 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Training a VGG16 with fotos from Citiscapes • Enhancing realismn of animation • Eliminating artefacts Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Intel - Enhancing Photorealism Enhancement, May 2021
19 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Example: Human Language Describing meaning / intent to achieve an abstraction level King Queen Man Woman Masculinity Femininity Vectorising words allows ‘word algebra’ - Algebra allows Machine Learning swimming swam walking walked Verb tense Vectors are presenting the abstraction level
20 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Natural Language Processing (NLP) Describing meaning / intent to achieve an abstraction level “NLP is a subfield of computer science and artificial intelligence concerned with interactions between computers and human (natural) languages. It is used to apply machine learning algorithms to text and speech.” Source: towards data science
21 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Why is NLP useful? Describing meaning / intent to achieve an abstraction level Pineapples We know ‘Pineapples are spikey and yellow’ are spikey and yellow Input Projection Output ‘Give me the missing word’ Pineapples are spikey and yellow Input Projection Output ‘Give me the context’ Reference: Tomas Mikolov et al. : Distributed Representations of Words and Phrases and their Compositionality
22 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding what is making something different How can we apply this to Cyber Security?
23 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying NLP when Sandboxing executables Observing API calls performed against the operating system API calls are language and can be vectorised
24 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying TF-IDF when disassembling OPCODES Borrowing TF-IDF algorithm from word document analysis Source: http://filotechnologia.blogspot.com/2014/01/a-simple-java-class-for-tfidf-scoring.html “TF-IDF is an information retrieval and information extraction subtask which aims to express the importance of a word to a document which is part of a collection of documents which we usually name a corpus. ”
25 ©2021 Check Point Software Technologies Ltd. Vectorising Elements – Cyber Security Decoded machine language Machine code has sequence – sequence has meaning [Protected] Distribution or modification is subject to approval ​
26 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An executable file is fed into a neural network • Each ‘filter‘ performs a mathematical operation on a sliding patch Changing Representation Turning an executable file into vectors – VGG16 Convolutional Network Source: Check Point, Data Scientists Team, October 2020 Original Convolved
27 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks EXE Understanding Entropy & Structure Disassembling URL Verification Finding Similarities File/Registry Classification using provided Meta Data Verdict Meta Data PDF PPT DOC XLS PDF Analyzer URL Verification Macro Analyzer Classification using provided Meta Data Verdict Meta Data [Protected] Distribution or modification is subject to approval ​
28 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 20th 2020 a sample was labeled malicious by our machine learning logic [Protected] Distribution or modification is subject to approval ​
29 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 24th 2020 only 45 out of 73 engines on Virus Total labeled it malicious [Protected] Distribution or modification is subject to approval ​ Four days later!
30 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Machine Learning In Cyber Security Sharing experience Source: https://research.checkpoint.com/category/how-to-guides/
31 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security ‘Malware DNA’ based clustering applying TF-IDF Two dimensional representation of the 300 000 dimensional space representing the ‘world of malware’ in Check Point Threat Intelligence Colors representing labels of malware families [Protected] Distribution or modification is subject to approval ​
32 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Itay Cohen (Check Point) and Omri Ben Bassat (Intezer) mapped out an ecosystem Results: • Classification into 60 families and 200 modules • 22 000 connections between analyzed samples • Different Actors don’t share code Access the interactive map • Published as open source Download the detector tool • Defend and contribute Map based on Fruchterman-Reingold algorithm Read the full report: Machine Learning In Cyber Security ‘Malware DNA’ applied to uncover an APT Eco System
33 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security Sharing experience Understand how vulnerable on-premises and cloud environments are [Protected] Distribution or modification is subject to approval ​ Source: https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/ Understanding the SolarWinds Orion Platform Security Advisory 16-December 2020, video, https://community.checkpoint.com/
34 ©2021 Check Point Software Technologies Ltd. Machine Learning In Cyber Security The need for defense BBC article about Colonial Pipeline attack, May 2021 [Protected] Distribution or modification is subject to approval ​ Source: https://www.bbc.com/news/business-57050690 Source: Check Point, Research Blog, May 2021 Update 17th May 2021: DarkSide is offline - https://krebsonsecurity.com/
35 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding the DNA of a malware allows attributing ‘family’ characteristics
36 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Knowing the ‘family’ …allows applying tools for defense ..allows saving resources
37 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ What‘s next?
38 ©2021 Check Point Software Technologies Ltd. Machine Learning – General Purpose Comparing NLP-Trained Models Over 300 apps are using GPT-3 https://openai.com/blog/gpt-3-apps/ GPT-3 API access is controlled https://openai.com/blog/openai-api/ 28th May 2020 14 Apps using GPT-3 [Protected] Distribution or modification is subject to approval ​
39 ©2021 Check Point Software Technologies Ltd. Machine Learning Empowers Threat Prevention Every input for Threat Intelligence becomes a Label More than 27 years of experience … • Having access to data • Knowing the labels • Selecting the right features • Creating ML algorithms • ML empowers Threat Prevention Data Labels This is This is Feature1: form Feature2: colour Next module [Protected] Distribution or modification is subject to approval ​
40 ©2021 Check Point Software Technologies Ltd. Machine Learning Empowers Threat Prevention The infinity cycle of learning Incumbent New DATA Labeling Training Stand by evaluation Decision point Federated Learning Using encrypted customer data Supervised by human expertise Measuring Unseen data Adjusting weights [Protected] Distribution or modification is subject to approval ​
41 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ The infinity cycle of learning is powered by us
42 ©2021 Check Point Software Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO pelmer@checkpoint.com, May 2021 THANK YOU

More Related Content

PDF
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
byNETWAYS
 
PPTX
"The Cloud Native Enterprise is Coming"
byJames Watters
 
PDF
stackconf 2021 | Platform as a Product
byNETWAYS
 
PDF
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018
byCloudify Community
 
PDF
Cloud Native 下的應用網路設計
byinwin stack
 
PDF
stackconf 2021 | Stretching the Service Mesh Beyond the Clouds
byNETWAYS
 
PDF
stackconf 2021 | Why you should take care of infrastructure drift
byNETWAYS
 
PDF
stackconf 2021 | Building the first European open source Edge Computing platf...
byNETWAYS
 
stackconf 2021 | Reference Architecture for a Cloud Native Digital Enterprise
byNETWAYS
 
"The Cloud Native Enterprise is Coming"
byJames Watters
 
stackconf 2021 | Platform as a Product
byNETWAYS
 
Edge Orchestration & Federated Kubernetes Clusters - Open Networking Summit 2018
byCloudify Community
 
Cloud Native 下的應用網路設計
byinwin stack
 
stackconf 2021 | Stretching the Service Mesh Beyond the Clouds
byNETWAYS
 
stackconf 2021 | Why you should take care of infrastructure drift
byNETWAYS
 
stackconf 2021 | Building the first European open source Edge Computing platf...
byNETWAYS
 

What's hot

PPTX
The Cloud Native Journey
byVMware Tanzu
 
PDF
cncf overview and building edge computing using kubernetes
byKrishna-Kumar
 
PPTX
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
PDF
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
byVMware Tanzu
 
PPTX
Application Centric Microservices Architecture
byKen Owens
 
PDF
IoT Scale Event-Stream Processing for Connected Fleet at Penske
byVMware Tanzu
 
PPTX
Cloud Native Machine Learning
byManning Publications
 
PPTX
Tectonic Summit 2016: Betting on Kubernetes
byCoreOS
 
PDF
Migrating to Cloud Native Solutions
byinwin stack
 
PPTX
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
PPTX
StampedeCon 2015 Keynote
byKen Owens
 
PDF
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
byVMware Tanzu
 
PDF
The Making of a Cloud Native Application Platform
byCloud Foundry Foundation
 
PPTX
Cloud Native Application Framework
byVMware Tanzu
 
PPTX
The Future of Energy - Decentral energy distribution in a digital world
byEficode
 
PDF
Dynamic Azure Credentials for Applications and CI/CD Pipelines
byMitchell Pronschinske
 
PPTX
Enabling Microservices Frameworks to Solve Business Problems
byKen Owens
 
PPTX
Cloud Native Demystified: Build Once, Run Anywhere!
byCodit
 
PDF
How to build & run a SaaS with a team of two
byEficode
 
PDF
stackconf 2021 | How DevOps changed the way we operate software
byNETWAYS
 
The Cloud Native Journey
byVMware Tanzu
 
cncf overview and building edge computing using kubernetes
byKrishna-Kumar
 
Migrating from VMs to Kubernetes using HashiCorp Consul Service on Azure
byMitchell Pronschinske
 
Cloud-Native Patterns and the Benefits of MySQL as a Platform Managed Service
byVMware Tanzu
 
Application Centric Microservices Architecture
byKen Owens
 
IoT Scale Event-Stream Processing for Connected Fleet at Penske
byVMware Tanzu
 
Cloud Native Machine Learning
byManning Publications
 
Tectonic Summit 2016: Betting on Kubernetes
byCoreOS
 
Migrating to Cloud Native Solutions
byinwin stack
 
Empowering developers and operators through Gitlab and HashiCorp
byMitchell Pronschinske
 
StampedeCon 2015 Keynote
byKen Owens
 
Lo Scenario Cloud-Native (Pivotal Cloud-Native Workshop: Milan)
byVMware Tanzu
 
The Making of a Cloud Native Application Platform
byCloud Foundry Foundation
 
Cloud Native Application Framework
byVMware Tanzu
 
The Future of Energy - Decentral energy distribution in a digital world
byEficode
 
Dynamic Azure Credentials for Applications and CI/CD Pipelines
byMitchell Pronschinske
 
Enabling Microservices Frameworks to Solve Business Problems
byKen Owens
 
Cloud Native Demystified: Build Once, Run Anywhere!
byCodit
 
How to build & run a SaaS with a team of two
byEficode
 
stackconf 2021 | How DevOps changed the way we operate software
byNETWAYS
 

Similar to stackconf 2021 | Data Driven Security

PPTX
AI and ML in Cybersecurity
byForcepoint LLC
 
PPTX
AI for PM.pptx
byNatan Katz
 
PDF
Cognitive systems Cyber Security
byGanesan Narayanasamy
 
PPTX
Jay Yagnik at AI Frontiers : A History Lesson on AI
byAI Frontiers
 
PDF
AI & ML in Cyber Security - Why Algorithms are Dangerous
byPriyanka Aash
 
PDF
Deep Learning for Cybersecurity Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
PDF
AI security book attack and defense. MLOPS
by21020028TrnQuangTi
 
PDF
Machine Learning in Malware Detection
byKaspersky
 
PPTX
9.-Vectra._Managing-Cyber-Risk-by-applying-AI-to-automate-threat-hunting.pptx
byPhmNam55
 
PDF
Machine Learning: Past, Present and Future - by Tom Dietterich
byBigML, Inc
 
PPTX
Machine learning in computer security
byKishor Datta Gupta
 
PDF
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
byBlueHat Security Conference
 
PPTX
Artificial intelligence: Simulation of Intelligence
byAbhishek Upadhyay
 
PPTX
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
byJon Mead
 
PDF
AI & ML in Cyber Security - Why Algorithms are Dangerous
byRaffael Marty
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PPTX
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
PDF
CIS AIML Beginners Series Part 1
byCouncil Of Information Security
 
PDF
Machine learning security - Pawel Zawistowski, Warsaw University of Technolog...
byEvention
 
PPTX
rsec2a-2016-jheaton-morning
byJeff Heaton
 
AI and ML in Cybersecurity
byForcepoint LLC
 
AI for PM.pptx
byNatan Katz
 
Cognitive systems Cyber Security
byGanesan Narayanasamy
 
Jay Yagnik at AI Frontiers : A History Lesson on AI
byAI Frontiers
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
byPriyanka Aash
 
Deep Learning for Cybersecurity Innovation Insights from Patents
byAlex G. Lee, Ph.D. Esq. CLP
 
AI security book attack and defense. MLOPS
by21020028TrnQuangTi
 
Machine Learning in Malware Detection
byKaspersky
 
9.-Vectra._Managing-Cyber-Risk-by-applying-AI-to-automate-threat-hunting.pptx
byPhmNam55
 
Machine Learning: Past, Present and Future - by Tom Dietterich
byBigML, Inc
 
Machine learning in computer security
byKishor Datta Gupta
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
byBlueHat Security Conference
 
Artificial intelligence: Simulation of Intelligence
byAbhishek Upadhyay
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
byJon Mead
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
byRaffael Marty
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
Understand How Machine Learning Defends Against Zero-Day Threats
byRahul Mohandas
 
CIS AIML Beginners Series Part 1
byCouncil Of Information Security
 
Machine learning security - Pawel Zawistowski, Warsaw University of Technolog...
byEvention
 
rsec2a-2016-jheaton-morning
byJeff Heaton
 

Recently uploaded

PDF
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 
PDF
SiyanoAV 20GB Cloud Backup & Antivirus Protection
bysunilsiyanoav
 
PDF
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
PPTX
CRM Development Company | Custom CRM Development Services
byyugababu033
 
PPTX
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
PDF
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
PDF
Presentation Empowerment Technology in ICT
byoryoseiii
 
PDF
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
PDF
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
PDF
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PDF
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
PDF
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
PDF
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
Everything You Ever Wanted to Know About Quarkus and LangChain4j
byMarkus Eisele
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
DSD-INT 2025 MeshKernel and D-Grid Editor - Stout
byDeltares
 
SiyanoAV 20GB Cloud Backup & Antivirus Protection
bysunilsiyanoav
 
DSD-INT 2025 Modernizing Hydrodynamics in Large Flood Forecasting System - Mi...
byDeltares
 
CRM Development Company | Custom CRM Development Services
byyugababu033
 
operating sys about shells and terminals commands .pptx
byYazeedAbdullah6
 
Fundamental of Information Systems introduction.pdf
byYeabsraLakew
 
Presentation Empowerment Technology in ICT
byoryoseiii
 
DSD-INT 2025 Century-Scale Impacts of Sediment-Based Coastal Restoration unde...
byDeltares
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
DSD-INT 2025 Climate and impact attribution of compound flooding induced by t...
byDeltares
 
DSD-INT 2025 Delft3D-GeoTool - an interface for long-term numerical modelling...
byDeltares
 
DSD-INT 2025 Hydrodynamic and Morphodynamic Modeling with Delft3D FM for an I...
byDeltares
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
DSD-INT 2025 How mangroves and past land-use change are affecting compound fl...
byDeltares
 
DSD-INT 2025 Reviving a Lost Meander - Deen
byDeltares
 
DSD-INT 2025 Flood Early Warning System for the Trans-African Hydrometeorolog...
byDeltares
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 

stackconf 2021 | Data Driven Security

  • 1.
    1 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO May 2021 The value of Machine Learning in Cyber Security DATA DRIVEN SECURITY
  • 2.
    2 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Need for Data Driven Security • Methods used • Value of Machine Learning powered by human experience • Effectivness of Data Driven Security Today we look at …
  • 3.
    3 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Collaboration Intelligence Experience Key Ingredients For Success Check Point Software Technologies Founded in 1993, about 5.400 employees Securing more than 100.000 customers 27 Years
  • 4.
    4 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ “Important decision points are taken by machines with logic created from data.” Check Point, Data Scientists Team October 2020
  • 5.
    5 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting Results Using Machine Learning Humans deciding on features and labels oval round smooth surface undulating surface sweet sour ‘for pie’ ‘for vine’ Data remains Data destroid Human experience is key when assigning characteristics (features) for predicting a result (label)
  • 6.
    6 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Predicting?
  • 7.
    7 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Logic Created From Data Computer Logic Data Program Deterministic result Humans deciding for the best logic to achieve a result prior to ‘feeding’ the machine Context Assumptions Conceptions Machine Learning Algorithm Data Result Characteristics of data (features) of historic results (labels) are presented to machine Program / Model Logic Program / Model Logic New Data Probablistic result
  • 8.
    8 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic results?
  • 9.
    9 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Probabilistic Deterministic
  • 10.
    10 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising
  • 11.
    11 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Feeding more data into the machine increases accuracy
  • 12.
    12 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Limited resources Increasing attack surface
  • 13.
    13 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Attacking Is Easier Than Defending Surface • Intent • Idea • Plan • Design Logic • Source Code • Compile • Stream of bits Process Effort for defending Effort for defending
  • 14.
    14 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding Intent Optimizing Resources
  • 15.
    15 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ 8 : 1 Applying Machine Learning requires eight times less resources than preparing the data
  • 16.
    16 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Mathematical Representation Abstraction
  • 17.
    17 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An image of 224x224 RGB is transformed by filters becoming a number • Convolutional filters capture 3x3 pixels to capture notion of ... • right/left • up/down • center • Accuracy of 92,7% Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Neurohive – VGG16 Convolutional Network for Classification and Detection:
  • 18.
    18 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • Training a VGG16 with fotos from Citiscapes • Enhancing realismn of animation • Eliminating artefacts Changing Representation Turning an image into a number – VGG16 Convolutional Network Source: Intel - Enhancing Photorealism Enhancement, May 2021
  • 19.
    19 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Example: Human Language Describing meaning / intent to achieve an abstraction level King Queen Man Woman Masculinity Femininity Vectorising words allows ‘word algebra’ - Algebra allows Machine Learning swimming swam walking walked Verb tense Vectors are presenting the abstraction level
  • 20.
    20 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Natural Language Processing (NLP) Describing meaning / intent to achieve an abstraction level “NLP is a subfield of computer science and artificial intelligence concerned with interactions between computers and human (natural) languages. It is used to apply machine learning algorithms to text and speech.” Source: towards data science
  • 21.
    21 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Why is NLP useful? Describing meaning / intent to achieve an abstraction level Pineapples We know ‘Pineapples are spikey and yellow’ are spikey and yellow Input Projection Output ‘Give me the missing word’ Pineapples are spikey and yellow Input Projection Output ‘Give me the context’ Reference: Tomas Mikolov et al. : Distributed Representations of Words and Phrases and their Compositionality
  • 22.
    22 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding what is making something different How can we apply this to Cyber Security?
  • 23.
    23 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying NLP when Sandboxing executables Observing API calls performed against the operating system API calls are language and can be vectorised
  • 24.
    24 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Vectorising Elements – Cyber Security Applying TF-IDF when disassembling OPCODES Borrowing TF-IDF algorithm from word document analysis Source: http://filotechnologia.blogspot.com/2014/01/a-simple-java-class-for-tfidf-scoring.html “TF-IDF is an information retrieval and information extraction subtask which aims to express the importance of a word to a document which is part of a collection of documents which we usually name a corpus. ”
  • 25.
    25 ©2021 Check PointSoftware Technologies Ltd. Vectorising Elements – Cyber Security Decoded machine language Machine code has sequence – sequence has meaning [Protected] Distribution or modification is subject to approval ​
  • 26.
    26 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ • An executable file is fed into a neural network • Each ‘filter‘ performs a mathematical operation on a sliding patch Changing Representation Turning an executable file into vectors – VGG16 Convolutional Network Source: Check Point, Data Scientists Team, October 2020 Original Convolved
  • 27.
    27 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks EXE Understanding Entropy & Structure Disassembling URL Verification Finding Similarities File/Registry Classification using provided Meta Data Verdict Meta Data PDF PPT DOC XLS PDF Analyzer URL Verification Macro Analyzer Classification using provided Meta Data Verdict Meta Data [Protected] Distribution or modification is subject to approval ​
  • 28.
    28 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 20th 2020 a sample was labeled malicious by our machine learning logic [Protected] Distribution or modification is subject to approval ​
  • 29.
    29 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security Preventing Unknown Attacks On July 24th 2020 only 45 out of 73 engines on Virus Total labeled it malicious [Protected] Distribution or modification is subject to approval ​ Four days later!
  • 30.
    30 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Machine Learning In Cyber Security Sharing experience Source: https://research.checkpoint.com/category/how-to-guides/
  • 31.
    31 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security ‘Malware DNA’ based clustering applying TF-IDF Two dimensional representation of the 300 000 dimensional space representing the ‘world of malware’ in Check Point Threat Intelligence Colors representing labels of malware families [Protected] Distribution or modification is subject to approval ​
  • 32.
    32 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Itay Cohen (Check Point) and Omri Ben Bassat (Intezer) mapped out an ecosystem Results: • Classification into 60 families and 200 modules • 22 000 connections between analyzed samples • Different Actors don’t share code Access the interactive map • Published as open source Download the detector tool • Defend and contribute Map based on Fruchterman-Reingold algorithm Read the full report: Machine Learning In Cyber Security ‘Malware DNA’ applied to uncover an APT Eco System
  • 33.
    33 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security Sharing experience Understand how vulnerable on-premises and cloud environments are [Protected] Distribution or modification is subject to approval ​ Source: https://research.checkpoint.com/2021/deep-into-the-sunburst-attack/ Understanding the SolarWinds Orion Platform Security Advisory 16-December 2020, video, https://community.checkpoint.com/
  • 34.
    34 ©2021 Check PointSoftware Technologies Ltd. Machine Learning In Cyber Security The need for defense BBC article about Colonial Pipeline attack, May 2021 [Protected] Distribution or modification is subject to approval ​ Source: https://www.bbc.com/news/business-57050690 Source: Check Point, Research Blog, May 2021 Update 17th May 2021: DarkSide is offline - https://krebsonsecurity.com/
  • 35.
    35 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Understanding the DNA of a malware allows attributing ‘family’ characteristics
  • 36.
    36 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Knowing the ‘family’ …allows applying tools for defense ..allows saving resources
  • 37.
    37 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ What‘s next?
  • 38.
    38 ©2021 Check PointSoftware Technologies Ltd. Machine Learning – General Purpose Comparing NLP-Trained Models Over 300 apps are using GPT-3 https://openai.com/blog/gpt-3-apps/ GPT-3 API access is controlled https://openai.com/blog/openai-api/ 28th May 2020 14 Apps using GPT-3 [Protected] Distribution or modification is subject to approval ​
  • 39.
    39 ©2021 Check PointSoftware Technologies Ltd. Machine Learning Empowers Threat Prevention Every input for Threat Intelligence becomes a Label More than 27 years of experience … • Having access to data • Knowing the labels • Selecting the right features • Creating ML algorithms • ML empowers Threat Prevention Data Labels This is This is Feature1: form Feature2: colour Next module [Protected] Distribution or modification is subject to approval ​
  • 40.
    40 ©2021 Check PointSoftware Technologies Ltd. Machine Learning Empowers Threat Prevention The infinity cycle of learning Incumbent New DATA Labeling Training Stand by evaluation Decision point Federated Learning Using encrypted customer data Supervised by human expertise Measuring Unseen data Adjusting weights [Protected] Distribution or modification is subject to approval ​
  • 41.
    41 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ The infinity cycle of learning is powered by us
  • 42.
    42 ©2021 Check PointSoftware Technologies Ltd. [Protected] Distribution or modification is subject to approval ​ Peter Elmer | Security Expert, EMEA | Office of the CTO pelmer@checkpoint.com, May 2021 THANK YOU