《理解人工智能与网空安全的关系》--哈尔滨安天科技集团股份有限公司提供

2018-07-30

      在谈及人工智能(AI)和网空安全的未来关系时,很多人想到的第一件事就是《终结者》系列电影中虚构的人工智能程序天网(Skynet)。但也有安全专家认为,必须从更广泛的角度来理解人工智能,了解它如何影响网空安全,以及IT部门如何使用AI来规划未来的安全技术采购。(译者注:在《终结者》系列电影中,天网是人类于20世纪后期创造的以计算机为基础的人工智能防御系统,最初是研究用于军事的发展。天网在控制了所有美军的武器装备后不久获得自我意识,认定人类是它存在的威胁。于是倒戈对抗其创造者,采用大规模杀伤性武器[甚至核暴]来灭绝全人类,即“审判日”正式来临。)

以色列电信创新实验室首席技术官杜杜�米姆兰(Dudu Mimran)在2018年经济合作与发展组织(OECD)论坛的演讲和随后的博客中讨论了人工智能和网空安全之间的关系。我在米姆兰的办公室(以色列贝尔谢巴)采访了他,后来又通过电子邮件对他进行采访。

AI和网空安全的短期和长期预测

米姆兰说:“虽然人工智能驱动的网空攻击的威胁越来越有可能,但我并不太担心机器在短期和中期内能够获得自我意识并伤害人类。我们的生活越来越依赖技术,远在我们开发出具有自我意识的机器之前,这一点将会被攻击者利用。尽管如此,如今即使没有复杂的人工智能,攻击者的大多数目标也可以实现,这就是为什么我们没有看到这种新的攻击浪潮。”

他在OECD演讲中提到了四个时间范围:

1)        短期的超级个性化,算法将会比我们更了解我们自己。

2)        中期的干扰,基于各种针对性的自动化工作。

3)        长期无处不在的自动化机器,如无人驾驶汽车。

4)        长期的情况,例如恶意的天网式场景。

AI应用于恶意软件溯源

AI技术最重要的应用之一是恶意软件溯源。根据米姆兰的说法,如果你了解你的攻击者“并且实时做出反应,那么你反击真实攻击者的机会将会更高。”

然而,他在OECD演讲中指出,溯源“因缺乏商业可行性而投资不足”。这是一个众所周知的问题,因为研究人员必须检查大量的变量,包括恶意软件的书面非编码语言,使用的文化或政治引语,以及哪些代码片段模仿现有的恶意软件结构等等。

米姆兰提出了决策者可以改善溯源的两种方法。第一种方法是支持和建立一个联合的全球情报网络,该网络包括商业和政府研究人员,可以跟踪不同地区的威胁。第二个方法是资助正在进行的研究,以帮助改善溯源,同时保护数据隐私

“溯源是一个分布式的问题,跨越不同的技术堆栈、系统和组织,这些中央实体可以帮助编织这样的线索。”米姆兰说。他对此持乐观态度——尤其是对那些专注于这些合作创意、与欧洲最大的银行合作共享威胁情报的新型安全创业公司。

AI时代保护数据隐私

数据隐私是一个重要的考虑因素。米姆兰去年写道:“大量个人数据分布在不同供应商的中央系统中,这会增加数据的泄露风险,为攻击者创造以不可思议的方式滥用这些数据的机会。”

隐私问题的一个解决方案是某种形式的基于区块链的创新。米姆兰提到了最近获得资助的ForgeRock等公司。“这些公司面临的挑战是与世界其他地区的整合,”他说,“身份主要嵌入到在线服务和产品中,创建一个外部中立实体为所有服务提供相同的流畅体验,这是一项重大挑战。”

去伪存真

这些技术也适用于其他网空防御战术。米姆兰说:“我们确实看到了人工智能在安全运营中心(SOC)用作自动化工具的初始努力,但这些只是初步的。”

但是,保持谨慎是非常重要的——特别是当供应商试图超卖(oversell,超出供应力地过多出售)他们的工具并声称这些工是基于AI的时候。CSO Online强调了区分具有基于规则的检测引擎的产品和利用真正AI的产品的重要性,因为“许多拥有数百条规则的供应商认为他们已经完成某种近似版本的AI”,实际上仅仅验证现有的恶意软件特征不构成AI,而仅仅是一种模式匹配。

米姆兰还提到了日益增长的物联网(IoT)僵尸网络威胁。“物联网僵尸网络的问题触及了许多松散的方面,而且没有银弹来解决这些问题。解决僵尸网络问题的最佳方法是主机之间进行合作,以及通信或服务提供商将僵尸机器的流量提供给执法部门。”他说。

远离天网式的未来

人工智能的兴起当然会使威胁情况进一步复杂化,但认识到威胁情报共享、恶意软件溯源和数据隐私的重要性的企业可以领先旨在利用技术实现恶意目的的犯罪分子一步。正确理解AI并进行相应投资的安全团队能够在威胁源创造"天网"之前掌握众多网空安全优势。

《Understanding the Relationship Between AI and Cybersecurity》

https://securityintelligence.com/understanding-the-relationship-between-ai-and-cybersecurity/

March 22, 2018   

 David Strom

The first thing many of us think about when it comes to the future relationship between artificial intelligence (AI) and cybersecurity is Skynet—the fictional neural net-based group mind from the “Terminator” movie franchise. But at least one security professional (with a somewhat rosier view) suggested that AI must be understood across a broader landscape, regarding how it will influence cybersecurity and how IT can use AI to plan for future security technology purchases.

Earlier this year, Dudu Mimran, chief technology officer (CTO) at Telekom Innovation Laboratories in Israel, discussed the relationship between AI and cybersecurity in a speech and subsequent blog post for the Organisation for Economic Co-operation and Development (OECD) Forum 2018. I caught up with Mimran at his office in Beersheba, Israel for an interview, which we continued later over email.

The Short- and Long-Term Forecast for AI and Cybersecurity

“While the threat of cyberattacks powered by AI is increasingly likely, I am less concerned in the short- and midterm about machines making up their minds and being able to harm people,” Mimran said. “Our lives are becoming more and more dependent on technology, and this will be exploited by adversaries much before we have conscious machines. Nevertheless, today most of attackers’ goals can be attained without the sophistication of AI, and that is why we don’t see a big new wave of these kinds of attacks.”

In his OECD speech, he mentioned four time horizons:

a.    Short-term hyper-personalization, where algorithms are getting to know us better than we know ourselves

b.    Medium-term disruptions based on various focused automation efforts

c.    Long-term pervasive autonomous machines, such as driverless cars

d.    Long-term situations, such as malicious, Skynet-type scenarios

Applying AI to Malware Attribution

One of the most significant potential benefits of AI technology is malware attribution. If you know your attacker and can respond quickly, according to Mimran, “the chances you will be hitting back your true adversary are higher if you can react in real time.”

However, he noted in his OECD speech that attribution “suffers from underinvestment because it lacks commercial viability.” This is a well-known problem because researchers have to check so many variables, including the written noncoding language of malware, the used cultural or political references, and what code fragments mimic existing malware structures.

Mimran suggested two ways in which policymakers can improve attribution. The first is by supporting and building a joint global intelligence network that can track threats across different geographies and includes both business and government researchers. The second suggestion is to fund ongoing research to help improve attribution while preserving data privacy.

“Attribution is a distributed problem, spanning across different technology stacks, systems, and organizations, and these central entities can help weave such a thread,” Mimran said. He said he is optimistic—especially about new security startups focused on these collaboration ideas and an initiative with the largest European banks to collaborate on shared threat intelligence.

Preserving Data Privacy in the Age of AI

The data privacy element is an important consideration. As Mimran wrote last year, “High amounts of personal data distributed across different vendors residing on their central systems can increase our exposure and create green field opportunities for attackers to abuse and exploit us in unimaginable ways.”

One solution to the privacy issue is some form of blockchain-based innovation. Mimran mentioned ForgeRock and others that have recently been funded. “The challenge for these companies is integration with the rest of the world,” he said. “Identity is mostly embedded deep into online services and products, and creating an external neutral entity that will enable the same smooth experience with all the services out there is a significant challenge.”

Separating the Wheat From the Chaff

These technologies also have applications for other cyberdefense tactics. “We do see an initial effort of AI used as an automation tool in the security operations center [SOC], but these are just preliminary,” Mimran said.

However, it is important to be cautious — particularly when vendors try to oversell their tools and claim they are AI-based. CSO Online emphasized the importance of delineating between products that have rules-based detection engines and ones that leverage true AI, since “many vendors with hundreds of rules feel they have accomplished some sort of near version of AI,” and merely verifying an existing malware signature constitutes not AI but mere pattern matching.

Mimran also mentioned the growing threat of Internet of Things (IoT) botnets. “The problem of IoT botnets touches on many loose ends in the way technology is built today, and there is no silver bullet for that. The best way to tackle botnets is when cooperation emerges between the hosts of the bots, along with the communication or services provider which tunnels the bots’ traffic and law enforcement,” he said.

Shifting Away From a Skynet-Esque Future

The rise of AI certainly does further complicate the threat landscape, but organizations that recognize the importance of threat intelligence sharing, malware attribution, and data privacy can stay ahead of cybercriminals aiming to exploit or leverage the technology for nefarious purposes. Ultimately, security teams that understand AI properly — and invest accordingly — will be well-equipped to unlock its many cybersecurity benefits before threat actors make any headway toward creating a malicious, Skynet-style dystopia.

  附件:

《Understanding the Relationship Between AI and Cybersecurity》--原文.pdf

《Understanding the Relationship Between AI and Cybersecurity》--译文.pdf

联系我们
办公地点:中国电子技术标准化研究院
地址:北京安定门东大街1号
邮编:100007
电话:010-64102639
邮箱:cciahyz@china-cia.org.cn

微信公众号