Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Mehrbod Jaime G. Eugene Sharifi Carbonell Fink.
Download ReportTranscript Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Mehrbod Jaime G. Eugene Sharifi Carbonell Fink.
Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats
Mehrbod Sharifi Eugene Fink Jaime G.
Carbonell
Individual user differences • Security needs - Data confidentiality - Data-loss tolerance - Recovery costs • Usage patterns • Computer knowledge
Different users need different security tools.
Problems • Inflexible engineered solutions with “too much security” - Too high security at high costs - Insufficient customization • “Advanced user” assumption - Complicated customization - Unclear security warnings
Population statistics • Almost everyone uses a computer • Most users are naïve, with limited technical knowledge • Many security problems are due to the user naïveté
Long-term goal
We need an intelligent security assistant that...
•
Learns the user needs
•
Detects complex threats
•
Prevents human mistakes
•
Helps the user to apply available security tools
Initial results • Crowdsourcing architecture • Identification of web scams • Detection of cross-site request forgery
Crowdsourcing architecture Gathering, sharing, and integration of opinions and warnings about web security threats.
Crowdsourcing architecture
Crowdsourcing architecture Web Browser Browser Extension Multiple Users Web Service External Data Sources
Identification of web scams A
web scam
is fraudulent or intentionally misleading information posted on the web (e.g. work at home and miracle cures).
Identification of web scams Machine learning approach: • Collect data about websites, available from various public services • Collect human opinions • Apply machine learning (currently, logistic regression) to recognize scams based on the available data Accuracy: 98%
Detection of cross-site request forgery A
cross-site request forgery
is an attack through a browser, in which a malicious website uses a trusted session to send unauthorized requests to a target site.
… … Email News Ads … Malicious … Bank
Detection of cross-site request forgery Machine learning approach: • Learn patterns of legitimate requests • Detect deviations from these patterns • Warn the user about potentially malicious sites and requests
Future research Application of machine learning and crowdsourcing to detect...
• ... newly evolving threats, not yet addressed by the standard defenses • ... cyber attacks by their observed “symptoms” in addition to using direct analysis of attacking code • ... “nontraditional” threats that go beyond malware attacks, such as scams and other social engineering