NEW AI TECHNIQUES TO IMPROVE THE ENTERPRISE'S CYBERSECURITY
Abstract (two parts):
Part 1: VEST (Vulnerability Exploit Scoring & Timing). In the US, the Mitre Corporation and the National Institute for Standards & Technology manage the process required for maintaining the National Vulnerability Database which describes vulnerabilities in 1000s of software and hardware components. When a new Common Vulnerability & Exposure (CVE) is publicly disclosed by Mitre (usually via a very brief post on the web), the existence of some aspects of the vulnerability become known to the public. NIST posts a detailed vulnerability report on the vulnerability – usually months after the existence of the vulnerability is first known. We use the Mitre post information, together with Twitter data in order to predict two things: (i) when a given vulnerability will be exploited, and (ii) how severe the vulnerability will be on the 0-10 CVSS (Common Vulnerability Scoring System) scale. We show that our VEST framework can predict when vulnerabilities will be exploited as well as their CVSS scores well before NIST releases them for many vulnerabilities using just 3 days of Twitter data, thus providing a valuable early warning system for beleaguered system managers.
Part 2: generating Fake Technical Documents in Order to Deter IP Theft. Theft of intellectual property is a growing phenomenon. Worse still, recent reports from Symantec suggest that it often takes over 300 days before a zero-day attack is discovered, giving attackers ample time to exfiltrate IP. We propose a solution in which we automatically generate N fake versions of any original document so that the attacker has to determine which one of the (N+1) documents is real and which is fake. To do this, we present two systems that use a mix of natural language processing, network analysis, and optimization. The earlier FORGE (Fake Online Repository Generation Engine) system proposes the use of multi-layered graphs and novel meta-centrality metrics on such graphs and formulates the problem of generating fakes as an optimization problem that depends on the availability of a relevant ontology. The later system WE-FORGE (or Word-Embedding based FORGE) completely eliminates the need for ontologies and achieves comparable performance.
Speaker: Prof. V.S. Subrahmanian
Affiliation: Professor in Cybersecurity, Technology, and Society at Dartmouth College.
Short Bio: V.S. Subrahmanian is The Dartmouth College Distinguished Professor in Cybersecurity, Technology, and Society at Dartmouth College. Prior to joining Dartmouth, he was a tenured Professor in the [University of Maryland's Computer Science Department] (http://www.cs.umd.edu/). He served a 6.5 year stint as Director of the University of Maryland Institute for Advanced Computer Studies where he co-founded the Lab for Computational Cultural Dynamics and founded the Center for Digital International Government. His work stands squarely at the intersection of big data analytics for increased security, policy, and business needs. Prof. Subrahmanian has been an invited speaker at the United Nations, Capitol Hill, the Mumbai Stock Exchange, and numerous other prestigious forums.
Registration: Participation if free. However, registration is required on Eventbrite at the following link:
"New AI techniques to improve the enterprise's cybersecurity"