[Dailydave] Assymetry

[Robin.Lowe at forces.gc.ca]

Good day all,

Just a couple things I thought of while reading the earlier discussion on AI and this follow-up email. Just some, as Chris so eloquently put it earlier, conversation fodder.

I think one thing we have to keep in mind is that the underlying framework behind machine learning is still a machine. An issue I can see about this is who is accountable for if it fails? If we’re talking about national security, what’s the risk that someone will be willing to take on in order to prove that their new machine learning intrusion detection system works 100% of the time? The number of hours that would be required to amass the amount of data needed to seed the system would be substantial, even on its own.

There’s also the possibility of false positives being generated by erroneous data. Sure, an listening meterpreter shell on port 4444 is pretty damn obvious, but what about, say, Cobalt Strike’s Beacon system? Will the people developing the IDS need to spend thousands of dollars throwing all of these expensive network auditing programs at it in order to generate the data necessary to make it accurate even 90% of the time?

Also, the budget just for personnel would be pretty high. You’d need people in R&D, maintenance, actually checking flagged intrusion attempts, etc.

One last thing before I start in on the possible positives is that the machine itself might be prone to exploitation. Similar to how getting into domain controllers and hypervisors are pretty much endgame states, what if you broke into the IDS itself and started messing with its signatures? Seems like a few things to think about.

However, some cost-reducing factors are that it’s always looking. And faster than a person can. Sure, there are some blue teams that are basically machines at this point, I can definitely see a time where machines can take over that facet of security.

You don’t have to pay it a salary, just keep the machine happy with electricity and known behaviours and it’ll chug along.

Kind of starting to sound like an antivirus program but one that looks at networks instead of files.

New to this sort of thing so sorry if I mentioned something that would be considered common knowledge or just plain nonsense.

Cheers,

Leading Seaman/Matelot de 1re classe Robin Lowe

Naval Communicator, HMCS EDMONTON
Department of National Defence / Government of Canada
Robin.Lowe at forces.gc.ca<mailto:Robin.Lowe at forces.gc.ca> / Tel: 250-363-7940

Communicateur Naval, NCSM EDMONTON
Ministère de la Défense nationale / Gouvernement du Canada
Robin.Lowe at forces.gc.ca<mailto:Robin.Lowe at forces.gc.ca> / Tel: 250-363-7940

“The quieter you are, the more you are able to hear.”

From: dailydave-bounces at lists.immunityinc.com [mailto:dailydave-bounces at lists.immunityinc.com] On Behalf Of Dave Aitel
Sent: April-01-16 11:36 AM
To: dailydave at lists.immunityinc.com
Subject: [Dailydave] Assymetry

One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure).

Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at that rate?

But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?)

-dave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160402/ca903df2/attachment.html>