Div0 May Meetup — Cybersecurity Community Learning Circle
30 May 2019 — Div0 held our May monthly meetup in partnership with the Lifelong Learning Institute (LLI), SkillsFuture Singapore (SSG) who are running their cybersecurity campaign this quarter.
SSG kindly sponsored the venue and refreshments for the 2-hour meetup, which focused on leveraging the mighty force of AI in cybersecurity.
It attracted an audience consisting of both cybersecurity experts who wanted to learn about the use of AI in their field as well as data experts who wanted to learn how to leverage their skills in cybersecurity.
The first presentation, entitled "Threat Hunting with Data Science", was conducted by Zhou Zhihao from ST Engineering.
Zhihao first set the stage with the definitions of both threat hunting and data science. He talked about the various types of machine language (such as supervised, unsupervised and reinforcement learning) as well as techniques (such as beaconing and Domain Generation Algorithms (DGA) detection) that are used during Stage 7 of the Cyber Kill Chain i.e. the Command and Control stage.
He introduced the Flare analytical framework for network data to the audience, an open-source framework for the development of behavioural analytics and easier identification of malicious behaviour in networks, which can be used at this particular stage described above. He then talked about a scenario of a malware-infected computer trying to reach back to its Command and Control server and showed an example of how Flare could be used to simplify the hunt for the malware by reducing the number of events for security professionals to process.
He ended his talk with the sage advice to the audience about the need to verify with their vendors what type of machine learning they offer in their AI-based cybersecurity solutions.
The second presentation built up on the first one nicely as the next speaker, Clifton Phua of DataRobot spoke on "Automated Machine Learning and Dataset Shifts for Cybersecurity". Clifton, a data scientist, has experience in both machine learning and cybersecurity. He spoke on platforms which support the automating the building up of machine learning models.
Clifton listed out multiple categories of use cases and areas within each use case where an automated machine-learning (ML) platform may help. One example is the ability to evaluate content and attachments within emails and text messages to see if it could be part of phishing or spam campaign.
Clifton explained automated ML happens in two stages: firstly to build predictive models and secondly to deploy these predictive models to build predictive cybersecurity solutions such as Security Information and Event Management (SIEMs).
All in all, it was an interactive session with lively dialogue between the speakers and audience and continued discussions on the Div0 mailing list post the event.
Contributed by Asha Hemrajani, Div0 Crew.