A group of computer scientists at the University of Texas at Dallas have developed a new approach for defending against cybersecurity. Rather than blocking hackers, they entice them in.

The newly developed method is called DEEP-Dig (DEcEPtion DIGging), and it entices hackers into a decoy site so that the computer can learn their tactics. The computer is then trained with the information in order to recognize and stop future attacks.

The UT Dallas researchers presented their paper titled “Improving Intrusion Detectors by Crook-Sourcing,” at the annual Computer Security Applications Conference in December in Puerto Rico. The group also presented “Automating Cyberdeception Evaluation with Deep Learning” at the Hawaii International Conference of System Sciences in January.

DEEP-Dig is part of an increasingly popular cybersecurity field called deception technology. As evident by the name, this field relies on traps that are set for hackers. Researchers are hoping that this will be able to be used effectively for defense organizations. 

Dr. Kevin Hamlen is a Eugene McDermott Professor of computer science.

“There are criminals trying to attack our networks all the time, and normally we view that as a negative thing,” he said. “Instead of blocking them, maybe what we could be doing is viewing these attackers as a source of free labor. They’re providing us data about what malicious attacks look like. It’s a free source of highly prized data.”

This new approach is being used to solve some of the major problems associated with the use of artificial intelligence (AI) for cybersecurity. One of those problems is that there is a shortage of data needed to train computers to detect hackers, and this is caused by privacy concerns. According to Gbadebo Ayoade MS’14, PhD’19, better data means a better ability to detect attacks. Ayoade presented the findings at the conferences, and he is now a data scientist at Procter & Gamble Co.

“We’re using the data from hackers to train the machine to identify an attack,” said Ayoade. “We’re using deception to get better data.”

The most common method used by hackers is to begin with simpler tricks and progressively get more sophisticated, according to Hamlen. Most of the cyber defense programs being used today attempt to disrupt the intruders immediately, so the intruders’ techniques are never learned. DEEP-Dig attempts to solve this by pushing the hackers into a decoy site full of disinformation so that the techniques can be observed. According to Dr. Latifur Khan, professor of computer science at UT Dallas, the decoy site appears legitimate to the hackers.

“Attackers will feel they’re successful,” Khan said.

Cyberattacks are a major concern for governmental agencies, businesses, nonprofits, and individuals. According to a report to the White House from the Council of Economic Advisers, the attacks cost the U.S. economy more than $57 billion in 2016.

DEEP-Dig could play a major role in evolving defense tactics at the same time hacking techniques evolve. The intruders could disrupt the method if they realize they have entered into a decoy site, but Hamlen is not overly concerned. 

“So far, we’ve found this doesn’t work. When an attacker tries to play along, the defense system just learns how hackers try to hide their tracks,” Hamlen said. “It’s an all-win situation — for us, that is.”

Other researchers involved in the work include Frederico Araujo PhD’16, research scientist at IBM’s Thomas J. Watson Research Center; Khaled Al-Naami PhD’17; Yang Gao, a UT Dallas computer science graduate student; and Dr. Ahmad Mustafa of Jordan University of Science and Technology.

The research was partly supported by the Office of Naval Research, the National Security Agency, the National Science Foundation, and the Air Force Office of Scientific Research.

The post Deep Learning Used to Trick Hackers appeared first on Artificial Intelligence.

As soon as hackers take down your account, you normally get to see suspicious posts that might revolve around deals on products or stuff that you would never like buying online. But how about a situation where hackers plan to infiltrate the account of Facebook’s biggest data partners? Yes, we are going to talk about thousands of dollars and credit cards being stolen in a similar case.

Recently, hackers got access to the personal account of LiveRamp’s employee, only with the aim to get control over the Business Manager’s account and hoping to run scam through the ads with other’s money being spent on them.

By doing so, they successfully attacked one of Facebook’s most prominent data partners, however, the damage was still contained. The incident affected a limited number of LiveRamp customers and associated Ad Accounts, while Facebook actively informed the affected parties about it.

Although LiveRamp didn’t tell the exact number of customers who got affected by the hack and stated that the company has their security measures in place, especially for employees who deal with Facebook ads accounts, but there is one thing for sure that thousands of victim’s dollars were spent into tricking users buy fake products. Facebook, on the other hand, did confirm later in November that personal account of an admin for a Business Manager account but didn’t mention LiveRamp directly.

Nevertheless, LiveRamp and Facebook worked together to cut down unauthorized access and restore the functionality back to normal for its users.

This isn’t the first time that hackers targeted the hub of Facebook’s empire – the advertisers. As advertising has been Facebook’s lifeline for a long period of time — considering how it is expected to add up $84 billion in revenue in 2020 with 2.2 billion users, the social media giant is becoming more and more effective with targeted ads. The company is facilitating businesses from around the world in the best way possible and hackers had to pay attention to their success.

Hence, the bad guys knew that they could scam countless people through the tools that marketers use on the social network.

Why Was LiveRamp Worth It?

Besides being a big data partner for Facebook, LiveRamp is a marketing powerhouse that has earned its name for matching data from the real world actions to online identities, helping advertisers more than their expectations. Thus that is also the reason why LiveRamp is favorite of more than 300 businesses and data providers which includes big names like Google, MasterCard, Uber, Snapchat, Spotify and Equifax.

So LiveRamp for Facebook helps advertisers target ads on the basis of data derived from a user’s offline activities and they also integrated Facebook’s Offline Conversions API to help the same advertisers see the effectiveness of their marketing campaigns with knowing how many people actually bought the product.

Liveramp doesn’t run ads on behalf of Facebook itself but it still has access to do so being a Facebook approved partner. Hence, when hackers ran a series of ads on LiveRamp’s customer accounts on Facebook, one of the ads was viewed more than 60,000 times and further directed users to a page that was made to steal the credit card details of users.

Facebook’s Security

Facebook continuously reminds its users of a number of security tools which primarily includes two-factor authentication and login alerts, just so that one should know if a hacker has tried to intrude. The social network even offers Security Center page for business accounts, along with a recommendation that businesses should go for quarterly security cleanups to make sure that employees don’t have unnecessary access.

However, Facebook only goes with the policy of recommending these security measures and not making it a requirement even for its big partners like LiveRamp which is a big problem actually.

Marcin Kleczynski, CEO of cybersecurity company Malwarebytes raised the concern regarding how Facebook doesn’t require separate Business Manager account and instead users can manage their multi-million dollar pages all through their personal profiles.

He further questioned that why Facebook never opted for higher standards when it comes to bigger partners, especially after knowing how people go for poor security habits including reusing the same password everywhere or not turning on two-factor authentication.

Honestly, till the time Facebook doesn’t make important security measurements a requirement, cybercriminals would have a better chance to have access to million-dollar advertising campaigns all by attacking personal profiles.

The post Hackers Attacked LiveRamp – A Big Data Partner of Facebook For A Bigger Advertising Scam appeared first on Artificial Intelligence.

Microsoft Corp. has what may sound like a counter-intuitive request: Please try to hack into Azure more often.

The company isn’t encouraging malicious attacks but it does want security researchers to spend more time poking holes in its flagship cloud service so the company can learn about flaws and fix them.

Many so-called White Hat hackers do this for the company’s older products like Windows, Office and browsers, but there aren’t enough working on Azure, said Kymberlee Price, who oversees community programs in Microsoft’s Security Response Center. The company is planning several steps to change that, including explicitly stating it won’t take legal action against researchers and creating a game-like reward system that gives successful bug-finders perks and bragging rights.

Microsoft currently offers bug bounty payments for Azure, but “it’s just not getting as much activity as I would like to see,” Ms. Price added.

It’s an issue Microsoft needs to worry about as it bets big on cloud services for revenue growth. The shift to cloud computing is changing cybersecurity, providing new opportunities and new challenges. One of the biggest risks is that Microsoft now runs services for customers in its cloud, which means the software giant is on the hook to protect them.

Microsoft is planning to release what’s called a Safe Harbor statement giving researchers legal clearance to report a vulnerability. “We’ve always done that but we’ve never formally articulated it,” Ms. Price said. It’s important to publish a formal policy as researchers work more on cloud systems where they may worry they’ll accidentally knock a service offline or access customer data and get in trouble, she said.

In her first stint at Microsoft in the 2000s, Ms. Price was one of the security engineers pioneering the company’s effort to collaborate with security researchers, rather than viewing them as adversaries. She left in 2009 and returned a little more than two years ago.

Right now attackers still target networks located at a company’s own offices more frequently than the cloud, but that’s changing, said Azure Chief Technology Officer Mark Russinovich. “The level of sophistication of the attackers and the interest in [attacking] the cloud just continues to grow as the cloud continues to grow,” he added.

Cloud security requires new tools and techniques but it also enables companies like Microsoft to track and analyze vast amounts of data to find malicious actors and scan networks of hundreds of thousands of customers so it can see attacks materialize.

Mr. Russinovich spoke about protecting the cloud at an academic conference at Microsoft attended by hundreds of Microsoft workers and security engineers from Amazon Web Services, Google, Nike and others. The event grew out of a trail-running group that includes Microsoft’s Ram Shankar Siva Kumar, who oversees a team of engineers who apply machine-learning to cybersecurity, and peers at AWS and Google. The group would often share techniques and research while on the trail and the idea for a formal conference to exchange ideas was born.

The hope is that sharing data, tools and techniques publicly will help everyone better fend off attackers. As long as private customer information is protected, Microsoft wants to share security data, said Steve Dispensa, general manager, cloud and AI security at Microsoft.

“The idea that we’re smarter than the attackers is a malignant myth — they know before we do where the weak spot is,” he said. “We publish data, we all learn, a rising tide lifts all boats.”

The post Microsoft to hackers: Please attack Azure appeared first on Artificial Intelligence.

Big data in the finance industry will help overcome major challenges, gaining valuable insights to improve customer satisfaction and overall banking experience.

In today’s digital world, organizations generate and collect data to improve transaction processing. Vast chunks of data get assimilated daily and it is essential to maintain them securely while meeting security constraints. Most banks fail to properly exploit the digital assets. It is crucial that the collected data must be put into good use as these bits of data can sometimes contain significant hidden information, which can drive to new opportunities. According to IBM, over 80% of data is dark data, expected to rise to 93% by 2020. However, every data that is generated and collected can be processed accurately with the use of big data analytics, which aim at analyzing, storing, querying, and updating substantial voluminous amounts of information. Big data in the finance industry has the potential to transform the finance industry by quickly assisting customers.

Challenges faced by the Finance Industry

The finance industry faces specific problems with the traditional data management models. One of the most significant challenges faced are the fraudulent activities that are increasingly growing. The conventional model lacked to maintain the security of digital assets, which enabled hackers to achieve vital customer or industry data. Hence, there is a need to overcome this challenge at the earliest, since there is a high risk that the finance industry could burn out. Another major problem faced is the analysis of customers’ sentiments. Most clients represent real wealth for any organization, and every industry must keep fulfilling their ever-increasing demands. The traditional model, however, does not provide any technique to analyze their customers. Moreover, conventional model lacked in segmenting their customers based on their transactions and other internal and external processes. Furthermore, business users cannot target the right audience for their marketing purpose with the traditional model. The list is endless. There is an urgent need for an advanced technology that could help banks overcome these challenges that are impacting their financial results.

Big data in the Finance Industry

As we are aware of the challenges that the finance industry faces with the traditional data management models, it is high time to leverage big data analytics to overcome the biggest issues. A few years back, a survey said that 84% of enterprises see big data analytics changing their industries’ competitive landscapes. This states that big data analytics can transform various industries, including the finance industry. Big data analytics help the finance industry to maintain security and privacy of the collected data by the use of predictive analytics.

Predictive analytics help in predicting any fraudulent activity in the future, thereby helping detect hackers. Additionally, predictive analytics could be used to predict a machine breakdown, if any. Furthermore, big data analytics could be used by the finance industry for marketing purpose. Through social media platforms with sentiment analysis researchers can gather sentiments, opinions, and feedbacks of customers that can help them alter a business if itscustomers are unhappy. This will help banks to analyze their customer better and alter their business if necessary.

Furthermore, big data analytics help in customer segmentation, which allows the industry to find the right target audience. Banks can, thereby, boost their marketing skills and make maximum profits if they are able to properly leverage big data analytics. According to a recent IBM survey, more than 25% financial institutions are using big data analytics to stay ahead of the curve. Big data in finance has the potential to quickly identify real-time customer sentiments, prevent fraud, improve marketing tactics, and accelerate business growth.

The post HOW BIG DATA CAN TRANSFORM THE FINANCE INDUSTRY appeared first on Artificial Intelligence.

Artificial intelligence (AI) and machine learning have been around for many years. A computer or any smart device can work as efficiently as a human being in reading and computing data. Through AI, a device can perceive the environment and take necessary actions to increase chances of success.

AI and machine learning have aided users in securing big data. For example, many organizations are spending a lot of money to boost their defense systems.

Concern of cybersecurity specialists

Cyber security professionals have found many threats to important information and data in recent years. With the help of AI, they were able to take measures to combat them. However, it is a major concern that hackers themselves are exploiting AI to steal sensitive information.

Hackers and attackers

Regardless of companies having great AI strategies, hackers and attackers continue to find ways to circumnavigate securities. This goes to say that most of our important data are still in danger of getting compromised.

Hackers are also using the same machine learning and intelligence strategies to get online passwords, credit card numbers, ATM PINs and a lot more. They have also been found to be using AI to develop more complicated and advanced level of threats to our security systems.

Staying ahead of the new risks

No doubt, hackers have a huge amount of creativity that makes them successful in breaching firewalls. Today, cybersecurity professionals should be able to think out of the box and always stay ahead of new possible risks to security systems.

The post Artificial intelligence and machine learning help hackers steal identities appeared first on Artificial Intelligence.

Last year, two data scientists from security firm ZeroFOX conducted an experiment to see who was better at getting Twitter users to click on malicious links, humans or an artificial intelligence. The researchers taught an AI to study the behavior of social network users, and then design and implement its own phishing bait. In tests, the artificial hacker was substantially better than its human competitors, composing and distributing more phishing tweets than humans, and with a substantially better conversion rate.

The AI, named SNAP_R, sent simulated spear-phishing tweets to over 800 users at a rate of 6.75 tweets per minute, luring 275 victims. By contrast, Forbes staff writer Thomas Fox-Brewster, who participated in the experiment, was only able to pump out 1.075 tweets a minute, making just 129 attempts and luring in just 49 users.

Thankfully this was just an experiment, but the exercise showed that hackers are already in a position to use AI for their nefarious ends. And in fact, they’re probably already using it, though it’s hard to prove. In July, at Black Hat USA 2017, hundreds of leading cybersecurity experts gathered in Las Vegas to discuss this issue and other looming threats posed by emerging technologies. In a Cylance poll held during the confab, attendees were asked if criminal hackers will use AI for offensive purposes in the coming year, to which 62 percent answered in the affirmative.

The era of artificial intelligence is upon us, yet if this informal Cylance poll is to be believed, a surprising number of infosec professionals are refusing to acknowledge the potential for AI to be weaponized by hackers in the immediate future. It’s a perplexing stance given that many of the cybersecurity experts we spoke to said machine intelligence is already being used by hackers, and that criminals are more sophisticated in their use of this emerging technology than many people realize.

“Hackers have been using artificial intelligence as a weapon for quite some time,” said Brian Wallace, Cylance Lead Security Data Scientist, in an interview with Gizmodo. “It makes total sense because hackers have a problem of scale, trying to attack as many people as they can, hitting as many targets as possible, and all the while trying to reduce risks to themselves. Artificial intelligence, and machine learning in particular, are perfect tools to be using on their end.” These tools, he says, can make decisions about what to attack, who to attack, when to attack, and so on.

Scales of intelligence

Marc Goodman, author of Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, says he isn’t surprised that so many Black Hat attendees see weaponized AI as being imminent, as it’s been part of cyber attacks for years.

“What does strike me as a bit odd is that 62 percent of infosec professionals are making an AI prediction,” Goodman told Gizmodo. “AI is defined by many different people many different ways. So I’d want further clarity on specifically what they mean by AI.”

Indeed, it’s likely on this issue where the expert opinions diverge.

The funny thing about artificial intelligence is that our conception of it changes as time passes, and as our technologies increasingly match human intelligence in many important ways. At the most fundamental level, intelligence describes the ability of an agent, whether it be biological or mechanical, to solve complex problems. We possess many tools with this capability, and we have for quite some time, but we almost instantly start to take these tools for granted once they appear.

Centuries ago, for example, the prospect of a calculating machine that could crunch numbers millions of times faster than a human would’ve most certainly been considered a radical technological advance, yet few today would consider the lowly calculator as being anything particularly special. Similarly, the ability to win at chess was once considered a high mark of human intelligence, but ever since Deep Blue defeated Garry Kasparov in 1997, this cognitive skill has lost its former luster. And so and and so forth with each passing breakthrough in AI.

The post Hackers Have Already Started to Weaponize Artificial Intelligence appeared first on Artificial Intelligence.

The post Teaching A.I. Systems to Behave Themselves appeared first on Artificial Intelligence.