One of the most dangerous aspects looming the computer world is security threats. It is estimated that around three trillion dollars are lost in cyber crimes every year. This figure is expected to double by 2021. With all of these threats lurking around, it is difficult to track and eliminate every threat, especially as the number of users is rising exponentially.

The most popular among the existing cyber threats now is the distributed denial of service (DDoS) attack. A DDoS attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of the internet traffic. DDoS attacks have adversely affected businesses on a large scale.

Now, with machine learning prevailing in the tech ecosystem, eliminating DDoS attacks has found a new way. In this article, we will lay out a research paper that has used ML techniques to subdue DDoS attacks in systems.

Session Initiation Protocol (SIP) And Voice Over Internet Protocol (VoIP)

Z Tsiatsikas and a team from the University of the Aegean, Greece, have published a new research study in countering DDoS in SIP-based VoIP systems through ML. The reason for choosing VoIP systems is its popularity and spread in the hardware ecosystem. With the growing number of digital devices and the abundant availability of the internet, VoIP is the preferred method for voice and multimedia communications.

In order to establish a VoIP session, Session Initiation Protocol (SIP) is the popular means of initiating and these sessions. A simple version of the SIP/VoIP architecture is given below:

• User Agent (UA): The active entities in the session which represent the endpoints of SIP. For example, in the context of voice communications, the caller and the receiver, which denote the endpoints in the session.
• SIP Proxy Server: An intermediate entity which acts as a client and a server simultaneously during the session. The role of this server is to maintain send and receive requests as well as transfer information to and fro from the users.
• Registrar: This component takes care of authentication and register requests for the UA.

All of the SIP communication is logged by the VoIP provider. This is important because it gives out billing and accounting information for service providers based on users’ activity. Interestingly, it can also give out information regarding intrusion or suspicious activity present in the network. This can be a breeding ground for DDoS attacks if left neglected.

Aggregating ML Techniques In VoIP

The researchers consider the same SIP VoIP architecture and use five standard ML classifier algorithms in their experiments, which are as follows:

1. Sequential minimal optimisation
2. Naive Bayes
3. Neural networks
4. Decision trees
5. Random Forest

These algorithms are set up for dealing with communications directly in the experiment. Then, classification features are generated once the network is made anonymous using keyed-hash method authentication code (HMAC) for the VoIP communications. The algorithms are tested under 15 DDoS attack scenarios. In order to do this, a ‘test bed’ of DDoS simulations is designed by the researchers which is shown below:

“Three or four different Virtual Machines (VMs) have been used for the SIP proxy, the legitimate users, and the generation of the attack traffic depending on the scenario. All VMs run on an i7 processor 2.2 GHz machine having 6GB of RAM. For the SIP proxy, we employed the widely known VoIP server Kamailio (kam, 2014). We simulated distinct patterns for both legitimate and DoS attack traffic using sipp v.3.21 and sipsak2 tools respectively. Furthermore, for the simulation of DDoS attack, the SIPp-DD tool has been used. The well-known Weka tool has been employed for ML analysis.”

Training and Testing process for algorithms include both normal traffic and attack traffic. To simulate the attack traffic, they use a range of random high call rates to give a feel of real VoIP whereas the normal traffic has normal, observed call rates.

The training scenario in the experiment is denoted as SN1 and testing scenarios are denoted as SN1.1, SN1.2, SN1.3 etc. A detailed description is given here.

Performance

The algorithms fare well compared to non-ML detection. Among the algorithms, Random Forest and decision trees stand top when measured from an intrusion detection viewpoint. The other three fare below them. In addition, as the attack traffic rises, the intrusion detection rate drops, which means DDoS is evident. Ultimately, ML techniques outclass conventional attack detection techniques/methods.

The post Machine Learning Is Chasing Out DDoS, The Newest Evil In Cyber Security appeared first on Artificial Intelligence.

A major challenge in current climate prediction models is how to accurately represent clouds and their atmospheric heating and moistening. This challenge is behind the wide spread in climate prediction. Yet accurate predictions of global warming in response to increased greenhouse gas concentrations are essential for policy-makers (e.g. the Paris climate agreement).

In a paper recently published online in Geophysical Research Letters (May 23), researchers led by Pierre Gentine, associate professor of earth and environmental engineering at Columbia Engineering, demonstrate that machine learning techniques can be used to tackle this issue and better represent clouds in coarse resolution (~100km) climate models, with the potential to narrow the range of prediction.

“This could be a real game-changer for climate prediction,” says Gentine, lead author of the paper, and a member of the Earth Institute and the Data Science Institute. “We have large uncertainties in our prediction of the response of the Earth’s climate to rising greenhouse gas concentrations. The primary reason is the representation of clouds and how they respond to a change in those gases. Our study shows that machine-learning techniques help us better represent clouds and thus better predict global and regional climate’s response to rising greenhouse gas concentrations.”

The researchers used an idealized setup (an aquaplanet, or a planet with continents) as a proof of concept for their novel approach to convective parameterization based on machine learning. They trained a deep neural network to learn from a simulation that explicitly represents clouds. The machine-learning representation of clouds, which they named the Cloud Brain (CBRAIN), could skillfully predict many of the cloud heating, moistening, and radiative features that are essential to climate simulation.

Gentine notes, “Our approach may open up a new possibility for a future of model representation in climate models, which are data driven and are built ‘top-down,’ that is, by learning the salient features of the processes we are trying to represent.”

The researchers also note that, because global temperature sensitivity to CO2 is strongly linked to cloud representation, CBRAIN may also improve estimates of future temperature. They have tested this in fully coupled climate models and have demonstrated very promising results, showing that this could be used to predict greenhouse gas response.

The post Machine learning may be a game-changer for climate prediction appeared first on Artificial Intelligence.

There is a lot of hype around artificial Intelligence, and while the technology can be useful, it does have limitations, according to RSA CTO Zulfikar Ramzan.

Speaking at the Dell Technologies Experience at the South by South West (SXSW) event in Austin, Texas, on March 12, Ramzan detailed his views on AI in a session titled “AI: Boon or a Boondoggle?”

“There is a tendency to think of AI as this all-encompassing panacea that can solve any problem,” he said.

Ramzan explained that AI can be somewhat of an abstract concept. What it basically means is that computers can be trained to be intelligent with certain kinds of tasks. Within AI, there is the subfield of machine learning, which he said is often used by people interchangeably with AI. Machine learning was first defined in 1959 by mathematician Arthur Samuelson as “the “field of study that gives computers the ability to learn without being explicitly programmed,” Ramzan said.

Machine learning enables computers to learn from data. As such, Ramzan said that if an organization has an interesting data set, it can use a machine learning algorithm to analyze the data and make inferences about the data set to gain meaningful insights that can aid different decision-making processes.

Cyber-Security

Machine learning has a very strong use case inside of cyber-security, according to Ramzan.

“Cyber-security is about making intelligent decisions based on what is good and what is bad, based on the data that you have in front of you,” he said. “That’s a problem that is suited to machine learning techniques.”

For example, if an individual gets an email, it’s possible to determine if it is spam based on machine learning techniques, he said. Ramzan explained that spam filtering technologies look for things such as word patterns, where an email sent from and other reputation characteristics. In addition, machine learning techniques can be used to look at historical data on emails to help determine the rules needed to identify spam.

Machine learning is also playing a role in online fraud detection. Ramzan said machine learning techniques can be used to look at buying patterns and transaction data to understand what a typical transaction is for a given user, which can aid in spotting fraud.

Malware detection is another area where machine learning techniques can be helpful. Ramzan said malware tends to exhibit certain behaviors that are different from legitimate software. He noted that RSA was able to use machine learning to determine that one of its government customers was being attacked by malware from another nation-state.

“You can actually identify things that would be otherwise unknown,” Ramzan said. “There are some great applications of AI and machine learning in the area of cyber-security.”

Pitfalls and Challenges

AI and machine learning technologies still tend to require some level of human input. Ramzan said human experts in a given domain of analysis are still needed to help configure a machine learning algorithm to have the right classifications and feature identifiers to analyze data.

Beyond some level of human intervention, the most critical part of machine learning in Ramzan’s view is the data.

“People get so caught in the cool math, but they forget if you don’t have good data to begin with, nothing else matters—it’s just garbage in, garbage out,” he said.

Data has to be representative of what will actually be encountered in real life. Ultimately, people have to ask the right questions of the right data; otherwise, they won’t get the correct answers, Ramzan said.

“You can’t make good wine from bad grapes,” he said.

Another challenge identified by Ramzan is class imbalance in data sets. That is, most things in data sets are not bad. For example, the majority of credit card transactions are not fraudulent and most files on a computer are legitimate. With the high volume of legitimate items, Ramzan said there is risk of identifying false positives with machine learning that needs to be avoided.

Adversaries Adapt

There are also few fixed rules when it comes to dealing with agile cyber-security adversaries, in Ramzan’s view.

“We’re dealing with sentient adversaries, people that will adapt, figure out what’s going on and make changes,” he said.

Ramzan noted that in his experience, machine learning algorithms typically don’t assume adversarial scenarios where threats are actively trying to sabotage the algorithm. He added that dealing with active threat adversaries that are highly agile is still an area that machine learning technologies are struggling with.

“Marketing people won’t tell you this, but the reality is machine learning algorithms weren’t designed to deal with bad people. They were designed to deal with legitimate data sets they can learn from,” Ramzan said.

In his view, AI and machine learning techniques are good at understanding what the norm is, but they are not always as good at figuring out things that are completely beyond an individual’s comprehension.

“These techniques [AI and machine learning], while powerful and useful, are not a panacea and they are not going to catch every kind of threat out there,” he said.

The post Why Artificial Intelligence is Important for Cyber-Security appeared first on Artificial Intelligence.

Robert Granetz has been a research scientist in MIT’s Plasma Science and Fusion Center for more than 40 years. He recently gave a talk hosted by the MIT Energy Initiative (MITEI) on using machine learning to develop a real-time warning system for impending disruptions in fusion reactors. A specialist in magnetohydrodynamic instabilities and disruptions, Granetz discussed how research in this area is bringing us one step closer to creating a stable, net-energy-producing fusion device.

Q: What makes plasma different from other states of matter? What are the challenges of working with plasma as an energy source?

A: In a gas at normal temperatures, the negatively-charged electrons and positively-charged nuclei are tightly bound into atoms or molecules, which are electrically neutral. Therefore, there are no forces exerted between particles unless they happen to actually collide. (The gravitational force acts between all masses, but gravity is much too weak to be relevant.)

When gas particles do collide, the collisions only involve a pair of particles at a time, and the kinematics of the collision are very simple, just like billiard ball collisions. So we can easily calculate the behaviors of gases. However, at the high temperatures that we need for fusion, the thermal energy of each atom or molecule is much, much greater than the binding energy that holds the electrons and nuclei together, so the neutral particles break up into their constituents, i.e. electrons and nuclei, which we call the “plasma state.”

Therefore, in a plasma, all the particles are charged, and there are long-range electric and magnetic forces acting between the particles. A single electron or ion influences the motion of about a billion other electrons and ions simultaneously, and all of those billion other particles are simultaneously influencing every other individual particle. In addition, the electrons and nuclei have extremely different masses, so their velocities are very different. Also, since all the particles are charged, they can interact strongly with electromagnetic radiation. All of these complicating properties mean that in practice, we can’t accurately calculate the detailed behavior of plasmas from the basic equations of physics.

Q: In the context of fusion reactors, what’s a disruption?

A: To date, the tokamak concept for a steady-state fusion reactor outperforms all other concepts in terms of energy confinement. The tokamak relies on driving a large current—of the order millions of amperes—through the plasma to produce the magnetic field structure required to obtain good energy confinement. However, this large plasma current is somewhat unstable, and is subject to sudden termination, usually with very little warning. When a disruption occurs, the considerable thermal and magnetic energy contained within the plasma is suddenly released very quickly, which can lead to damaging thermal and electromagnetic loads on the reactor structure.

The whole goal of fusion energy is to develop large power plants to generate electrical power on the grid, and replace today’s fossil-fueled utility power plants, and even replace fission nuclear power plants. But if a fusion power plant is subject to disruptions, its electricity output would suddenly turn off. Even if the most damaging consequences can be avoided, it could be hours or days before the plant can recover and get back online, only to be subject to another disruption at some later time. No utility would want to use fusion energy if that were the case. If we’re going to rely on the tokamak concept for fusion reactors, we need to avoid or mitigate disruptions.

Q: How can machine learning address this problem?

A: The signs that a disruption is imminent are often quite subtle. Fusion researchers continuously measure a number of characteristic plasma parameters during a plasma discharge, and we have reason to believe, both from empirical experimental evidence and from theoretical understanding, that some of these measured plasma parameters may provide indications that a disruption is about to occur. But this information is not straightforward to interpret, not just with respect to the occurrence of an impending disruption, but also with regard to the timing of an impending disruption.

In an attempt to solve this problem, my team—which consists of myself, postdoc Cristina Rea, graduate students Kevin Montes and Alex Tinguely, and a dozen scientists at other U.S. and international labs—has built up large databases of measured parameters which we believe are relevant to disruptions, from several years’ worth of experiments on several different tokamaks around the world. We are now applying machine learning techniques to these data to see if we can discern any patterns that would accurately predict whether or not a disruption will be occurring at a specific time in the near future. When dealing with large, complicated datasets, machine learning may be a powerful way of finding subtle patterns in the data that elude human efforts.

The post How machine learning can predict and prevent disruptions in reactors appeared first on Artificial Intelligence.

October is one of my favorite months of the year in Oregon, where I live. I call it “pumpkin patch season” and the colors are magnificent, as the season changes. For many of my friends, October weekends are spent squarely rooted in front of the TV watching football. And in case it isn’t penciled in your calendar – it’s also National Cyber Security Awareness Month (NCSAM).

Celebrate cybersecurity?

Developed by the National Cyber Security Alliance and the U.S. Department of Homeland Security, NCSAM seeks to unite industry and government organizations in the goal of providing Americans a safer and more secure online experience. Now in its 14^th year, the month feels more relevant than ever, given the almost-daily breaches reported in the news.

You may ask, “How does one celebrate NCSAM?” Good question – there are no costumes or candy involved, so it isn’t like Halloween, but it does have great possibilities as a community event – especially if you’re in the financial services community.

Easy and secure — can I really have both?

While most consumer-facing businesses understand the responsibility of protecting their customers, businesses face a significant hurdle when trying to provide both a safe and friendly experience. One industry in particular is finding this conundrum confounding – financial services. As financial institutions (FI’s) like banks and credit unions or insurance companies work to protect their customers’ sensitive information, they are searching for solutions that won’t compromise customer service quality – essentially, trying to find the balance between providing low-friction experiences for users and proper risk mitigation for the business.

Machine learning is a viable option for these organizations. Because machine learning solutions are able to learn from previous observations and make inferences about future behavior, their value in fraud-fighting ability becomes inherent.

Machine learning is being funded by FIs

According to a recent report from iovation and Aite Group, more financial institutions (FIs) than ever are looking to machine learning for improving fraud mitigation and customer experience. Sixty eight percent of North American FI’s cite machine learning analytics as a high priority investment over the next few years. The high alert state of threat today is likely the new normal for organizations and consumers, so early adopters of solutions that have machine learning incorporated will not only be able to reduce fraud, but will also have a major advantage over their competitors.

A good example of the struggle these FIs are facing is the positive omni-channel approach to customer engagement which brings both opportunity and risk. While it’s great there are now multiple points of interaction where consumers can touch their accounts (ATMs, call centers, email) here’s the rub – this opens up more attack vectors for hackers to exploit as well.

Broaden your perspective to really leverage machine learning

While the adoption of machine learning analytics is a step in the right direction for FIs, embracing a broader fraud fighting solution, if possible, is their best bet. By taking advantage of customer data and applying advanced machine learning techniques, FIs can create insights that not only prevent fraud, but provide more convenient and applicable authentication methods for customers.

As much as I support (and even celebrate) NCSAM, it’s my hope that it won’t be needed much longer. Instead, I envision a world in which organizations and individuals will learn to incorporate cyber-awareness into their daily lives, and hopefully, stay one step ahead of hackers and fraudsters. Until then, I’m eager to see where machine learning takes us. Data is our new currency, so let’s keep it out of hackers’ pockets.

The post Protect and serve: fraud fighting finds a partner in machine learning appeared first on Artificial Intelligence.