ISSA-LA August 21, 2019 Dinner Meeting with OWASP

Topic: Artificial Intelligence Research for Forecasting Exploit Usage

Vulnerability disclosure rates are at an all-time high – averaging over 1,000 per month in 2019 – more than twice as much as in 2016. But while disclosure rates have remained at this high level, hackers still only exploit a small fraction ranging from 2%-3% by most studies. Ironically, the fact that exploited vulnerabilities make up such a small portion mean that this a particularly challenging machine learning problem. In this talk will review a series of peer-reviewed research papers that were produced under U.S. government grant funding that have investigated this problem. Through a combination of machine learning, graph theory, and data mining (from sources including social media, deepweb, open web, and Tor sites), these approaches provided promising results. These techniques leveraged an understanding of not only the content of hacker discussions, but also the underlying social structure of these communities as well as technical information about the vulnerabilities themselves. This, in-turn, enabled successful forecasting of exploits before they become available – providing a 20-fold improvement in terms of precision. This talk not only reviews the peer reviewed research, but also gives insight into how machine learning can be used to address cybersecurity problems and provides examples of exploit usage successfully predicted ahead of time.

Speaker: Dr. Paulo Shakarian
Dr. Paulo Shakarian is CEO and co-founder of CYR3CON and also hold a faculty position (tenure track) at Arizona State University. He has led research teams that have developed software to stop insurgent activities, aide law enforcement, and stop cyber-attacks. He has written numerous articles in scientific journals and has authored several books, including Elsevier’s Introduction to Cyber-Warfare and Cambridge’s Darkweb Cyber Threat Intelligence Mining. He has led research efforts funded by IARPA, DARPA, ONR, AFOSR, and ARO. Shakarian was named a “KDD Rising Star,” received the Air Force Young Investigator award, received multiple “best paper” awards and has been featured in major news media outlets such as CNN and The Economist. CYR3CON, Shakarian’s company, has received multiple industry accolades including awards from PwC, Cisco, and the DoD. Previously, Paulo was an officer in the U.S. Army where he served two combat tours in Iraq, earning a Bronze Star and the Army Commendation Medal for Valor. He also previously worked as an Assistant Professor at West Point.

Sponsor: