Re: Assymetry

[<Robin.Lowe () forces gc ca>]

Good day all,

Just a couple things I thought of while reading the earlier discussion on AI and this follow-up email. Just some, as 
Chris so eloquently put it earlier, conversation fodder.

I think one thing we have to keep in mind is that the underlying framework behind machine learning is still a machine. 
An issue I can see about this is who is accountable for if it fails? If we’re talking about national security, what’s 
the risk that someone will be willing to take on in order to prove that their new machine learning intrusion detection 
system works 100% of the time? The number of hours that would be required to amass the amount of data needed to seed 
the system would be substantial, even on its own.

There’s also the possibility of false positives being generated by erroneous data. Sure, an listening meterpreter shell 
on port 4444 is pretty damn obvious, but what about, say, Cobalt Strike’s Beacon system? Will the people developing the 
IDS need to spend thousands of dollars throwing all of these expensive network auditing programs at it in order to 
generate the data necessary to make it accurate even 90% of the time?

Also, the budget just for personnel would be pretty high. You’d need people in R&D, maintenance, actually checking 
flagged intrusion attempts, etc.

One last thing before I start in on the possible positives is that the machine itself might be prone to exploitation. 
Similar to how getting into domain controllers and hypervisors are pretty much endgame states, what if you broke into 
the IDS itself and started messing with its signatures? Seems like a few things to think about.

However, some cost-reducing factors are that it’s always looking. And faster than a person can. Sure, there are some 
blue teams that are basically machines at this point, I can definitely see a time where machines can take over that 
facet of security.

You don’t have to pay it a salary, just keep the machine happy with electricity and known behaviours and it’ll chug 
along.

Kind of starting to sound like an antivirus program but one that looks at networks instead of files.

New to this sort of thing so sorry if I mentioned something that would be considered common knowledge or just plain 
nonsense.

Cheers,

Leading Seaman/Matelot de 1re classe Robin Lowe

Naval Communicator, HMCS EDMONTON
Department of National Defence / Government of Canada
Robin.Lowe () forces gc ca<mailto:Robin.Lowe () forces gc ca> / Tel: 250-363-7940

Communicateur Naval, NCSM EDMONTON
Ministère de la Défense nationale / Gouvernement du Canada
Robin.Lowe () forces gc ca<mailto:Robin.Lowe () forces gc ca> / Tel: 250-363-7940

“The quieter you are, the more you are able to hear.”

From: dailydave-bounces () lists immunityinc com [mailto:dailydave-bounces () lists immunityinc com] On Behalf Of Dave 
Aitel
Sent: April-01-16 11:36 AM
To: dailydave () lists immunityinc com
Subject: [Dailydave] Assymetry

One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries 
compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure).

Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at 
that rate?

But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion 
as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?)

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave