Artificial Intelligence and Security Whats at the crossroad? Our - - PowerPoint PPT Presentation

Artificial Intelligence and Security

What’s at the crossroad? Our first policy considerations

Stefano Fantin

Researcher - CiTiP

L euven, 04_10_19 C elebrato ry C

• nference fo

r C iTiP ’s30

thA

nnivers ary C IF

• C

ybers ecurity InitiativeF landers

today

2

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

A quick intro The four dimensions of AI and Cybersecurity Common issues How can (cyber) security practices inform AI policy Conclusions

3

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

What I will be talking about today, instead:

AI and cybersecurity: a 4D model

4

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

(a) Two different (but intertwined) conceptual perspectives: AI as an instrument vs AI as a target (b) Dual use nature of AI: attack vs defense

AI – enabled attack and defense

5

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

AI attacks :

• 1. Evasiveness : malware alteration aimed

at non-detection (Anderson, 2017)

• 2. Pervasiveness: bots competing with

each other (DARPA Cyber Grand Challenge, 2016)

• 3. Adaptiveness: AI to go beyond the

creativity of human attackers

AI defense:

• 1. Pattern identification using traditional ML
• 2. NLP to help threat intel
• 3. Automation of response

Brundage Taxonomy (2018) :

• 1. Pure cyberattacks
• 2. Physical attacks (UAVs)
• 3. ‘Political’ attacks (misinformation,

propaganda, mass surveillance, deception)

Attacking (and defending) AI

6

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

AI is vulnerable by design! Exposure to attacks cannot be, at the moment, neutralized ab initio AI- SOTA shortcomings include (Belfer Cr., 2018): a) ML learns relatively brittle patterns that work well but are easy to disrupt b) High dependence on data opens up a channel for manipulation and corruption c) The black box principle makes auditing quite a challenging task Attacks don’t depend on human errors, unlike most of the cyber-attacks According to the nature and the ways such attacks can be initiated, these don’t have to necessarily be cyber-related: by simply taping a stop sign on a crossroad AI-driven vehicles might misinterpret inputs and outputs

Common security issue

7

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

Dual use nature of AI Democratization

• f AI and of its
• ffensive regime

Amplification of security threats + proliferation

• f malicious

actors

Democratization reduces control

8

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

Democratization of AI and amplification of security threats leads to a loss of control, an essential element in security doctrines and related applied disciplines, inter alia:

Examples of (cyber) security control-driven practices that can inform AI policy

9

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19 Software vulnerability responsible disclosure frameworks- including restrictions on publication (CEPS, 2017; Brundage 2018) Security risk assessment / compliance practices - evaluate the necessity of AI systems in a certain application (Belfer Cr., 2018) Explore plan Bs– see de- digitalization of critical infrastructures (US Congress, Securing Energy Infrastructure Act – SEIA, 2019)

To conclude: Acknowledgment of the dual use nature of AI against a new security threat landscape Policies to look at ways to gain control over the security threat landscape: limitations are the instrument, not the end Exploring and re-adapting cybersecurity practices could help informing policy and regulation on AI security

10

C IF

• C

ybers ecurity InitiativeF landers

A I and S ecurity , 4_10_19

11

THANK YOU stefano.fantin@kuleuven.be @s_van_teen KU Leuven Centre for IT & IP Law (CiTiP) - imec Sint-Michielsstraat 6, box 3443 BE-3000 Leuven, Belgium http://www.law.kuleuven.be/citip