Cyber Autonomy and

Automation
By : Wasan Saad Ahmed
Supervisor Dr. Prof. Ziad Tariq
Introduction
 As the near-constant stream of high-profile attacks suggests, the
cyber-threat landscape is rapidly evolving with no sign of slowing.
 Cyber-attackers are not only moving faster, they are adding new
and innovative tools within their toolkits.
 And as the entire world turns online, we are moving towards a
future where cyber-threats increasingly threaten the safety of not
just our data, but of our physical infrastructure too.
 Autonomy, scale and complexity in our defense systems will trigger
new cyber-attack strategies, and autonomous intelligent malware
(AIM) will be part of the picture.
 The battlefield of the future, “intelligent Things will fight
intelligent Things”
 New cyber-defense doctrines and technologies are therefore
required.
 Autonomous Cyber AI is revolutionizing cyber defense and may
prove to be our best line of defense against future AI attacks
 Autonomous(Autonomy )and automated (Automation)

 “autonomous” and “automated.” Despite popular belief, these terms are

not synonymous, but each carry a distinctive, separate meaning worth
establishing when looking at security strategies.

 Automated systems typically run within a well-defined set of

parameters and are very restricted in what tasks they can perform. The
decisions made or actions taken by an automated system are based on
predefined heuristics.
 An autonomous system, on the other hand, learns and adapts to
dynamic environments, and evolves as the environment around it
changes. The data it learns and adapts to may be outside what was
contemplated when the system was deployed. Such systems will
ingest and learn from increasing data sets faster, and eventually
more reliably.
 Autonomous Machine Security Risks
Cyber security, data security, Information Technology (IT) security and
physical security may be one of the major challenges concerning
autonomous systems
 Self-driving cars could be hacked with ransomware, not allowing owners to enter,
start or exit the vehicle until a ransom is paid.
 Terrorist hackers could disable networks, range sensors and cameras, resulting in
multiple collisions.
 An autonomous vehicle’s operating system could be hacked, exposing personal
information on other connected devices.
 Hacked vehicles could potentially be rerouted to an area where a
robbery or assault is planned.
 Connected cars can control IoT devices at home, giving hackers
access to people’s home computer networks.
 Drones, especially military drones, carry with them several other
risks that require effective cyber security solutions.
 Sanders points out that GPS jamming, overriding “return to home”
fail-safes, and intercepting video/image/data feeds from drones
could all result in catastrophic damage, theft and exposure of
sensitive or classified information.
Define Autonomous Cybersecurity

 Autonomous cybersecurity is the automation of your cyber defense

capabilities and the ability to adapt and respond in real time.

 Autonomous cybersecurity is changing the way the government

protects and secures its crucial data. By leveraging artificial
intelligence and machine learning, agencies can respond to cyber
threats in real time and more efficiently than ever
Cyber Workforce
AI\ML\Deep Learning and Cyber Automation

 The machine learning algorithms underlying autonomous vehicle

computer systems act as the first line of defense against hackers.
 Using AI and Machine Learning are being increasingly being
incorporated as part of the existing cybersecurity tools to improve
cyber detection and response.
 Automation is being used more and more as they are seen as a do
more with less mentality
 Combining AI + Automation allows cyber analysts to focus their
efforts and security operation to more automated process in order to
detect and more respond in real time
 Using AI + automation tools allows us to more effectivity correlate
events .
 From a predictive standpoint it also allows us to more effectively
make decisions based on a correlation
What is Al used with Automation of
Cybersecurity?
Autonomous Cyber AI

 Self-learning
 Deals with uncertainty
 Autonomous detection and response
 Responds without business disruption
 Reinforcement learning (RL) for autonomous
cyber defense
Beyond the agent and environment, an RL system features four main
elements:
policy, reward function, value function, and optionally.

 It involves learning how to map situations to actions in order to

maximize a numerical reward signal .
 RL is founded on the idea that we learn by interacting with our
environment, which is a foundational idea underlying nearly all
theories of learning and intelligence
 Thus, an RL learner, or agent, discovers on its own the optimal
actions to achieve its goal based on immediate reward signals from
the environment.

 In fact, actions taken in one state of the system may affect not only
immediate rewards, but also all subsequent rewards. Thus, trial and-
error action search and delayed reward are two of the most important
distinguishing features of RL.

 The most common class of RL algorithms is based on Q-Learning

Training Reinforcement Agent
Training RL agent using the following three actions:
 1. DO NOTHING: At any given time step, the agent can choose
to do nothing. Although there is no immediate cost to the agent for
this action, the action can become costly if the adversary has
compromised a node and spreads to neighboring nodes before the
agent takes action to fix a compromised node.

 2. ISOLATE: The agent disconnects a compromised node from the

network. This action incurs an immediate cost, and is more
expensive than PATCH. It also costs the agent another time step to
reconnect the node.
 3. PATCH: The agent fixes a compromised node, whether or not it is
isolated. If the node was isolated, then this action returns the node to
safe status. If not, the compromise has some chance of spreading
before the agent completes the fix.
 Agent should use RL to learn the cost benefit trade-off between
choosing the ISOLATE and PATCH actions. Instead of using a
predefined set of static decision rules to determine the correct action,
the agent learns the best actions by trial-and-error based on the rewards
received from the environment
Reinforcement Learning Applications:
Bayesian networks

 Bayesian networks (BNs) also come into play where autonomous

machine cyber security is concerned. “BNs are probabilistic models
of causes and effects, graphically expressing causal relationships
(i.e., conditional probabilities) between different variables
Autonomous intelligent cyber-defense agents
(AICAs)
 AICAs will not be prevent enemy malware from penetrating platforms’ systems.
They will dedicated to fighting malware when it is already present within those
platforms.
AICAs will have five functions, to be executed individually or
collectively in swarms:
 monitor a perimeter of a host system they are to defend,
 detect signs of cyber-attacks
 devise plans of countermeasures
 execute tactically such plans, and
 report about their doings to human operators.
Twelve research and technology challenges of
ACyD
 Karamba Security

 Karamba Security raises another $10M for its IoT and

automotive security platform
 Karamba Security, an Israel-based security startup that focuses on the
IoT and automotive industry, today announced a $10 million
extension to its $12 million Series B round from 2017. This extension
was led by automotive startup VinFast, a member of Vietnam’s
Vingroup conglomerate, which itself is 
reportedly looking to raise $1 billion for VinFast.