AFCEA Augusta-Fort Gordon Course: Artificial Intelligence, Machine Learning for Cyber Security Operations

Description

Approved for 1 CompTIA CEU: A+, Network+, Security+, Cloud+, CySA+, PenTest+, Linux+, and CASP; 1 GIAC CPE; 1 CertNexus CFR CEC

Students should come away from this course with an understanding of the major successes and challenges associated with Artificial Intelligence (AI) and Machine Learning (ML) to include understanding the differences and relationship of each to the other and the cyber security skillset requirements for AI or MI integration. 

The presentation will address some of the major success and challenges associated with AI and MI along with the tools and system integration aspects for Cyber Security and Network Operational roles:   

• An overview on AI and ML, the differences and relationship between each other.  Emphasis will be on the differences between Weak AI “Expert systems” vs Strong AI and its feasibility.   
• Topics on ML to address general ML as a perceived subset of AI.
• Topics on analysis of missing data, corrupted, or false data and weaknesses pertaining to data integrity and outcome.  The speaker will discuss data structures and their methods of access via the concept of nodes, in tree and graph metaphors.  Also, he will discuss the use of algorithms and heuristics that are used in the aid of decision making and filling in the blanks.   There will be a quick overview of mind mapping logic decision algorithms as it relates to the field being used. 
• A brief overview on newer fields of interests specific to deep learning or neural networks.  Moreover, the speaker will go into how they improve over traditional ML and attempt to overcome computational challenges.  He will include a deeper conversation on machine learning related to a formula example.     
• A discussion on understanding Cyber security operations skill set requirements for AI and or ML integration.  The idea associated with a big easy button is unlikely.   All systems that require and or, interact with a person, require a frame of reference.  The speaker will present a common understanding of what the system presents, its limits, and capabilities.  Using ML and AI referenced earlier, the input (sensors) are observing hundreds of attack vectors, collecting and analyzing data, and presenting the Operator with information.  The operator needs to understand actions that are needed or have  taken place.  The speaker will present an example of Integrations and workflows with, AI, ML and Operations integration.
• A demonstration via PowerPoint of existing working models, that use AI, and or ML.  Specifically, the speaker will address where desktop (assets), application workflow and user isolation exists today across dissimilar environments including public and private cloud.  Examples showing  the mechanics and logic that are available today include:
  • A scenario in where everything is automated, and no operations personnel are required for action.  
  • A scenario where operations personnel are given a small amount of data to analyze.  The example highlights what the ML perceives to be a threat -- minimizing lesser data points were the Operator can review, affirm, report or okay an action. 
  • A final scenario that includes a multitude of collection sensors.  An operator is presented with analysis and the example allows maximized operator skill and integration.  
• Final topic focusing on the human element of ownership and responsibility. Specifically, it addresses whether these outcomes are positive or negative and who is the owner --  the AI, ML or the Operator? As mentioned, AI, ML and people are best at approximations, given the data.   

Additional info: “Machine Learning: More than just algorithms” by Mike Bushong (J-Net Forum)

Tracks:

• 
  Continuing Education
• 
  Greater Augusta Chapter Courses

Handouts

• AI, ML for Cyber Security Operations