Advances in AI and Security between 2016 and 2019---What You Need to Know Course  Description    

July  31,  2017  100  MARYLAND  AVENUE,  NE  SUITE  510  WASHINGTON,  DC  20002  

2  

 

Executive  Short  Course  Overview  

The  Institute  for  Strategic  Analysis  (ISA)  is  an  intellectual  resource  entity  for  Carnegie  Mellon  University  faculty  members  who  seek  to  bring  their  basic  research  to  bear  upon  matters  of  national  security  and  national  readiness.  The  institute  is  supported  by  four  colleges  (the  College  of  Engineering,  Dietrich  College  of  Humanities  and  Social  Sciences,  Heinz  College,  the  School  of  Computer  Science),  and  the  Software  Engineering  Institute,  the  university’s  federally  funded  research  center.      Executive  education  is  one  of  the  ways  in  which  ISA  seeks  to  achieve  its  core  objectives.  Through  innovative  one-­‐day  courses  for  defense,  diplomatic,  and  intelligence  leaders,  ISA  has  facilitated  introductions  between  government  leaders  and  the  Carnegie  Mellon  University  faculty.  This  has  resulted  in  a  sharpened  understanding  among  faculty  and  academic  administrators  of  military  and  intelligence  priorities  and  has  fostered  the  creation  of  an  intellectual  support  network  for  government  officials.  These  introductions  are  leading  to  new  collaborations  between  government  officials  and  academe.        Each  one-­‐day  course  includes  insights  from  research  that  are  relevant  to  cyber  security.  Additionally,  the  interdisciplinary  nature  of  the  courses  makes  them  pertinent  to  discussions  covering  a  range  of  national  security  crises  and  threats.  Each  cohort  of  attendees  includes  officials  from  throughout  the  federal  government,  academe,  think  tanks,  and  the  private  sector.  Thus,  those  who  participate  develop  a  new  network  of  faculty  and  researchers  as  well  as  professional  counterparts  with  similar  national  security  responsibilities.      In  July  2017,  ISA  will  offer  its  first  course  focused  on  the  latest  technology  research  from  Carnegie  Mellon  University:  Advances  in  AI  and  Security  between  2016  and  2019  –  What  You  Need  to  Know.  Course  participants  will  be  introduced  to  technology,  tools,  and  research  in  security  and  the  artificial  intelligence  (AI)  stack.  Each  Section    in  this  course  serves  as  “use-­‐case”  presentations  that  follow  will  deepen  an  understanding  of  AI  and  its  applications  by  further  highlighting  AI  building  blocks  applied  to  specific  security  challenges.  Specifically,  participants  will  see  presentations  and  demos  about  AI  use  in  voice  forensics,  cybercrimes,  verifying  autonomy,  human  factors  in  security,  data  science,  and  network  analytics.  This  course  will  prioritize  the  identification  of  pathways  for  further  engagement  in  these  issues  between  government  officials  and  the  research  communities.  …….    

   

   

3  

 

Agenda    

8:30-­‐9:00  am       Registration           Suite  510    

9:00-­‐9:15  am         Introduction         Conference  Rooms  1  and  2,  First  Floor    

• Kiron  Skinner,  Director,  Institute  for  Strategic  Analysis,  Carnegie  Mellon  University    

 

9:15-­‐12:15  pm       Section  1:  Key  AI  Developments  and  Trends-­‐-­‐-­‐What  You  Need  to  Know         Conference  Rooms  1  and  2,  First  Floor    

• Andrew  Moore,  Dean,  School  of  Computer  Science,  Carnegie  Mellon  University  

• Artur  Dubrawski,  Senior  Systems  Scientist,  The  Robotics  Institute;  Adjunct  Professor,  Master  of  Information  Systems  Management,  H.  John  Heinz  III  College,  Carnegie  Mellon  University  

• Rita  Singh,  Senior  Systems  Scientist,  Language  Technologies  Institute,  Carnegie  Mellon  University  

• Michael  Wagner,  Senior  Commercialization  Specialist,  The  Robotics  Institute,  Carnegie  Mellon  University  

 

12:15-­‐12:45  pm     Break  for  lunch    12:45-­‐1:30  pm       Section  2:  Cybercrimes:  How  They  Work  and  the  Technologies  that  Empower  

Them  • Rita  Singh,  Senior  Systems  Scientist,  Language  Technologies  Institute,  

Carnegie  Mellon  University  •  

1:30-­‐2:15  pm     Section  3: Dynamic  Network  Analysis  for  Intelligence  &  Security         Conference  Rooms  1  and  2,  First  Floor  

• Kathleen  M.  Carley,  Professor  of  Computation,  Organization  and  Society,  Institute  for  Software  Research,  School  of  Computer  Science;  Director,  Center  for  Computations  Analysis  of  Social  and  Organizational  Systems,  Carnegie  Mellon  University  

 2:15-­‐2:30  pm     Break    2:30-­‐3:15  pm     Section  4:  Understanding  the  Human  Factor  in  Computer  Security:  Usability  

Testing  with  Attack  Scenarios  Conference  Rooms  1  and  2,  First  Floor  

• Lorrie  Cranor,  Professor,  Computer  Science,  Engineering  and  Public  Policy;  Director,  CyLab  Usable  Privacy  and  Security  Laboratory,  Carnegie  Mellon  University  

3:15-­‐3:30  pm       Closing  Discussion  

Conference  Rooms  1  and  2,  First  Floor    

4  

 

• Kiron  Skinner,  Director,  Institute  for  Strategic  Analysis,  Carnegie  Mellon  University    

5  

 

Course  Location  and  Logistics    

 Date:  Monday,  July  31,  2017    Time:  Course  registration  begins  at  8:30  a.m.  The  official  course  runs  from  9:00  a.m.-­‐  3:00  p.m    Location:  The  Executive  Short  Course  is  hosted  in  the  Carnegie  Mellon  University  Washington,  DC,  offices,  located  in  the  United  Methodist  Building.  The  building  address  is  100  Maryland  Avenue  NE,  Washington,  DC,  which  lies  adjacent  to  both  the  Supreme  Court  and  Capitol  buildings.      Registration:  To  register  for  the  course,  please  visit  the  course  website:  http://www.cmu.edu/isa/isa-­‐activities/executiveshortcourses/advances-­‐in-­‐ai.html  

       

Street  Location:  100  Maryland  Ave.  NE  (Directly  on  the  corner  of  First  St.  NE  &  Maryland  Ave.  NE)  Washington,  DC  20002  

Front  of  building  and  entrance  

6  

 

Course  Objectives  and  Descriptions  

 Section  1:  Key  AI  Developments  and  Trends-­‐-­‐-­‐What  You  Need  to  Know    Description  This  presentation  will  provide  participants  with  a  clear  understanding  of  the  AI  stack.  The  AI  stack  provides  a  detailed  introduction  to  all  the  components  of  a  modern  AI  system.  Participants  will  learn  what  are  the  recent  developments,  and  what  are  the  big  potential  disruptions  between  now  and  2020.  Once  equipped  with  a  foundation,  participants  will  then  be  able  to  see  how  these  components  are  integrated  to  support  autonomous  systems  and  cognitive  assistance.  Finally,  the  presentation  will  highlight  specific  applications  to  illustrate  the  power  of  Deep  Learning  Systems  and  how  AI  capabilities  are  integrated  and  applied.   Applications    

• Advances  in  Perception:  Video,  Acoustic,  and  Hyperspectral;  • Advances  in  Learning:  Scaling  to  trillions  of  events,  Active  Learning,  Reinforcement  Learning,  

Spatial  Learning,  and  Adversarial  Learning;  • Advances  in  Planning:  Proving  AI  systems  are  safe,  Developing  AI  test  plans,  Game  theory  

(Negotiation,  Threats  and  Deception),  Swarm  Intelligences;  • Advances  in  Autonomy:  Behavior-­‐based  Control;  • Advances  in  Cognitive  Assistance:  Dialog  Systems,  Emotional  Response,  and  Brain-­‐Machine.    

 

   

7  

 

Presenters    Lead:  Andrew  Moore,  Dean,  School  of  Computer  Science,  Carnegie  Mellon  University  http://www.cs.cmu.edu/~awm/    Artur  Dubrawski,  Senior  Systems  Scientist,  The  Robotics  Institute;  Adjunct  Professor,  Master  of  Information  Systems  Management,  H.  John  Heinz  III  College,  Carnegie  Mellon  University  https://www.cs.cmu.edu/directory/awd    Rita  Singh,  Senior  Systems  Scientist,  Language  Technologies  Institute,  Carnegie  Mellon  University  http://www.cs.cmu.edu/~rsingh/

Michael  Wagner,  Senior  Commercialization  Specialist,  The  Robotics  Institute,  Carnegie  Mellon  University    http://www.ri.cmu.edu/person.html?person_id=504      

8  

 

Section  2:  Cybercrimes:  How  they  Work  and  the  Technologies  that  Empower  Them      Educational  objectives  • Understanding  the  backdrop  of  cyber  threat  intelligence  (CTI):  cybercrimes,  cyber  activism  and  cyber  

espionage  • Familiarization  with  the  complete  range  of  cybercrimes  today:  breadth,  depth,  variety  and  

categorizations    • Understanding  enough  for  a  basic  assay  of  the  internet  of  things  and  crimes  of  the  future  • Understanding  the  key  technologies  that  allow  cybercriminals  to  hide  and  cybercrime  to  become  

untraceable  • Monitoring  cybercrime  evolutions:  knowing  what  to  do  and  where  to  look  

 Description  Cybercrimes  are  often  assigned  poetic  and  colorful  descriptions  (such  as  “shifting  sands  of  cybercrime”)  due  to  their  rapid  creation  and  evolution  in  today’s  world.  Cyberspace  has  become  the  showcase  of  the  dark  side  of  humanity.  In  cyberspace,  human  ingenuity  in  deception  is  at  its  primal  best.  This  is  because  cyberspace  affords  all  the  fuel  needed  for  crime  to  grow  unfettered.  Criminals  can  profit  enormously,  they  yield  great  power  and  can  affect  millions  of  people  easily,  and  they  can  remain  anonymous,  thanks  to  the  technologies  that  host  them  and  enable  them.  Cybercriminals  are  also  relatively  legally  immune  –  they  often  operate  across  international  boundaries  so  that  no  laws  apply  to  them  and  even  if  they  do,  the  reprisal  is  unlikely  to  be  swift,  punishment  is  unlikely  to  be  well-­‐defined  or  even  clear  in  concept,  and  procedures  are  likely  to  take  years  to  resolve  due  to  logistic  issues  across  borders.      Not  only  is  the  scale  of  cybercrime  increasing  exponentially,  but  also  the  types  of  cybercrime  that  appear  over  the  horizon  increase  just  as  fast,  and  sometimes  faster,  than  the  rate  at  which  new  technology  is  introduced  into  the  world.  For  example,  even  while  we  test  the  practicality  of  self-­‐driving  cars,  there  are  open  tutorials  on  how  to  break  into  and  take  control  of  self-­‐driving  cars  remotely.  For  every  useful  computing  technology,  there  appear  hundreds  of  new  disruptive  ones  in  cyberspace.  With  the  advent  of  the  Internet  of  Things  (IoT),  what  is  coming  to  us  now  is  touted  as  “nothing  short  of  a  tidal  wave  of  cybercrime”  (another  colorful  description).    There  are  so  many  types  of  cybercrimes  around,  that  just  the  terminology  seems  to  be  impossible  to  keep  up  with,  let  alone  being  able  to  make  sense  of  it  all,  organize  it  all  mentally,  and  keep  up  to  date  with  the  “improvements”.  This  course  will  sweep  through  the  entire  range  of  cybercrimes  as  of  the  first  quarter  of  this  year  (2017),  explaining,  familiarizing,  and  helping  organize  it  all  based  on  devices  and  human  motives.  This  will  include  understanding  the  differences  between  and  the  distinguishing  hallmarks  of  cyberterrorism,  cyberactivism,  cybervandalism,  cyberwar  etc.    It  will  extend  the  exposition  to  the  IoT,  explaining  crimes  on  the  IoT  and  the  broad  categories  of  crimes  that  are  expected  to  happen  in  the  future.    The  course  will  also  explain  the  key  technologies  that  empower  cybercrime  today  –  where  and  how  do  cybercriminals  hide,  and  introduce  the  technologies  that  are  making  them  increasingly  untraceable.  It  will  explain  how  some  of  these  technologies  –  such  as  Cryptocurrency  (the  financial  fuel  of  the  Dark  web),  TOR  (enabling  network  location  anonymity),  etc.  –  work.  Participants  will  be  practically  shown  how  to  access  the  dark  web  in  a  short  handholding  Section.      

9  

 

Finally,  the  course  will  introduce  participants  to  maps  and  tools,  and  resources  that  can  be  used  regularly  to  keep  up  to  date  with  the  global  cybercrime  scenario.  All  of  this  will  be  tied  to  the  traditional  tools  and  terminologies  used  in  Cyber  Threat  Intelligence  (CTI),  covering  OSINT,  HUMINT,  assessment  of  advanced  persistent  threat  (APT)  etc.    Presenter      Rita  Singh,  Senior  Systems  Scientist,  Language  Technologies  Institute,  Carnegie  Mellon  University  https://www.cs.cmu.edu/directory/ritasing        

10  

 

Section  3:  Dynamic  Network  Analysis  for  Intelligence  &  Security    Educational  objectives  • Basic  awareness  of  thinking  in  networks,  key  network  concepts,  and  principles    • Relation  of  dynamic  network  analysis  to  artificial  intelligence,  specifically  machine  learning  • Application  to  insider  threat,  and  strategic  applications  of  networks  • Application  to  social  media,  and  the  social-­‐cyber  warfare  threat  • Understanding  the  future  potential  for  dynamic  network  analytics  for  intelligence  and  security   Description  This  course  provides  an  awareness  of  network  thinking  –  both  the  analytics  and  the  theory.    The  basic  metrics  and  theories  used  in  network  reasoning  that  have  value  for  intelligence  and  security  are  discussed.    Key  themes  include:  the  assessment  of  big  data,  the  role  of  network  position  and  social  influence,  and  the  wide  range  of  intelligence  and  security  applications.    Unlike  traditional  social  network  analysis,  modern  dynamic  network  analysis  is  concerned  with  big  data,  high  dimensional  network  data,  and  tool  pipelines  that  combine  text  mining,  machine  learning  and  network  science.    In  order  to  accomplish  their  mission,  intelligence  agencies,  law  enforcement  agencies  and  the  US  military  must  be  able  to  characterize  and  reason  about  the  socio-­‐cultural  landscape,  key  individuals  and  groups.  Dynamic  Network  Analytics  (DNA)  is  an  interdisciplinary  approach  that  supports  this  types  of  reasoning  and  enabled  its  use  to  support  a  wide  range  of  operational  needs.    DNA  blends  the  techniques  of  graph  theory,  statistics,  machine  learning,  text  mining  with  organizational  theories  of  structure,  and  social  science  theories  of  power,  engagement  and  communication.    DNA  and  network  thinking  enable  one  to  understand  how  the  pattern  of  relations  among  actors,  their  environment,  and  resources  influence  their  operational  behavior,  and  how  interventions  are  likely  to  change  those  patterns  and  so  alter  behavior.    More  data  is  available  today  to  support  network  thinking  than  ever  before.    This  data,  comes  from  a  variety  of  sources  including  humint,  sigint,  and  soc-­‐media  int.    In  this  course,  we  will  see  how  artificial  intelligence  is  starting  to  be  combined  with  dynamic  network  analysis  to  enable  the  assessment  of  this  new  big  data  in  ways  that  support  missions  that  entail  reasoning  about  human  and  social  behavior.    The  intellectual  framing  of  the  course  will  be  that  of  Network  Science,  which  studies  complex  systems  in  terms  of  relations.  Topics  of  special  concern  to  intelligence  and  security  will  be  addressed.    Examples  will  be  drawn  from  social  media  forensics,  social-­‐cyber  warfare,  identification  of  power-­‐brokers,  network  dismantlement,  and  so  forth.    Consequently,  this  course  will  provide  a  glimpse  of  how  network  science  and  machine  learning  have  come  together  to  provide  new  capabilities  for  identifying,  modeling,  assessing  change  in,  and  forecasting  the  behavior  of  individuals,  groups  and  communities.    The  course  will  discuss  a  range  of  topics  including:  relative  maturity  of  tools,  utilization  for  social  media  forensics,  covert-­‐group  detection,  and  social-­‐cyber  warfare.      Presenters      Kathleen  M.  Carley,  Professor  of  Computation,  Organization  and  Society,  Institute  for  Software  Research,  School  of  Computer  Science;  Director,  Center  for  Computational  Analysis  of  Social  and  Organizational  Systems  (CASOS),  Carnegie  Mellon  University    http://www.casos.cs.cmu.edu/bios/carley/carley.html  

11  

 

Section  4:  Understanding  the  Human  Factor  in  Computer  Security:  Usability  Testing  with  Attack  Scenarios  Educational  Objectives  • Learn  why  security  user  studies  are  important  when  designing  and  evaluating  secure  systems.  • Learn  about  several  strategies  for  conducting  security  user  studies.  • Learn  to  be  critical  of  usability  claims  made  and  ask  questions  about  what  user  studies  were  

conducted  to  support  these  claims.    Description  Many  computer  security  incidents  are  caused  by  human  error  or  attackers  exploiting  human  vulnerabilities  rather  than  bugs  in  computer  code.  A  growing  body  of  security  research  is  now  focused  on  understanding  the  human  element  in  computer  security,  and  designing  secure  systems  that  people  can  use  without  error.      User  studies  are  critical  to  understanding  how  users  perceive  and  interact  with  security  and  privacy  software  and  features.  While  it  is  important  that  users  be  able  to  configure  and  use  security  tools  when  they  are  not  at  risk,  it  is  even  more  important  that  the  tools  continue  to  protect  users  during  an  attack.  Conducting  user  studies  in  the  presence  of  (simulated)  risk  is  complicated.  We  would  like  to  observe  how  users  behave  when  they  are  actually  at  risk,  but  at  the  same  time  we  cannot  harm  user  study  participants  or  subject  them  to  increased  risk.  Often  the  risky  situations  we  are  interested  in  occur  relatively  infrequently  in  the  real  world,  and  thus  can  be  difficult  to  observe  in  the  wild.      Researchers  use  a  variety  of  strategies  to  overcome  these  challenges  and  place  participants  in  situations  where  they  will  believe  their  security  or  privacy  is  at  risk,  without  subjecting  them  to  increases  in  actual  harm.  In  some  studies,  researchers  recruit  participants  to  perform  real  tasks  not  directly  related  to  security  so  that  they  can  observe  how  participants  respond  to  simulated  security-­‐related  prompts  or  cues  that  occur  while  users  are  focused  on  primary  tasks.  In  other  studies,  researchers  create  a  hypothetical  scenario  and  try  to  get  participants  sufficiently  engaged  in  it  that  they  will  be  motivated  to  avoid  simulated  harm.  Sometimes  researchers  have  the  opportunity  to  observe  real,  rather  than  simulated  attacks,  although  these  opportunities  are  usually  difficult  to  come  by.  Researchers  can  monitor  real  world  user  behavior  over  long  periods  of  time  (in  public  or  with  permission  of  participants)  and  observe  ho  users  respond  to  risks  that  occur  naturally,  without  researcher  intervention.  This  section  will  motivate  the  importance  of  security  user  studies  and  introduce  a  number  of  user  study  approaches  used  at  the  CyLab  Usable  Privacy  and  Security  Lab  at  Carnegie  Mellon  University.    Presenters      Lorrie  Cranor,  Professor,  Computer  Science,  Engineering  and  Public  Policy;  Director,  CyLab  Usable  Privacy  and  Security  Laboratory,  Carnegie  Mellon  University    https://www.cmu.edu/epp/people/faculty/lorrie-­‐faith-­‐cranor.html