Yeah, Machine Learning is cool, but have you ever curled up with Logic Programming on a rainy day? Ever watched a baby AI Planner take its first steps? Ever ditched work early on a Friday and roadtripped to Vegas with an Optimization Solver?
In this session we'll take a step back from all the machine learning gigahype and look at the wider world of AI. We'll explore how NASA drives robots on Mars, how video games create intelligent agents, and how Google interrogates its massive Knowledge Graph.
In each case we'll see how the same AI methods can be adapted to tackle hard security problems, like tool orchestration and attack surface minimization, and we'll build out small-scale versions of these problems and show how to solve them using open source libraries.
- Introduction
Plot twist: Machine learning is actually awesome! But there are all kinds of problems it isn't good at solving. We'll start by considering a few security problems machine learning handles well, a few it doesn't handle so well, why that is, and why other AI methods can do better.
- The Game Plan
First up is AI planning. How does a robot or, for that matter a bot in a video game, process sensory data from its environment, decide on goals, and reason about how to achieve them? That's AI planning.
We'll look at two examples here. One is the planning system from the video game F.E.A.R., which is legendary for its lifelike emergent behaviors. The other is NASA's EUROPA planner, the first space AI control system, aka 'self-driving spacecraft'.
We'll cap off our look at planning by using it to solve a tough security problem: SOAR playbooks. Given a set of security tools and a goal, we'll show how AI can automate the writing of complex, comprehensive, optimal (fewest steps) playbooks, and save security teams a ton of time.
- Stay on Target
Next up is the rather large field of mathematical optimization. Here we'll take a short detour back to machine learning to show that a neural network is actually just a function, and training a neural network is actually just a special case of mathematical optimization. Then, by putting a slight twist on the "training" process, we'll discover linear, integer, and mixed-integer programming.
What can we do with this stuff? We'll start with a simple example, then build it up into the Weapon Target Assignment Problem (WTA) to show just how powerful solving functions can be. Next we'll briefly demonstrate how our earlier SOAR problem can be reformulated as a mathematical function and solved in a completely different way. Then we'll slap a new coat of paint on the WTA and look at how big tech companies use this approach to do things like minimize cost and latency in video streaming.
Last, we'll formulate a small network as a nonlinear mixed-integer model and see how this approach can not only make the best possible decisions for vulnerability management and attack surface reduction programs, but also precisely quantify the value of those programs.
- Know Thyself
Our final example is also the most straightforward: logic programming. Logic programming allows us to state facts, and then derive by deduction other facts from those we've stated.
Here we'll look at Google's Yedalog programming language, an extension of Datalog, and its evolution into Logica. We'll see how Google uses logic programming internally for research, malware detection, and other things.
Next we'll use logic programming to build a factual model of a network, then use that model to answer questions about the network that aren't necessarily easy for a human to deduce based only on the stated facts.
- Conclusion
And that's it! We'll close with a quick overview of some other areas in AI and ideas for how they can be used to tackle hard security problems, and end by drawing attention to a few of the excellent open source projects available here, like GTPyhop and SHOP3 for planning, Pyomo and OR-Tools for mathematical optimization (as well as SCIP and other solvers), and the SWI-Prolog, Datalog, and miniKanren logic programming languages.