Modern cyber attacks have become sophisticated, coordinated, and are operating at global scale. It is challenging to detect these attacks in their early stages, as adversaries utilize common network services, evolve their techniques, and can evade existing detection mechanisms. I will discuss two AI-based systems for threat detection designed to address some of these challenges. First, I will talk about PORTFILER, a new machine learning system applied to network traffic for detecting self-propagating malware attacks. PORTFILER introduces a novel ensemble methodology for aggregating unsupervised models that increases resilience against adversarial evasion. Second, I will discuss CELEST, a collaborative threat detection system using federated learning designed to train global models for cyber defense among multiple participating organizations. CELEST uses a novel word embedding model for semantic representation of HTTP logs and an active learning component to enhance the detection of new attacks. I will describe our experience in deploying these systems on two university networks as part of the DARPA CHASE program. Finally, I will mention a number of challenges and open problems in designing resilient AI in cyber security.
Alina Oprea is an Associate Professor at Northeastern University in the Khoury College of Computer Sciences. She joined Northeastern University in Fall 2016 after spending 9 years as a research scientist at RSA Laboratories. Her research interests in cyber security are broad, with a focus on machine learning security and privacy, threat detection, cloud security, and applied cryptography. She is the recipient of the Technology Review TR35 award for her research in cloud security in 2011, the Google Security and Privacy Award in 2019, and the Ruth and Joel Spira Award for Excellence in Teaching in 2020. Alina served as Program Committee co-chair of the IEEE Security and Privacy Symposium in 2020 and 2021, and she is currently a steering committee member for the IEEE Security and Privacy Symposium and NDSS. She also serves as Associate Editor of the ACM Transactions of Privacy and Security (TOPS) journal and the IEEE Security and Privacy Magazine. Her work was recognized with Best Paper Awards at NDSS 2005, AISEC in 2017, and GameSec in 2019.