the imitation game the new frontline of security fighting
play

The Imitation Game: The New Frontline of Security Fighting Robots - PowerPoint PPT Presentation

Aug 25, 2022 •148 likes •723 views

The Imitation Game: The New Frontline of Security Fighting Robots Weve been warned for a long time Many robots are good Some robots are creepy but still good Some robots replicate rapidly Robots can overwhelm our best defenses Robots can

  1. The Imitation Game: The New Frontline of Security

  3. Fighting Robots

  4. We’ve been warned for a long time

  5. Many robots are good

  6. Some robots are creepy but still good

  7. Some robots replicate rapidly

  8. Robots can overwhelm our best defenses

  9. Robots can be difficult to spot

  10. Most human-like robots are incomplete simulations

  11. But that’s enough to fool many humans ( Ex Machina Tinder marketing campaign)

  12. How do you identify a robot?

  13. Alan Turing

  14. Alan Turing

  15. The Imitation Game as described in Computing Machinery and Intelligence (Turing, 1950)

  16. The Imitation Game as described in Computing Machinery and Intelligence (Turing, 1950)

  17. “Are there imaginable digital computers which would do well [in the imitation game]?”

  18. The Turing Test

  19. “Artificial Stupidity” ( The Economist , 1992) “Turing’s prediction may well come true. But it will be a dreadful anticlimax. The most obvious problem with Turing’s challenge is that there is no practical reason to create machine intelligences indistinguishable from human ones. People are in plentiful supply. Should a shortage arise, there are proven and popular methods for making more of them”

  20. The only point of passing the Turing Test is to fool humans. But there is a market for that.

  21. But computers have already passed “restricted” “Turing Tests”. “Human nature” is part of the key: entropy in every task we perform, e.g., typos.

  22. “We used to be pretty confident we knew the relative strengths and weaknesses of computers vis-a-vis humans. But computers have started making inroads in some unexpected areas.”

  23. Bots and Security

  24. OWASP Top 10

  25. OWASP Automated Threats to Web Applications

  26. From bots to botnets (from imitating people to imitating populations) • Single application running malicious • Collection of malicious bots • Large-scale threat from many IPs automated tasks • Easy to block based on IP or device • Hard to take down entirely fingerprint

  27. Botnets aren’t what you think they are

  28. Botnets are the building blocks of beating IP-based defenses • Passing a large-scale Turing Test: rather than imitating one user, they imitate a crowd • Assumption that IP address is a scarce resource is wrong • IP blacklisting and rate throttling are ineffective • Especially untrue in an IPv6 world

  29. What are bad guys doing with botnets?

  30. Financial Losses Caused by botnets $110 Billion FBI estimate, 2014 https://www.fbi.gov/news/testimony/taking-down-botnets Approximately 500 million computers are infected globally each year, translating into 18 victims per second

  31. Click fraud Pay-per-click model • $23B in annual revenue • >$100K per minute • One main incentive • Many methods •

  32. Click bots

  33. Many bots target login forms

  34. Account checking bots

  35. Credential Stuffing at Sony (2011) 15 million credentials leaked 93,000 matches on Sony site = 93,000 user accounts breached

  36. Botnets defeat all IP-based defenses 15 million credentials leaked Botnet tests for 93,000 matches on Sony site = password reuse 93,000 user accounts breached

  37. Tax Fraud Step 4: Receive fraudulent return Step 1: Gather “fullz” Step 2: Download tax Step 3: Use tax transcripts to file fraud credentials from black transcripts from IRS return in tax software market

  38. Online Banking Fraud

  39. Poker bots

  40. Ticketing bots

  41. Why is automation so easy?

  42. All websites present an API

  43. How can we stop bots?

  44. Make life harder for robots with our own robotic defenses

  45. CAPTCHA Wasting the world’s time for 15+ years and counting

  46. Every day, the world spends 17 person years solving CAPTCHAs (CMU Estimate)

  47. Metal CAPTCHA

  48. reCAPTCHA

  49. CAPTCHA beating tools

  50. But CAPTCHAs had a good idea: Can’t make successful attacks impossible , but you can make them more difficult and expensive

  51. To successfully imitate a crowd, there’s a lot more than IP addresses that attackers need to vary Screen resolution Timezone Browser version Language Fonts Browser Plugins Type of Pointing Device Many other browser features

  52. Generalized Attack Mitigation Framework Prevention Real-Time Detection Batch Detection & Investigation Reactive Investigation

  53. Generalized Attack Mitigation Removing Framework Attack Incentives Real-Time Reducing Attack Detection Surface Batch Detection Rules Near 
 Data Disrupting & Real-Time Feeds Deflecting Detection Proactive Attacks Manual Investigation Reactive Manual Investigation

  54. Need “robots” to fight robots

  55. Need “robots” to fight robots Source: io9, “Yes, Deckard’s A Replicant” (03-23-09)

  56. Thank you! Shuman Ghosemajumder sg@shapesecurity.com @ShapeSecurity

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FIGHTING COVID-19 ON THE FRONTLINE Frank Baez, BS, RN NYU Langone Health Challenges for Nursing

FIGHTING COVID-19 ON THE FRONTLINE Frank Baez, BS, RN NYU Langone Health Challenges for Nursing

FIGHTING COVID-19 ON THE FRONTLINE Frank Baez, BS, RN NYU Langone Health Challenges for Nursing on the Frontline Uncertainty in: how to care for COVID-19 patients provider safety End-of-life care to those with no family

363 views • 8 slides
Game Genres INTRODUCTION TO GAME GENRES: SIMULATION, SPORT, FIGHTING, CASUAL, SANDBOX,

Game Genres INTRODUCTION TO GAME GENRES: SIMULATION, SPORT, FIGHTING, CASUAL, SANDBOX,

Game Genres INTRODUCTION TO GAME GENRES: SIMULATION, SPORT, FIGHTING, CASUAL, SANDBOX, EDUCATIONAL, PUZZLE, ONLINE, 1 Simulations Simulations require a substantial amount of depth. Often, a great deal of research is required in

2.01k views • 45 slides
Kevin Warwick Coventry University T urings Imitation Game T urings Imitation Game Kevin

Kevin Warwick Coventry University T urings Imitation Game T urings Imitation Game Kevin

Kevin Warwick Coventry University T urings Imitation Game T urings Imitation Game Kevin Warwick Kevin Warwick 25th September 2015 25th September 2015 Man is an Unoriginal Animal Man is an Unoriginal Animal

659 views • 38 slides
Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg

Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg

Imitation Theory and Experimental Evidence Joerg Oechssler University of Heidelberg Imitation is relevant Neoplan (Germany) vs. Zhongwei (P.R. China) Imitation is prevalent Zeiss Ikon Contax II (1936) vs. Nikon I (1948) Imitator

655 views • 46 slides
On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio

On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio

On the Bit Security of Cryptographic Primitives M E T R A S 7 . 7 M Daniele Micciancio Michael Walter UCSD IST Austria eprint.iacr.org/2018/077 Security Security Adversary Game 1 Security Security Adversary Game

883 views • 40 slides
Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift

Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift

Imitation as a Stepping Stone to Innovation Amy Jocelyn Glass Texas A&M University Shift from Imitation to Innovation Countries such as Korea, China, and Taiwan shifting from imitation to innovation. Product cycle literature

323 views • 18 slides
Ruth Batson By Dan Hernan When we fight about education, were fighting for our lives.

Ruth Batson By Dan Hernan When we fight about education, were fighting for our lives.

Ruth Batson By Dan Hernan When we fight about education, were fighting for our lives. Were fighting for what that education will give us. Were fighting for a job. Were fighting to eat. Were fighting to pay our medical bills.

111 views • 8 slides
Is UFC Fighting Ethical? Angeli Leong Contextual Background The Ultimate Fighting

Is UFC Fighting Ethical? Angeli Leong Contextual Background The Ultimate Fighting

Is UFC Fighting Ethical? Angeli Leong Contextual Background The Ultimate Fighting Championship (UFC) is an American promotional company for mixed martial arts that shows matches pay-per-view or by watching in the stadium seats (max.

52 views • 4 slides
Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous

Repetitive Synchronous Imitation A new tool for looking at timing Repetitive Synchronous Imitation (RSI) + Target Phrase Origins of RSI Language teaching: Swedish prosody to L2 learners Developed by Gabor Harrar, at the Finnish

242 views • 13 slides
Systems change & Frontline work Systems change & Frontline work Weve always done it

Systems change & Frontline work Systems change & Frontline work Weve always done it

Systems change & Frontline work Systems change & Frontline work Weve always done it this way! Same old results! Same old thinking How to be a systems thinker introduction! If you take away one thing from this presentation

400 views • 27 slides
FRONTLINE FRONTLINE DISINFECTANT WIPE 70% ALCOHOL Wipe Size : 135 x 180 mm Wipe Weight : 45

FRONTLINE FRONTLINE DISINFECTANT WIPE 70% ALCOHOL Wipe Size : 135 x 180 mm Wipe Weight : 45

FRONTLINE FRONTLINE DISINFECTANT WIPE 70% ALCOHOL Wipe Size : 135 x 180 mm Wipe Weight : 45 Gsm 80 % Polyester 30 % Viscon Individual Pack Size : 7 x 12 cm FRONTLINE DISINFECTANT WIPE 70% ALCOHOL CE CERTIFICATE CERTIFICATE OF

271 views • 26 slides
Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye

Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye

Game theoretic modeling, analysis, and mitigation of security risks. Assane Gueye NIST/ITL/CCTG, Gaithersberg NIST ACMD Seminar Tuesday, June 7, 2011 Click to edit Master subtitle style 6/7/11 Outline Motivations 1. Security 1. Game

542 views • 35 slides
World War I Outcome: The Fighting Ends The Fighting Ends 1. The German War Machine a. Germany

World War I Outcome: The Fighting Ends The Fighting Ends 1. The German War Machine a. Germany

World War I Outcome: The Fighting Ends The Fighting Ends 1. The German War Machine a. Germany faced troubles in 1918 A home front revolution forced the Kaiser into exile i. Shortage of soldiers ( Iron Youth was gone); mutiny in Navy ii. iii.

583 views • 15 slides
Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs

Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs

Cryptography Game-based Proofs Assumptions BF IB-Encryption Conclusion Outline The Game-based Methodology 1 Cryptography for Computational Security Proofs Introduction Provable Security David Pointcheval 2 Game-based Methodology

722 views • 10 slides
Wise Influence Everyday Wisdom | Proverbs 12:26 Your Frontline is the place where you spend

Wise Influence Everyday Wisdom | Proverbs 12:26 Your Frontline is the place where you spend

Wise Influence Everyday Wisdom | Proverbs 12:26 Your Frontline is the place where you spend the majority of your time outside the church, where you are in contact with non-Christians. - Life on the Frontline A disciple: learning to live

639 views • 25 slides
A Game-Theoretic Approach to Network Security Mohammad Pirani and Henrik Sandberg Department of

A Game-Theoretic Approach to Network Security Mohammad Pirani and Henrik Sandberg Department of

A Game-Theoretic Approach to Network Security Mohammad Pirani and Henrik Sandberg Department of Automatic Control KTH Royal Institute of Technology Outline Defense mechanisms in cyber physical systems security Game-theoretic

489 views • 24 slides
Welcome to the Youth PQA Crash Course. This PowerPoint presentation is designed to guide you

Welcome to the Youth PQA Crash Course. This PowerPoint presentation is designed to guide you

Welcome to the Youth PQA Crash Course. This PowerPoint presentation is designed to guide you through using the Youth Program Quality Assessment (PQA) for program self- assessment. You will find notes included with each slide. The notes below

515 views • 13 slides
Randomized Branch Sampling (RBS): Size software projects without wasting time analyzing each user

Randomized Branch Sampling (RBS): Size software projects without wasting time analyzing each user

Randomized Branch Sampling (RBS): Size software projects without wasting time analyzing each user story Dimitar Bakardzhiev How big is our project? Sizing es4mates the probable size of a piece

772 views • 45 slides
Usenix FAST 2008 Conference, San Jose (02/27/2008) Outrageous opinion statement Name:

Usenix FAST 2008 Conference, San Jose (02/27/2008) Outrageous opinion statement Name:

Usenix FAST 2008 Conference, San Jose (02/27/2008) Outrageous opinion statement Name: Konstantin Koll Age: 29 Origin: University of Dortmund, Germany Occupation: PhD student Topic: file systems Created a high-performant

480 views • 11 slides
CSE 110A: Winter 2020 Fundamentals of Compiler Design I Introduction and Overview Owen

CSE 110A: Winter 2020 Fundamentals of Compiler Design I Introduction and Overview Owen

CSE 110A: Winter 2020 Fundamentals of Compiler Design I Introduction and Overview Owen Arden UC Santa Cruz Based on course materials developed by Ranjit Jhala What is a Compiler? A function that maps an input string to an output

79 views • 5 slides
Resource Use & Distribution To Support Planetary Health & Boundaries: Wasted Food and

Resource Use & Distribution To Support Planetary Health & Boundaries: Wasted Food and

Rethinking Food System Resource Use & Distribution To Support Planetary Health & Boundaries: Wasted Food and Meat Consumption Roni Neff, PhD MS Assistant Professor, Environmental Health & Engineering Johns Hopkins Bloomberg School

389 views • 23 slides
Empya : Saving Energy in the Face of Varying Workloads Christopher Eibel , Thao-Nguyen Do, Robert

Empya : Saving Energy in the Face of Varying Workloads Christopher Eibel , Thao-Nguyen Do, Robert

Empya : Saving Energy in the Face of Varying Workloads Christopher Eibel , Thao-Nguyen Do, Robert Meiner, and Tobias Distler System Software Group Friedrich-Alexander-Universitt Erlangen-Nrnberg (FAU) The 2018 IEEE International

935 views • 23 slides
MINDSET DANHAESLER EDUCATOR | WRITER | CONSULTANT @danhaesler AS SOON AS STUDENTS BECOME ABLE

MINDSET DANHAESLER EDUCATOR | WRITER | CONSULTANT @danhaesler AS SOON AS STUDENTS BECOME ABLE

EXPLORING THE POWER OF A GROWTH MINDSET DANHAESLER EDUCATOR | WRITER | CONSULTANT @danhaesler AS SOON AS STUDENTS BECOME ABLE TO EVALUATE THEMSELVES, SOME OF THEM BECOME AFRAID OF CHALLENGE ITS BREATHTAKING HOW MANY PEOPLE REJECT THE

937 views • 20 slides
Its a Good Place to Be: Northwest Regional Messaging and Marketing Toolkit Behavior, Energy

Its a Good Place to Be: Northwest Regional Messaging and Marketing Toolkit Behavior, Energy

Its a Good Place to Be: Northwest Regional Messaging and Marketing Toolkit Behavior, Energy and Climate Change Conference Presented by Elaine Blatt, Senior Manager, Market Resources November 13, 2012 NORTHWEST ENERGY EFFICIENCY ALLIANCE

502 views • 16 slides

More recommend