• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » The New Generation of A.I. vs. Hackers

The New Generation of A.I. vs. Hackers

hacker
January 9, 2019
Bloomberg

Last year, Microsoft Corp.’s Azure security team detected suspicious activity in the cloud computing usage of a large retailer: One of the company’s administrators, who usually logs on from New York, was trying to gain entry from Romania. And no, the admin wasn’t on vacation. A hacker had broken in.

Microsoft quickly alerted its customer, and the attack was foiled before the intruder got too far.

Chalk one up to a new generation of artificially intelligent software that adapts to hackers’ constantly evolving tactics. Microsoft, Alphabet Inc.’s Google, Amazon.com Inc. and various startups are moving away from solely using older “rules-based” technology designed to respond to specific kinds of intrusion and deploying machine-learning algorithms that crunch massive amounts of data on logins, behavior and previous attacks to ferret out and stop hackers.

“Machine learning is a very powerful technique for security — it’s dynamic, while rules-based systems are very rigid,” says Dawn Song, a professor at the University of California at Berkeley's Artificial Intelligence Research Lab. “It’s a very manual intensive process to change them, whereas machine learning is automated, dynamic and you can retrain it easily.”

Hackers are themselves famously adaptable, of course, so they too could harness machine learning to create fresh mischief and overwhelm the new defenses. For example, they could figure out how companies train their systems and use the data to evade or corrupt the algorithms. The big cloud services companies are painfully aware that the foe is a moving target but argue that the new technology will help tilt the balance in favor of the good guys.

“We will see an improved ability to identify threats earlier in the attack cycle and thereby reduce the total amount of damage and more quickly restore systems to a desirable state,” says Amazon Chief Information Security Officer Stephen Schmidt. He acknowledges that it’s impossible to stop all intrusions but says his industry will “get incrementally better at protecting systems and make it incrementally harder for attackers.”

Before machine learning, security teams used blunter instruments. For example, if someone based at headquarters tried to log in from an unfamiliar locale, they were barred entry. Or spam emails featuring various misspellings of the word “Viagra” were blocked. Such systems often work.

But they also flag lots of legitimate users — as anyone prevented from using their credit card while on vacation knows. A Microsoft system designed to protect customers from fake logins had a 2.8 percent rate of false positives, according to Azure Chief Technology Officer Mark Russinovich. That might not sound like much but was deemed unacceptable since Microsoft’s larger customers can generate billions of logins.

To do a better job of figuring out who is legit and who isn't, Microsoft technology learns from the data of each company using it, customizing security to that client’s typical online behavior and history. Since rolling out the service, the company has managed to bring down the false positive rate to .001 percent. This is the system that outed the intruder in Romania.

Training these security algorithms falls to people like Ram Shankar Siva Kumar, a Microsoft manager who goes by the title of Data Cowboy. Siva Kumar joined Microsoft six years ago from Carnegie Mellon after accepting a second-round interview because his sister was a fan of “Grey's Anatomy,” the medical drama set in Seattle. He manages a team of about 18 engineers who develop the machine learning algorithms and then make sure they’re smart and fast enough to thwart hackers and work seamlessly with the software systems of companies paying big bucks for Microsoft cloud services. 

Siva Kumar is one of the people who gets the call when the algorithms detect an attack. He has been woken in the middle of the night, only to discover that Microsoft’s in-house “red team” of hackers were responsible. (They bought him cake to compensate for lost sleep.

The challenge is daunting. Millions of people log into Google’s Gmail each day alone. “The amount of data we need to look at to make sure whether this is you or an impostor keeps growing at a rate that is too large for humans to write rules one by one,” says Mark Risher, a product management director who helps prevent attacks on Google’s customers.

Google now checks for security breaches even after a user has logged in, which comes in handy to nab hackers who initially look like real users. With machine learning able to analyze many different pieces of data, catching unauthorized logins is no longer a matter of a single yes or no. Rather, Google monitors various aspects of behavior throughout a user’s session. Someone who looks legit initially may later exhibit signs they are not who they say they are, letting Google’s software boot them out with enough time to prevent further damage.

Besides using machine learning to secure their own networks and cloud services, Amazon and Microsoft are providing the technology to customers. Amazon’s Macie service uses machine learning to find sensitive data amid corporate info from customers like Netflix and then watches who is accessing it and when, alerting the company to suspicious activity. Amazon’s GuardDuty monitors customers’ systems for malicious or unauthorized activity. Many times the service discovers employees doing things they shouldn’t — such as mining Bitcoin at work. 

Dutch insurance company NN Group NV uses Microsoft’s Advanced Threat Protection to manage access to its 27,000 workers and close partners, while keeping everyone else out. Earlier this year, Wilco Jansen, the company’s manager of workplace services, showed employees a new feature in Microsoft’s Office cloud software that blocks so-called CxO spamming, whereby spammers pose as a senior executive and instruct the receiver to transfer funds or share personal information.

Ninety minutes after the demonstration, the security operations center called to report that someone had tried that exact attack on NN Group’s CEO. “We were like ‘oh, this feature could already have prevented this from happening,’” Jansen says. “We need to be on constant alert, and these tools help us see things that we cannot manually follow.”

Machine learning security systems don’t work in all instances, particularly when there is insufficient data to train them. And researchers and companies worry constantly that they can be exploited by hackers.

For example, they could mimic users’ activity to foil algorithms that screen for typical behavior. Or hackers could tamper with the data used to train the algorithms and warp it for their own ends — so-called poisoning. That’s why it’s so important for companies to keep their algorithmic criteria secret and change the formulas regularly, says Battista Biggio, a professor at the University of Cagliari’s Pattern Recognition and Applications Lab in Sardinia, Italy.

So far, these threats feature more in research papers than real life. But that’s likely to change As Biggio wrote in a paper last year: “Security is an arms race, and the security of machine learning and pattern recognition systems is not an exception.”

RELATED CONTENT

RELATED VIDEOS

Data Management (Big Data/IoT/Blockchain) Cloud & On-Demand Systems Technology Supply Chain Security & Risk Mgmt E-Commerce/Omni-Channel High-Tech/Electronics Retail
KEYWORDS Big Data/IOT Cloud, SaaS & On-Demand Systems E-Commerce/Omni-Channel High-Tech/Electronics Retail SC Security & Risk Mgmt Technology
  • Related Articles

    Big Tech's New Alliance Is Good News for the Health of A.I.

    ‘The Beginning of a Wave’: A.I. Tiptoes Into the Workplace

    The Cloud: Hackers' New Thieving Ground

Bloomberg

Amtrak Bottleneck Turns Biden’s Focus to His Favorite Rail Route

More from this author

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • A MAN IN A SUIT SHAKES HANDS WITH A WOMAN IN A HARD HAT, NEXT TO A STACK OF CONTAINERS

    Three Procurement Technology Evolutions for 2023

    Sourcing/Procurement/SRM
  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • The blank stare of a child's eye who is standing behind what appears to be a wooden frame

    The Alarming Continued Rise of Modern Slavery in Supply Chains: How Procurement Can Help Reverse the Trend

    Sourcing/Procurement/SRM
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing