Leuven AI Law and Ethics Conference (LAILEC 2021) has been held online on 25-26 March 2021. In this year’s (online) edition of the conference, the focus was on how AI and (cyber)security interplay, where they go hand in hand and where they collide. The conference aimed to discuss the role of transparency, information sharing and resilience in the data and machine learning supply chains. In particular, it explored to what extent companies would be willing to devise collaborative mitigation strategies against competing interests over valuable data assets.
Alexey Kirichenko from F-Secure was invited as a panellist to the event. In the “AI for resilience and collaborative mitigation strategies for AI-driven response to cyber threats” session, Alexey talked about the benefits and challenges of intelligence sharing in cybersecurity and how privacy-preserving Machine Learning could alleviate some of the concerns. The SAPPAN work on data and model sharing was used as a key example of sharing approaches in the context of dynamic attack detection and response.
The talk started with historical notes on “sharing among cyber defenders”, including the issues of trust, motivation and technical means, and such challenges as sharing information about “governmental malware” and disclosing sensitive information of organizations targeted by attacks. Then the focus moved to one of the key questions in SAPPAN: since advanced attacks are often detected as anomalies via ML-based engines, how sharing can support such engines? Several forms of sharing were briefly discussed: training data, statistics, models (in particular, distributed and federated learning and ensembling approaches), sharing model predictions in the teacher-student setting. Also, options for the statistics and models sharing scope were considered, from the individual machines level to groups of machines, individual organizations, and across multiple organizations.
More information regarding this event can be found via this link.