CyberSec&AI Connected 2021 | BLOG

The increasing importance of AI in social sustainability

Veronica Valeros

Advancements in digital technology are a keystone of our modern lives. However, these advancements do not come without risks to our security. With more devices connected to the internet and more devices per user, there is a major increase in the data being collected, transported, and stored.

All our social life, work, and movements are stored in our phones and shared with others. In order to early detect malicious infections, intrusions, or data thefts, organizations need to be able to analyze all the data very quickly. New developments in AI and machine learning algorithms have made this protection possible. However, most of the progress in this area has been confined to the corporate world, leaving a key part of our society defenseless.

Adding to the problem, it has never been easier for governments to abuse this very technology to surveil, track, spy, and often harm non-governmental organizations (NGO), human rights defenders, political activists, journalists, and lawyers. Civil society has been so far left behind when it comes to digital defense. Working in the field, often in war zones or facing prosecution, individuals at risk make do without the protection of a large organization, without digital defenses (firewalls, endpoint protection, or strict policies), and without resources. The Civilsphere Project at the Czech Technical University in Prague aims to fill this protection gap to civil society. 

Since 2018, the Civilsphere project has been a pioneer in the use of machine learning to help civil society. The project is dedicated to providing individuals at risk with free tools to help detect active malware infections, privacy violations, or signs of digital surveillance. There are two main services offered by Civilsphere to individuals at risk: ShouldIClick and AI-VPN.

Should I click?

There are many reasons why a web link may not be safe to click. A large number of attacks, including targeted attacks, start with a link in an email or chat,  generally ending in the full compromise of a device. Can AI help users decide when it is safe enough to click?

The Civilsphere ShouldIClick service combines machine learning, statistical analysis, and security tools to analyze a given link in real time and advise the user if the link is safe to click or not. Through various ensembling of multiple analysis and detection modules, ShouldIClick is designed to look for scams, evil twin attacks, malicious javascript embeddings, and insecure traffic.

Dfv2emp6tfMaitmF EMGmJTEspVMi9tKPsQ3XtDCPFC7tymM5IOoCl5nyHSlyYKVKymsfKjcWnAgPhgRnehprnWEUZqTuPHpqMSIAJqeD3s3KqO5gzu7kmx6iOUkGwREYn I atShouldIClick receives a URL, downloads the content of the page, extracts features, and runs detection modules to search for suspicious activity. The results for these detection modules are ensembled to detect specific threats, and a final verdict is reached.

ShouldIClick first generates features from the live website of the URL, including its HTML structure, Javascript, and images. The features from the certificate, keys, and algorithms used for encryption are also very important. The service completely analyzes the website and its behavior and it does not rely on the URL string. These features are used as input for several machine learning algorithms that focus on different aspects of the website, including analyzing the graph structure of the HTML and the similarity to other websites with the same title (in search for the twin website). The final decision is reached through an ensembling.

The ShouldIclick service has been active for two years and has been used to analyze and protect thousands of people at risk.

Is my phone at risk?

The Civilsphere AI VPN service was designed to answer this question. Combining a traditional Virtual Private Network (VPN) with network analytics and state-of-the-art machine learning detection algorithms, the AI VPN provides individuals at risk a free assessment of their mobile network traffic in real time. 

The Civilsphere AI VPN works by combining three key elements. First, well-known VPN technologies, such as OpenVPN. Second, a system for capturing and storing the network connections generated by the users, which will be further analyzed to detect suspicious connections. Third, the Stratosphere Linux IPS, a free-software machine-learning-based intrusion prevention system, that performs behavioral analysis of the network traffic and automatic blocking of suspicious connections.

WkjYGP0Rx eINlInguDjMGqtyaPT2vs7aYpGb3n iOb9PMXGxe8qzbFzo8bdLZoJIOjMLtNf8D2q HP 3Ynp6KxbsZe5XeXoqJ XsQeLj4cJvmczzEkYEwNGyqq96QBDaVHg9IP1

The Stratosphere Linux IPS has multiple modules that handle Threat Intelligence feeds, IP enrichment, a LSTM neural net for malicious behavior detection, port scanning detection on flows, long connection detection, and many others. Ensembling algorithms are used to decide the automated blocking of malicious connections. The complete work of Slips is open to the community and published in https://github.com/stratosphereips/StratosphereLinuxIPS.

Protect the vulnerable

Cyber defense is becoming more and more challenging, and more so to those at risk and without resources. Now, there is not only the need to defend devices but also data and even algorithms. With an ever more interconnected software supply chain, it will require a common effort to keep things safe. Combining AI and human experts will allow us to not only improve our security but also protect our most vulnerable groups working in the frontline.

About the author

Veronica Valeros is a senior researcher and project leader of the Stratosphere Research Laboratory at the Czech Technical University in Prague. She has more than 9 years of experience in cybersecurity. Her research strongly focuses on helping people. She currently specializes in threat intelligence, malware traffic analysis, and data analysis. She has made her career in both industry and academia.

In her current position as a project leader, Veronica helps driving forward the research and development projects, improves processes, and drives the community engagement of the groups she works with. As a senior researcher, she is responsible for the research, development, and customer support at the Civilsphere project, dedicated to protecting civil society organizations and individuals at risk from targeted digital threats.

Veronica has presented her research at international conferences such as Black Hat, EkoParty, Botconf, Virus Bulletin, Deepsec, and others. She is the co-founder of the MatesLab hackerspace based in Argentina and co-founder of the Independent Fund for Women in Tech. 

Web: https://www.veronicavaleros.com/

Share this article

Share on linkedin
Share on facebook
Share on twitter

And follow #CyberSecAI

Veronica Valeros

Project Leader of The Stratosphere Research Laboratory & Civilsphere Project at Czech Technical University in Prague

is featured in this article

Join us in November 2021 and register now for online CyberSec&AI Connected 2021

Latest news

Download the CyberSec&AI Connected Overview

Thank you!

Thank you for your interest. We will stay in touch regarding any related news about the CyberSec&AI  conference