Voices in AI – Episode 64: A Conversation with Eli David


About this Episode

Episode 64 of Voices in AI features host Byron Reese and Dr. Eli David discuss evolutionary computation, deep learning and neural networks, as well as AI’s role in improving cyber-security. Dr. David is the CTO and co-founder of Deep Instinct as well as having published multiple papers on deep learning and genetic algorithms in leading AI journals.
Visit www.VoicesinAI.com to listen to this one-hour podcast or read the full transcript.

Transcript Excerpt

Byron Reese: This is Voices in AI, brought to you by GigaOm. I’m Byron Reese. And today, our guest is Dr. Eli David. He is the CTO and the co-founder of Deep Instinct. He’s an expert in the field of computational intelligence, specializing in deep learning and evolutionary computation. He’s published more than 30 papers in leading AI journals and conferences, mostly focusing on applications of deep learning and genetic algorithms in various real-world domains. Welcome to the show, Eli.
Eli David: Thank you very much. Great to be here.
So bring us up to date, or let everybody know what do we mean by evolutionary computation, and deep learning and neural networks? Because all three of those are things that, let’s just say, they aren’t necessarily crystal clear in everybody’s minds what they are. So let’s begin by defining your terms. Explain those three concepts to us.
Sure, definitely. Now, both neural networks and evolutionary computation take inspiration from intelligence in nature. If instead of trying to come up with smart mathematical ways of creating intelligence, we just look at the nature to see how intelligence works there, we can reach two very obvious conclusions. First, the only algorithm that is in charge of creating intelligence – we started from single-cell organisms billions of years ago, and now we are intelligent organisms – and the main algorithm, or maybe the only algorithm, in charge of that was evolution. So evolutionary computation takes inspiration from the evolutionary process in the nature and trying to evolve computer programs so that, from one generation to other, they will become smarter and smarter, and the smarter they are, the more they breed, the more children they have, and so, hopefully the smart gene improves one generation after the other.
The other thing that we will notice when we observe nature is brains. Nearly all the intelligence in humans or other mammals or the intelligent animals, it is due to a neural network and network of neurons which we refer to as a brain — many small processing units connected to each other via what we call synapses. In our brains, for example, we have many tens of billions of such neurons, each one of them, on average, connected to about ten thousand other neurons, and these small processing units connected to each other, they create the brain; they create all our intelligence. So the two fields of evolutionary computation and artificial neural networks, nowadays referred to as deep learning, and we will shortly dwell on the difference as well, take direct inspiration from nature.
Now, what is the difference between deep learning, deep neural networks, traditional neural networks, etc? So, neural networks is not a new field. Already in the 1980s, we had most of the concepts that we have today. But the main difference is that during the past several years, we had several major breakthroughs, while until then, we could train only shallow neural networks, shallow artificial neural networks, just a few layers of neurons, just a few thousand synapses, connectors. A few years ago, we managed to make these neural networks deep, so instead of a few layers, we have many tens of layers; instead of a few thousand connectors, we have now hundreds of millions, or billions, of connectors. So instead of having shallow neural networks, nowadays we have deep neural networks, also known as deep learning. So deep learning and deep neural networks are synonyms.
Listen to this one-hour episode or read the full transcript at www.VoicesinAI.com
Byron explores issues around artificial intelligence and conscious computers in his new book The Fourth Age: Smart Robots, Conscious Computers, and the Future of Humanity.

How Biology is Inspiring the Next Generation of Cybersecurity

Your average security operations center is a very busy place. Analysts sit in rows, staring intently at computer monitors. Cybersecurity alerts tick past onscreen—an average of 10,000 each day. Somehow, the analysts must decide, in seconds, which of these are false alarms, and which might be the next Target hack. Which should be ignored, and which should send them running to the phone to wake up the CIO in the middle of the night.
It’s a difficult job.
The alerts are false alarms the vast majority of the time. Cybersecurity tools have been notoriously bad at separating the signal from the noise. That’s no surprise, since the malware used by hackers is constantly mutating and evolving, just like a living thing. The static signatures that antivirus software uses to detect them are outdated almost as soon as they are released.
The problem is that this knowledge can cause a kind of numbness—and make tech teams slow to act when cybersecurity software does uncover a real threat (a problem that may have contributed to the Target debacle).
Luckily, a few government labs are experimenting with a new approach—one that starts with taking the “living” nature of malware a little more seriously. Meet the new generation of biology-inspired cybersecurity.
Sequencing Malware DNA
The big problem with signature-based threat detection is that even tiny mutations in malware can fool it. Hackers can repackage the same code again and again with only a few small tweaks to change its signature. The process can even be automated. This makes hacking computers cheap, fast, and easy—much more so than defending them.
Margaret Lospinuso, a researcher at Johns Hopkins University’s Applied Physics Laboratory (JHUAPL), was pondering this problem a few years ago when she had a brainstorm. A computer scientist with a lifelong interest in biology, she was aware that programs for matching DNA sequences often had to ignore small discrepancies like this, too. What if she could create a kind of DNA for malware—and then train a computer to read it?
DNA maps out plans for complex proteins using only four letters. But CodeDNA uses a much longer alphabet to represent computer code. Each chunk of code is assigned a “letter” depending on its function—for example, a letter A might represent code that opens a certain type of file, while a letter B might represent code that opens a server connection. Once a suspicious computer program is translated into this type of “DNA,” Lospinuso’s software can then compare to the DNA of known malware to see if there are similarities.
It’s a “lossy technique,” says Lospinuso—some of the detail gets scrubbed out in translation. However, that loss of detail makes it easier for CodeDNA to identify similarities between different samples of code, Lospinuso says. “Up close, a stealth bomber and a jumbo jet look pretty different. But in the distance, where details are indistinct, they both just look like planes.”
The resulting technique drastically cuts down on the time analysts need to sort and categorize data. According to one commercial cybersecurity analyst, the similarities CodeDNA found in two minutes would have saved him two weeks of hard work. But the biggest advantage of CodeDNA  is that it won’t be fooled by small tweaks to existing code. Instead of simply repackaging old malware, hackers to build new versions from scratch if they want to escape detection. That makes hacking vastly more time-consuming, expensive, and difficult—exactly how it should be.
How to Build a Cyber-Protein
Lospinuso’s team built CodeDNA’s software from scratch, too; it’s different from standard DNA-matching software, even though they implement the same basic techniques. Not so with MLSTONES, a technology developed at Pacific Northwest National Laboratory (PNNL). MLSTONES is essentially a tricked-out version of pBLAST, a public-source software program for deciphering protein sequences. Proteins are constructed from combinations of 20 amino acids, giving their “alphabet” more complexity than DNA’s 4-letter one. “That’s ideal for modeling computer code,” said project lead Elena Peterson.
MLSTONES originally had nothing to do with cybersecurity. It started out as an attempt to speed up pBLAST itself using high-performance computing techniques. “Then we started to think: what if the thing we were analyzing wasn’t a protein, but something else?” Peterson said.
The MLSTONES team got a bit of encouragement early on when their algorithm successfully categorized a previously unknown virus that standard anti-virus software couldn’t identify. “When we presented [it] to US-CERT, the United States Computer Emergency Readiness Team, they confirmed it was a previously unidentified variant of a Trojan. They even let us name it,” Peterson said. “That was the tipping point for us to continue our research.”
Peterson says she is proud of how close MLSTONES remains to its bioinformatics roots. The final version of the program still uses the same database search algorithm that is at the heart of pBLAST, but strips out some chemistry and biology bias in the pBLAST software. “If the letter A means something in chemistry, it has to not mean that anymore,” Peterson says. This agnostic approach also makes MLSTONES extremely flexible, so it can be adapted to uses beyond just tracking malware. A version called LINEBACKER, for instance, applies similar techniques to identify abnormal patterns in network traffic, another key indicator of cyber threats.
A Solution to Mutant Malware
Cyberattacks are growing faster, cheaper, and more sophisticated. But all too often, the software that stops them isn’t. To secure our data and defend our networks, we need security solutions that adapt as fast as threats do, catching mutated malware that most current methods would miss. The biology-based approach of CodeDNA and MLSTONES isn’t just a step in the right direction here—it’s a huge leap. And with luck, they will soon be available to protect the networks we all rely upon..

With contribution by Nathalie Lagerfeld of Hippo Reads.

“Ex-Mossad” group threatened South Africa cyberattack, leaks show

South Africa was threatened with a serious cyberattack from people claiming to be ex-Mossad hackers, according to documents included in the “spy cables” cache that was recently leaked to Al Jazeera.

The cache includes communications between South Africa’s State Security Agency (SSA) and its counterparts around the world, including the CIA and Israel’s Mossad. The revelations are particularly embarrassing for the South Africans, but sometimes also for those overseas, such as the Israelis.

So far, none of the revelations have been particularly tech-related (apart from the fact that the leak was digital), but on Tuesday Al Jazeera reported on a 2012 SSA reference to the “ex-Mossad” threat, which took place in the context of a pro-Palestinian boycott and sanctions campaign that was underway in South Africa and elsewhere.

The people in question apparently hand-delivered a letter to the South African financy ministry, threatening to attack the country’s banking and financial sector if the government did not shut down the anti-Israel campaign in South Africa within 30 days and remove and prosecute certain people linked with the campaign.

They claimed to have been partly responsible for the Stuxnet worm that sabotaged Iranian uranium enrichment facilities about five years ago – widely believed to be the work of the Americans and Israelis – and the associated Flame malware that was used to spy on targets in the Middle East. The group said they still had access to Mossad technologies and resources.

There’s no evidence of the attack having taken place, or of the government cracking down on the boycott campaign, which enjoyed the sympathy of many high-level figures in the country. In the document, the SSA said the Directorate of Priority Crime Investigation had looked into the letter’s authenticity, but the outcome of that probe was unknown.

Security incubator with ties to Israeli military forms with $18M

A new Israeli-based cyber-security incubator called Team8 plans to announce its launch on Tuesday and is banking that its ties to the Israeli military will give its startups a competitive edge in the crowded security startup market. As part of the launch, the incubator also landed an $18 million dollar investment round from Bessemer Venture Partners (BVP), Alcatel-Lucent, Cisco Investments, Marker LLC, and Innovation Endeavors.

Team8’s founders — Nadav Zafrir, Israel Grimberg and Liran Grinberg — are all veterans of the Israel Defense Forces Unit 8200, which Zafrir described as being the National Security Agency of Israel. This particular unit, which Zafrir said he commanded during the last half of his military service, is responsible for intelligence gathering and national security, with former members of the unit having gone on to build some of Israel’s largest tech companies, like the Tel Aviv-based Check Point Software Technologies. Unit 8200 has also generated some innovative security companies over the years like Hexadite, which formally launched last July.

Zafrir described Team8 as a “startup of startups” that operates like a think tank in that its core team and staff spend a considerable amount of time doing research, albeit not for policy reports to influence governments. After researching specific areas in cyber-security that the team wants to tackle, Team8 then tries to find the right security experts who are best suited for potentially creating a startup that can solve the issue; these experts typically come from Unit 8200, but they don’t necessarily need to be, Zafrir said.

After an entrepreneur or security expert signs on, Team8 in return gives them the typical incubator perks including helping with the logistics of starting a new business.

The entrepreneurs that Team8 decides to work with will be provided with funding, technical guidance, go-to-business planning and anything else it takes for a successful startup to get off the ground.

Team8 Team

Team8 Team

Team8 will be different than a typical incubator in that it will be “taking in people and developing the concepts and technology in-house,” said BVP partner David Cowan, and the plan is for these companies to remain independent and not bound to the larger companies that are financially backing the project.

The first area of cyber security that Team8 wants to tackle relates to the idea of preventing the kind of massive data breaches like those seen at [company]Target[/company] and [company]Sony[/company] through a thorough understanding of the hackers behind the attacks, whether they be criminal syndicates or nation-states. Zafrir wouldn’t elaborate on how exactly the first company in its portfolio will be addressing this, citing that the company (led by former Check Point Software veteran Ofer Israeli) is still in stealth (and still figuring out a name).

“Our thesis for this specific domain is that at the end of the day, it is not about the malware,” said Zafrir. “You have to think about the people behind the malware.”

Team8 is currently backing two companies with one in beta and the other starting its alpha program the next quarter, and the ultimate goal of the incubator is to build four to six companies in the next few years.

For BVP’s Cowan, a successful 2015 means that Team8 will have spun out at least one company that has workable technology, solid leadership and a couple of customers. Cowan said he has “a good sense of what project it is” that he bets will be the incubator’s first successful company, but he wouldn’t elaborate on more details only to say “We will have our first company up and running by the end of the year.”

Malware makers try to cash in with fake YouTube views

Programmers of malware software have found a new way of making their exploits pay: A newly-discovered scam downloads malware to unsuspecting users’ computers and then makes those machines watch YouTube videos to cash in on the video service’s partner program. The malware, dubbed Trojan.Tubrosa, was able to generate more than two million views for videos uploaded by the malware makers, according to security researchers at Symantec.

YouTube has a few safeguards in place to prevent users from gaming the system. Not only does the video service monitor the types of content uploaded to YouTube to make sure that users aren’t infringing any rights, it also monitors for fraudulent clicks, much in the same way Google monitors its ads for irregular activities.

The developers of Trojan.Tubrosa tried to circumvent these safeguards by dynamically changing referrers in an attempt to trick YouTube’s servers into thinking that each view came from just a single user. In reality, affected machines were generating lots of views. From Symantec’s blog:

“In order to keep its malicious activities secret, the malware will lower the volume of the compromised computer’s speakers to zero. The malware will even update or install Flash on the user’s computer to allow it to view these videos. The user may not realize that anything is amiss until their computer’s resources are fully used up and they experience significant performance degradation.”

Symantec’s researchers expect that the developers of this particular malware made “several thousand dollars.” Google apparently caught on to it eventually, telling Symantec that it was “aware of this malware.”

And of course, YouTube isn’t alone in being targeted by fraudulent views. Ad fraud is a huge problem that the industry doesn’t like to talk about, and estimates vary widely. Some think that around 36 percent of all ad impressions are fraudulent, while others believe the number could be even higher. Kraft went public last year saying that it rejects up to 85 percent of digital ad impressions because of possible fraud and other quality concerns.

FBI: Sony hack was North Korea’s work

The U.S. Federal Bureau of Investigation has officially pointed to North Korea as the culprit behind the hacking of Sony Pictures Entertainment — an incident that was allegedly connected with a now-pulled film called The Interview, about the assassination of North Korean dictator Kim Jong-Un.

Although recent days have seen several stories in which unnamed U.S. officials said North Korea was to blame, this is the first time the authorities have openly said as much. According to the FBI, the malware used in the attack “revealed links to other malware that the FBI knows North Korean actors previously developed,” including similarities in the code, encryption algorithms and data deletion methods.

The FBI also said that the malware included hard-coded IP addresses that had communicated with IP addresses “associated with known North Korean infrastructure.” The agency said that the “destructive nature of this attack” — apart from the movie’s planned release being cancelled following threats to theaters, loads of [company]Sony[/company] Pictures strategic and commercial information and employees’ personal information was dumped onto the web — set it apart from other types of online attacks.

“North Korea’s actions were intended to inflict serious harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said. “Such acts of intimidation fall outside the bounds of acceptable state behavior. The FBI takes seriously any attempt – whether through cyber-enabled means, threats of violence, or otherwise – to undermine the economic and social prosperity of our citizens.”

The agency also praised Sony Pictures for reporting the incident “within hours”, which it said helped the FBI’s investigators to do their work.

However, North Korea has reportedly denied being behind the attack. It has denied involvement before, though it did call it “righteous”.

Also on Friday, CNN reported that the hackers, who had previously identified themselves only as the “Guardians Of Peace”, had emailed Sony Pictures after it pulled The Interview to say it had been a “wise decision”, and to urge the studio to pull its trailers and ensure the Seth Rogen comedy was never released. Sony has indeed taken down the film’s trailers from YouTube.

Cinemas have reversed plans to re-screen the decade-old, Kim-family-baiting film Team America, and studios have also been scrapping plans to release anything that might irk North Korea, with New Regency canceling a Steve Carell project called Pyongyang before filming even started.

Culture aside, defectors from North Korea told Reuters that the country ultimately wants to target infrastructure — a more serious kind of attack that was demonstrated by someone who, according to a German government report this week, damaged a German steel plant earlier this year.

Update at 11:35 AM PST: President Obama confirmed what the FBI detailed this morning during a press conference saying that the U.S. “will respond proportionally” to the hack against Sony, but he did not say what the U.S. government is planning to do and he did not give a timeframe as to when some sort of action will occur.

Obama indicated that he was upset with Sony’s decision to cave into the hackers’ demands by not releasing The Interview.

“I wish they had spoken to me first,” said Obama. “I would have told them do not get into a pattern in which you are intimated by these types of criminal attacks.”

This article was repeatedly updated to add further information.

Home Depot confirms massive security breach

The retailer said that it’s still putting together the pieces of the breach and that debit PIN numbers should not be affected. Additionally, online shoppers and those who shopped in Home Depot stores in Mexico should be safe.