Connect with us

Cyber Security

Deepfake Detection Poses Problematic Technology Race

Avatar

Published

on

Experts hold out little hope for a robust technical solution in the long term.

With disinformation concerns increasing as the US presidential election approaches, industry and academic researchers continue to investigate ways of detecting misleading or fake content generated using deep neural networks, so-called “deepfakes.”

While there have been successes — for example, focusing on artifacts such as the unnatural blinking of eyes has resulted in high accuracy rates — a key problem in the arms race between attackers and defenders remains: The neural networks used to create deepfake videos are automatically tested against a variety of techniques intended to detect manipulated media, and the latest defensive detection technologies can easily be included. The feedback loop used to create deepfakes is similar in approach — if not in technology — to the fully undetectable (FUD) services that allow malware to be automatically scrambled in a way to dodge signature-based detection technology.

Detecting artifacts is ultimately a losing proposition, says Yisroel Mirsky, a post-doctoral fellow in cybersecurity at the Georgia Institute of Technology and co-author of a paper that surveyed the current state of deepfake creation and detection technologies.

“The defensive side is all doing the same thing,” he says. “They are either looking for some sort of artifact that is specific to the deepfake generator or applying some generic classifier for some architecture or another. We need to look at solutions that are out of band.”

The problem is well known among researchers. Take Microsoft’s Sept. 1 announcement of a tool designed to help detect deepfake videos. The Microsoft Video Authenticator detects possible deepfakes by finding the boundary between inserted images and the original video, providing a score for the video as it plays.

While the technology is being released as a way to detect issues during the election cycle, Microsoft warned that disinformation groups will quickly adapt.

“The fact that [the images are] generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology,” said Tom Burt, corporate vice president of customer security and trust, and Eric Horvitz, chief scientific officer, in a blog post describing the technology. “However, in the short run, such as the upcoming US election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes.”

Microsoft is not alone in considering current deepfake detection technology as a temporary fix. In its Deep Fake Detection Challenge (DFC) in early summer, Facebook found the winning algorithm only accurately detected fake videos about two-thirds of the time. 

“[T]he DFDC results also show that this is still very much an unsolved problem,” the company said in its announcement. “None of the 2,114 participants, which included leading experts from around the globe, achieved 70 percent accuracy on unseen deepfakes in the black box data set.” 

In fact, calling the competition between attackers and defenders an “arms race” is a bit of a misnomer because the advances in technology will likely mean that realistic fake videos that cannot be detected by technology will become a reality not too far in the future, says Alex Engler, the Rubenstein Fellow in governance studies at the Brookings Institute, a policy think tank.

“We have not see a dramatic improvement in deepfakes, and we haven’t really a super-convincing deepfake video, but am I optimistic about the long-term view? Not really,” he says. “They are going to get better. Eventually there will not be an empirical way to tell the difference between a deepfake and a legitimate video.”

In a policy paper, Engler argued that policy-makers will need to plan for the future when deepfake technology is widespread and sophisticated.

On the technical side, like the anti-malware industry, there are two likely routes that deepfake detection will take. Some companies are creating ways of signing video as proof that it has not been modified. Microsoft, for example, unveiled a signing technology with a browser plug-in that the company said can be used to verify the legitimacy of videos.  

“In the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media,” Burt and Hovitz wrote. “There are few tools today to help assure readers that the media they’re seeing online came from a trusted source and that it wasn’t altered.” 

Another avenue of research is to look for other signs that a video has been modified. With machine-learning algorithms capable of turning videos into a series of content and metadata — from a transcription of any speech in the video to the location of where the video was taken — creating content-based detection algorithms could be a possibility, Georgia Tech’s Mirsky says. 

“Just like malware, if you have a technique that can look at the actual content, that is helpful,” he says. “It is very important because it raises the bar for the attacker. They can mitigate 90% of attacks, but the issue is that an adversary like a nation-state actor who has plenty of time and effort to refine the deepfake, it becomes very, very challenging to detect these attacks.”

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

Recommended Reading:

More Insights

Source: https://www.darkreading.com/analytics/deepfake-detection-poses-problematic-technology-race/d/d-id/1338953?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cyber Security

Newly Launched Cybersecurity Company Stairwell

Avatar

Published

on

Chronicle

A $4.5 million seed funding round was closed by the recently launched cybersecurity firm Stairwell, which seeks to provide defence teams with more tools to detect adversaries.

Mike Wiacek, who previously formed Google’s Threat Research Division and co-founded Chronicle, Alphabet ‘s corporate security company, founded and led the new agency. As COO and general counsel, Jan Kang, former Chief Legal Officer at Chronicle, enters Stairwell.

Stairwell shared very little information about its devices, but identified them as user-centered tools designed to help security teams “understand the core relationships between their external and internal data sources,” thus helping them battle cyber attacks proactively.

Security teams today are exposed to siloed resources that are unable to detect environmental ties between their external and internal data sources to offer defence against generic risks at the baseline level only. “We began Stairwell so that security teams have a coherent view of what is good, what is evil, and why, so that they can actively protect themselves against the most advanced threats,” said Wiacek.

Accel led the funding round, but Sequoia Funds, Gradient Ventures, and Allen & Company LLC, as well as other angel investors, also participated.

Source: https://cybersguards.com/newly-launched-cybersecurity-company-stairwell/

Continue Reading

Cyber Security

StackRox Announced the Release of KubeLinter to Identify Misconfigurations in Kubernetes

Avatar

Published

on

Kubernetes Misconfigurations

On Wednesday, Container and Kubernetes security firm StackRox announced the introduction of KubeLinter, an open source platform designed to help users find misconfigurations in implementations of Kubernetes.

KubeLinter is a tool for static inspection that tests YAML files that store configuration data for Kubernetes apps to ensure that best practises are followed for protection.

A research recently performed by StackRox found that most events linked to Kubernetes are caused by human error, with two-thirds of cases claiming misconfigurations.

Usually, checking settings is performed manually, but the company claims it’s not an easy task and it sometimes results in mistakes. The aim of KubeLinter, which is a command-line tool, is to automate the process of testing YAML files and Helm charts (used for configuration management) before they are deployed in a Kubernetes cluster.

The tool has built-in tests for typical misconfigurations, such as ensuring that the maxim of least rights is enforced, following proper hygiene of the mark, ensuring that it does not run as core, the availability of preparation probes, and the use of criteria for resources. Users will also build custom tests.

On developer computers, KubeLinter can be run, but it can also be built into the continuous integration (CI) frameworks of an enterprise.

We built KubeLinter to provide a safer, more automated way for the Kubernetes group to detect misconfigurations and deviations from best practises that restrict organisations from understanding the full potential of cloud-native applications, “said Ali Golshan, co-founder and CTO of StackRox.” Ultimately, the release of KubeLinter as an open source tool would help users of Kubernetes build hardened environments that are increasingly immune to the inherent risks created by regular changes in configuration typical in development practices.’

On GitHub, the source code for KubeLinter is available and the Kubernetes community has been encouraged to contribute to the tool, which is currently defined as being in a very early development stage.

A short video has also been published by StackRox describing why it built KubeLinter and how users can contribute to the project.

StackRox recently received financing of $26.5 million, taking the company’s overall funding secured to $61 million.

Source: https://cybersguards.com/stackrox-announced-kubelinter-misconfigurations-in-kubernetes/

Continue Reading

Cyber Security

How Was 2020 Cyber Security Awareness Month?

Avatar

Published

on

Global corporate enterprise and indeed global society is aware of the concept of cyber security. Personally Identifyable Information (PII) data leaks, continued personal phishing expeditions and state-based adversary hacking have all brought cyber security into focus for the average person.

The average Board member is certainly more aware of the value of cyber security than in years past due in part to ransomware payments. And front-lines employees are certainly more aware of the value of cyber security due to an increased understanding of what not to do.

The state of cyber security is indeed strong. As the Cyber Security Hub Year End Report will elucidate, nearly 80% of the community feels that the overall state of cyber security, meaning operations, resiliency, compliance, awareness, etc., is improving.

But that is of course through the end of the day today. As cyber security professionals know, it’s all about tomorrow. And tomorrow is going to be a bear.

Awareness

A few years of the Mid-Year and Year End reports has shown a sustained focus and expense on Security Awareness. Cyber security executives seem comfortable with the returns to date. But we are now in a whole new world and the pre-pandemic security awareness quotient does not cut it.

Key Questions:

  • How often are you in front of the organization regarding security awareness?
  • Are you expediting security awareness the same way that you’ve always done it?
  • Is each person in the organization aware of all of the new threat vectors?

Automation

The Cyber Security Hub Automation Report is fresh out with some key takeaways. More needs to be done than there is dollars to do. Automated attacks are on the rise and the global pandemic has not been kind to budgets. That means that organizations must make choices on if they can handle any amount of cyber security automation investment.

The luckier ones are making choices on what to automate with a better understanding of the fact that while automation might eventually reduce overhead, the human resources needed to make automation work have to be found and added first.

Key Questions:

  • Do you have budget for automation?
  • If yes, do you have the talent you need for automation?
  • If no, what technical debt do you have that you could lose?

Cloud-First

We just started the Zero Trust conversation and we have to also start the SASE conversation. Our friends at Okta have a handy chart that shows four levels of a Zero Trust organization. The first level is level zero (no-relation). Common wisdom has most of global corporate enterprise at either level zero or level one. Most folks think that less than 10% are at level 3 (that’s the highest level).

The Cyber Security Hub Year End Report will showcase the fact that 75% of the community is telling us how they stopped worrying and learned to love the VPN. (That’s a reference to the title of Dr. Strangelove if you’re keeping score at home). The point being- a significant portion of the community is on the just at the front end of figuring out IAM & PAM for their organizations.

So we’ve got a long way to go on establishing a Zero Trust Network Architecture (ZTNA). And a ZTNA is only one piece of a Secure Access Service Edge (SASE). SASE is not brand new. Gartner released their first analysis of the concept at the end of last year. Solution providers do have offerings and the top of the market is buying.

Key Questions:

  • Where are you on the IAM/PAM continuum?
  • Where are you on the Zero Trust continuum?
  • Where are you on the SASE continuum?

Business Enablement

As you might know, we’ve consistently shared that cyber security has gone from the Department of No to the Department of Know ensuring that cyber security isn’t in the way of business enablement.

We’ve also covered the fact that the cyber security budget conversation with the board must no longer be based on fear but on risk. The budget conversation as we understand it is best presented by choices.

“If we implement X, spending Y, we’ll reduce risk by Z. If we don’t implement X, risk will increase by Alpha by Year End 2021.”

A significant portion of budgets for 2020 and maybe even some of 2021 were spent in March and April of 2020. The cyber crime rate is going up. To thwart the threats, cyber security executives must be tough. You’ve got threat vectors on all sides. And your budget has been shattered. (That’s a reference to Shattered by the Rolling Stones if you’re keeping score at home).

Key Questions:

  • How are you going into the budget conversation for 2021?
  • Are you able to educate the board and CEO using a risk paradigm?

Happy Cyber Security Month from Cyber Security Hub. You’ve got to be a CISO to know how much mental and intestinal fortitude is needed to get the job done. We have awareness and appreciation of how hard the job is- and the fact that it just keeps getting tougher. So take a breath, focus as you do, get back out there and keep us safe. Thank you for doing the job.

Source: https://www.cshub.com/executive-decisions/articles/how-was-2020-cyber-security-awareness-month

Continue Reading
Blockchain News10 hours ago

Mastercard and GrainChain Bring Blockchain Provenance to Commodity Supply Chain in Americas

AR/VR15 hours ago

Warhammer Age of Sigmar: Tempestfall Announced for PC VR & Oculus Quest, Arrives 2021

Crowdfunding16 hours ago

I Dare You to Ignore This Trend

Blockchain News16 hours ago

Bitcoin Price Flashes $750M Warning Sign As 60,000 BTC Options Set To Expire

AR/VR16 hours ago

Star Wars: Tales from the Galaxy’s Edge to Include VR Short ‘Temple of Darkness’

Blockchain News16 hours ago

Bitcoin Suffers Mild Drop but Analyst Who Predicted Decoupling Expects BTC Price to See Bullish Uptrend

Blockchain News17 hours ago

AMD Purchases Xilinx in All-Stock Transaction to Develop Mining Devices

Cyber Security18 hours ago

Newly Launched Cybersecurity Company Stairwell

AI18 hours ago

How 5G Will Impact Customer Experience?

AR/VR18 hours ago

You can now Request the PlayStation VR Camera Adaptor for PS5

Blockchain News19 hours ago

HSBC and Wave Facilitate Blockchain-Powered Trade Between New Zealand and China

Blockchain News19 hours ago

Aave Makes History as Core Developers Transfer Governance to Token Holders

Blockchain News20 hours ago

Caitlin Long’s Avanti Becomes the Second Crypto Bank in the US, Open for Commercial Clients in Early 2021

Blockchain News20 hours ago

KPMG Partners with Coin Metrics to Boost Institutional Crypto Adoption

Blockchain News21 hours ago

US SEC Executive Who said Ethereum is Not a Security to Leave the Agency

Blockchain News21 hours ago

MicroStrategy Plans to Purchase Additional Bitcoin Reserves With Excess Cash

Covid1923 hours ago

How followers on Instagram can help to navigate your brand during a pandemic

Cyber Security1 day ago

StackRox Announced the Release of KubeLinter to Identify Misconfigurations in Kubernetes

Cyber Security1 day ago

How Was 2020 Cyber Security Awareness Month?

Ecommerce1 day ago

Celerant Technology® Expands NILS™ Integration Enabling Retailers…

Ecommerce1 day ago

The COVID-19 Pandemic Causes Eating Patterns in America to Take a…

Ecommerce1 day ago

MyJane Collaborates with Hedger Humor to Bring Wellness and Laughter…

AR/VR1 day ago

Sci-fi Shooter Hive Slayer is Free, Asks Players for Louisiana Hurricane Relief Donations Instead

AR/VR1 day ago

AMD Announces Radeon RX 6000-series GPUs with USB-C “for a modern VR experience”

AI1 day ago

Resiliency And Security: Future-Proofing Our AI Future

AI1 day ago

AI Projects Progressing Across Federal Government Agencies

Blockchain1 day ago

Kucoin and Revain Announce Partnership

AR/VR2 days ago

Crowdfunded AR Startup Tilt Five Secures $7.5M Series A Investment

AR/VR2 days ago

The Importance of XR Influencers

AR/VR2 days ago

Head Back Underground in 2021 With Cave Digger 2: Dig Harder

AR/VR2 days ago

Five All-New Multiplayer Modes Revealed for Tetris Effect: Connected

Crowdfunding2 days ago

The Perfect Investment

AR/VR2 days ago

Snapchat’s new Halloween AR Lenses Offer Full Body Tracking

Cyber Security2 days ago

How the PS5 Will Completely Change Gaming As We Know It?

Cyber Security2 days ago

Compromised Credentials used by Hackers to Access the Content Management System

Cyber Security2 days ago

Which are the safest payment methods for online betting?

Cyber Security2 days ago

How to stay safe if you’re using an Android device for betting?

Cyber Security2 days ago

Three technological advancements that we might see in online betting

Cyber Security2 days ago

Why do people prefer to use iOS for betting rather than Android?

Quantum2 days ago

Bell nonlocality with a single shot

Trending