Hello everyone. My name is Fu Sadik. I've been working as a solution architect for security ai. I have over 18 plus years of experience in data security and privacy space, and today I am here for a session on a driven cybersecurity intelligent threat detection and privacy in the post quantum era. Today we'll be discussing about the evolving cyber threat landscape, where we'll be understanding the current threats and the essential role of a ML for modern defense and building a ML classification for framework where we'll be architecting multimodal detection system and realtime time pipeline for emerging threats and privacy, preserving ML techniques and those, how we can leverage that in. A ML Detections and implementation and operational excellence. We transitioning a ML solution proof from proof of concepts to the production, deployment and monitoring, and finally preparing for post quantum error where we'll be using the feature proofing of A ML system again, is the challenges of course, quantum cybersecurity. Evolving cyber threat landscape. So we all know that the signature based systems currently are not of capable or sophisticated to the attacks that we have now. We have all modern ways of doing attacks or coming from different sources. So there are apps employing increasingly sophisticated EVA techniques. There are zero day explosives targeting previously unknown vulnerabilities. Polymorphic wall bear and file less wall bear and even in the supply chain attacks compromised, trusted software distributed channels. And so all because of these advanced attacks, the conventional security tools struggle to keep up the pace and they are failed by 38% detection today with the sophisticated attacks. And so there is a need for a, an enhancement where we use a ML. Cybersecurity to detect these ahead of the time. So what we do here is we will first do the behavioral detection and then we do the predictive capabilities and then adapt to response and resource optimization. In the behavioral detection, we use A EML techniques, Excel to identify anomaly anonymous users and system behaviors and detect threats that signature based tools or lack of. Then predictive capital, it is leveraging these threat intelligence. MLL algorithms can proactively forecast emerging threats before fully materialized means we leverage the threat intelligence and the M-L-A-M-L algorithms, how a predictive analysis to do and then predict it before it materialize. And then the adaptive response ML systems continuously learn from the new data. And enabling them to adopt defense against the attacks the vector autonomously. So resource optimization will do a power trade significantly reduce by intellectual intelligently pre threats based on comprehensively scores and the contextual analysis. And so where we know that how to respond, and then based on the priority and severity. Use resources optimization while responding in. And these advanced ML classification models drastically improve the cybersecurity outcomes, and that enables 93% detection date from previously. And same the signature based tools that we have. And here we'll be using multimodal detection architecture where we first gather the data. We use supervised learning and deep learning here. And in the supervised learning, we utilizes the label data sets of known threats for classification, where we'll be using random for as gradient boosting and super support vector machines. And so in unsupported unsupervised learning, we, it identifies anomalies by detecting deviation from the normal patterns where we'll be using isolation for us. One class, SVP DB scan, clustering it. And finally, the deep learning where we employ neural networks for complex pattern recognition. Where we will be using LSTM networks, transform models, computational, conventional networks. And these are the, an approach combines diverse models to achieve significant higher accuracy and reduce false positives compared to the. Individual model. So if you compare what's happening in the, compare it to the traditional way of data classification to the a, a ML base, in the traditional classification, we use a regular expression or a metadata patterns. But here as as a ML is evolving, we are using all these AI techniques to more to add more context and, context and content to it so that we will be doing a more accurate data classification where we'll be seeing 80% of the accuracy without any efforts and where we'll be, we are minimizing the false positives at a greater rate and then high increasing the higher accuracy in the classification lab. And then feature engineering for cyber security ml where we'll be using. Network traffic feature features and user behavior feature and host specific feature means in the network traffic features. We will be studying the protocol deviation anomalies and the deviation flow metadata where deviation volumes will be featured, and then temporal patterns and burst and destination and tr and new location. In the user behavioral feature, we'll see we'll verifying that authentication patterns and how the users are authenticating and access and distribution, at what time they're trying to access and data access, and the movement patterns and where, at what time they're running some queries or the command frequency profiles, C profile set, and then host based feature. We will process execution, chain system call sequences, resource utilization patterns. And registry and file system changes. So effectively effective feature selection increases model performance by 40% when reducing the computational overhead and realtime classification pipeline architecture. So this is very important here. The, from where it starts and how we automate this process. The first step is data tion. We collect all the information from sensors, logs and network tabs, our database logs and all. And then we feature extract as we discuss in the real time. We we real time pass it and vectorize signals based on the data tion. And then we do ML and where panel supervisor and deep models will be used. And then based on that, we'll do the scoring. You'll use aggregated models to, to to add the risk scores and based on the risk scores, you automate the responses, you take your mitigation or update data. And then the, where we can use the privacy pre preserving ML techniques. So because you are processing a huge data as part of this, and there could be some sensitive data about the industry that you are working in. That's where we use these techniques to be in compliance and with the regulations like GDPR, hiphop, P-C-I-P-H-I regulations, CCPA regulations. So we'll be using the here, the federated level and differential privacy and homo encryption in learning. It transforms the data into decentralized UIS with the local data and eliminate the raw data exchange means that data is not going. Anywhere it's all local to the model and we process it. You, even with the sensitive data, differential privacy is the same thing as but where we'll be adding some noise to the trying data to put output of our mathematical privacy guarantees preserving utility. So in this case, we. It's a, it is the same raw data, but we'll be adding some noise to it so that it mimic the data and then use that, use data for ML processing it and homo homomorphic encryption where it enables competition on encrypted data without decryption allowing a ML operations answers to data while maintaining confidentiality. Yeah, this is. On the fly encryption it does, and without decaling it so that AI ml can use that data for their processing and how we do the implementation. So from previous two production, this is a phase approach where the first voice is the phase one is the foundation. Phase two is the control deployment, and phase three is the scale, the production. So in the phase one, what we do is we establish a robust data collection, as I mentioned, from different sources like, and then we do the labeling as part of data classification and perform extension, feature engineering and selection. And we conduct initial model training and validation and integrate this with the existing soft tools. And then in the control deployment, we deploy models in shadow mode. Again, as the existing systems we measure performance rigorously against as establish baselines. We optimize threshold and minimize false parties, false positives using techniques and provide a comprehensive security team training and collect the feedback. And in phase two, it's a scale production. We gradually transition from legacy detection systems implement CACD pipeline to continuously update the models. Automate model retraining and deployment cycles. And finally integrate this with the real time performance and visualization. This as this is a phased approach, the advantage is you reduce the risk while enabling continuous validation and improvement of ML systems and then the co operationalize the excellence and monitor. And as part of operationalization, that for excellence. We see the performance indicators like you detect the latency and average time to classify incoming traffic and false positive rates. Then attack coverage and percentage of a known attack vector detected zero day detection success rate in identifying previously threats. So this is a continuous improvement process where you automate these models to detections. Take the human feedback and then the intelligence integrated with that. And then we do heavy testing of model improvements. And next one is preparing for the post quantum cybersecurity. So post quantum is the next generation where how we were leveraging the post quantum cybersecurity into the set detection. Where here we'll be using quantum threat models, where the quantum computing, particularly algorithms like source processes a significant threat to current public key cryptography, including R-S-A-E-C-C and deal Mann. And then the post quantum cryptography. NIST has identified poster quantum cryptography standards like crystal. This is a key encapsulation. The lithium digital signature to protect ML models against the future quantum threats. So these are the prone the cryptographic techniques that the ML models are currently using. And then the strategy ML system preparedness where key strategies for ML systems in the quantum transition involved integrating crypto agility, adopt hybrid, classic, and post quantum approaches and. So proactively if we integrate post quantum cyber security into ML pipelines is critical. Because from the coming five to six years, the transition is projected. Our nation must be now ensure long term cyber security. Our automation should be ready to adopt to these post quantum cyber security embedded into the a ML processor. So key takeaways. So we covered DIML, driven cybersecurity, transformers privacy, first ML deployment, and how with the phased approach and shared implementation. And and then finally, proactive quantum readiness. Thank you for your time. I hope you enjoy session and thanks a lot.