Machine learning is unavoidable because it's just very much better than other techniques for some important tasks, including spam filtering (which got Bayesian networks on the map) and face recognition (for which DNNs are the state of the art)

AI components are almost always embedded as components in larger systems; for example, machine-vision systems are part of the advanced driver assistance system in a modern car. However there are also radars (for adaptive cruise control), GPS (for navigation) and ultrasonics (for measuring the distance to nearby cars). You need to understand the possible errors of each component, both from random failure and from adversarial action

See above

I don't believe in that. Artificial intelligence is a propaganda phrase; really what we're doing is intelligence augmentation (I discuss this in my book). We have no idea at all what consciousness is, and all our so-called AI systems do is statistical machine learning. There is no understanding there.

If you train a model on very large datasets, you'll be selecting and batching data at random, and you'd better make sure that this is sound. If an opponent can tweak the order in which the training data get sampled, they can insert trojans or backdoors: https://www.lightbluetouchpaper.org/2021/04/23/data-ordering-attacks/

It depends on the application. Security is only defined with respect to a threat model, which depends on the context and who the potential adversaries are

That's an NLP problem rather than a security one...

Sure, and there are even warnings about possible security issues in the standards ? but that doesn't help you against adversarial action. For that you need enforcement, whether by filtering out bad characters, by limits on processing time, or whatever

You have to ask what sort of information might leak though the ML modules you use, and how this might undermine your security policy

The issue is that AI logic can have a very large gap between average-case power consumption and worst-case. If an adversary can feed inputs that cause worst-case performance, can this drain the battery to the extent that the device performance is impaired>

Technical security will mostly follow the development of technology in general; as tech progress opens up new attack surfaces, people will attack them. However the intensity of attack will depend on other factors such as economics. What sort of attacks can scale up?

You are quite right that Russian r and English p have the same glyph, even though they are pronounced differently. They can therefore be used in homoglyph attacks

Can you do software engineering without graduating from college?

Not at all. The cybercrime ecosystem is very much the same today as it was ten years ago, before DNNs suddenly became fashionable. That is the case despite even larger technological changes: people now use phones rather than laptops, data's moved from on-prem to the cloud, and there's social with everything. See https://www.lightbluetouchpaper.org/2019/05/30/the-changing-cost-of-cybercrime/ for more

See my book https://www.cl.cam.ac.uk/~rja14/book.html for a survey

There's a lot of hype, but the reality is more limited. ML is used from spam filtering to detecting password guessing; there are claims made about network intrusion detection, but they are less convincing. Researchers have demonstrated that NLP could help scale up targeted phishing but I'm not aware of that being seen in the wild

See the answer directly above, for the lack of evidence right now. In the future ML might conceivably help fraudsters in whatever ways to comes to help marketing more generally

The logs are more for looking for indicators of compromise after the fact. We played around 25 years ago to see whether we could use information retrieval techniques, such as building an index in advance for rapid searching,, but such techniques give fairly marginal gains

While doing research, use whatever's best for the toolkit you're using. For later high-performance implementation, don't just go for C; using Rust instead can avoid memory safety issues later

Over half of all exploits stem from memory safety issues. It's prudent to write new projects in safer languages like Rust, and to use static analysis tools to check legacy code in C and C++ if you must still rely on it. And that's what we've learned after seventy years of using traditional imperative languages. After ten years, deep learning technology is still much less mature, and engineers who use it must pay attention to the basics such as sanitising input, sanity-checking output and monitoring runtimes

Find a mobile technology problem that interests or irritates you and solve it, regardless of whether you use old-fashioned if statements or modern machine-learning tools

See Arvind Narayanan on AI snake oil; most products that claim to be "AI" are nothing of the kind. Many of those that do use some kind of statistical machine learning use techniques we've known about for decades such as regressions. A few use deep learning, and even there it's helpful in some tasks (such as pattern recognition) more than others (it doesn't really work for social prediction)

They'd better choose. Do they want to tell a service operator enough about themselves to personalise a service offering? In that case, they're disclosing personal information. Whether the system that uses it uses machine learning or not isn't really the issue

If you build machine-learning systems without paying attention to security, you're asking for trouble. You need to know about security engineering generally, not "artificial intelligence for security"

It depends on the application. Make sure you understand the theory behind decision problems, such as the receiver operating characteristic (RoC) curve

The big mail service providers typically train their spam filters using the previous day's spam, so they can respond within a day to new developments by the spam gangs

It's not going to happen. "Artificial intelligence" is a propaganda term; there's no intelligence there. It's just statistics. It's better to describe machine learning applications as "intelligence augmentation". Tools such as search engines enable human workers to be more productive

I don't think so. Network intrusion detection has long been one of the problems that has yielded the least to machine-learning techniques. The Internet is a very noisy environment; there are too few attacks to train classifiers; many attacks are specific to particular types of software; and more and more traffic is encrypted, which means that intrusion detection must be done increasingly at endpoints rather than in the network. What's more, people are moving to zero-trust networks where all the firewall does is to keep out DDoS attacks

Breaking it

Depends on the application

Depends on the type of anomaly

It's a good idea to learn security engineering as well as machine learning

Good management ? having an accurate inventory of all devices and services, keeping them patched up-to-date, implementing authenitcation and access controls carefully, and monitoring for indicators of compromise

ML isn't really relevant. Keep your PC patched up to date, or better still buy a Mac :-)

My security engineering book is at https://www.cl.cam.ac.uk/~rja14/book.html and you can find videos of my university lectures on my home page https://www.cl.cam.ac.uk/~rja14/

How do you tell you've been attacked?

It's starting to happen. Devices from phones to cars not incorporate ML components

One is acquiring experience, and another is learning adversarial thinking. These two are linked

probably seeing it in the right context ? not just looking at the technical stuff but how a system will be used, by whom, and what the incentives of the various players push them to do

To start, you might study security of X where X is some application (banking, cars, games...) or security and Y where Y is some discipline (cryptography, hardware, economics...)

Start by solving a problem that interests you, or irritates you, and learn the tools you need for the job

Large-scale environmental destruction, rampant securities fraud, and large-scale money laundering

Solving real problems rather than imaginary ones

I don't use AV. I use Linux and Mac computers and keep them patched up to date

If you believe that, I have a bridge I'd like to sell you

No idea. Colleagues organise those classes

No idea

You need to understand real security engineering, not some subset for ML

As I underatnd it, generative adversarial networks (GANs) work because you have two ML systems training against each other ? hence "adversarial"

Criminals use Monero because it gives more privacy than bitcoin, so it's preferred by some ransomware gangs. A likely social response will be to make it really hard to convert Monero into real money, and maybe we'll make it a criminal offence to own any, as we do with videos of sex abuse and terrorism