The presentation discusses the use of XAI to explain security products and bridge the gap between academic research and industrial demand.
- XAI is used to explain security products to provide more insight into detection results and help improve production.
- XAI can be used by customers to evaluate security products and make purchasing decisions.
- XAI can also be used by attackers to launch certain types of attacks against commercial security products.
- The presentation aims to help the audience understand XAI and use it to evaluate security products in their daily job.
- There is a gap between academic research and industrial demand for XAI in security products.
- The presentation hopes to inspire researchers to fill this gap in future work.
The presentation provides an example of using XAI to generate adversarial examples and leak information from a hyper-secure product. The intrusion protection system was used to illustrate the point that the model did not learn the actual SQL injection pattern. By modifying a benign pattern, the team was able to generate adversarial examples that could pass the IPS detection. Additionally, the team modified a secure product to include heuristic rules and found that the alarm tools could accurately identify the secure injection pattern with high confidence. This illustrates the potential for attackers to learn the rules from the secure product and use it as information leakage.