Rasheed Hussain

Title Machine Learning and API Security: What We Have and What We Need
Abstract

Over the last couple of decades, business models have enormously changed due to, at least in part, the digital transformation and the astronomical demand and supply of new applications and services. To catch up with the increasing pressure from the businesses, the newly envisioned services must be realized rapidly. Application Programming Interface (API) is a mechanism that has enabled the rapid realization, scalability, and sharing of services and value among different entities. In other words, APIs are the new business trend among the enterprises. APIs provide a direct access to the business-logic of the applications and data which is of paramount importance for the enterprise to deliver their services without any delay and share the data with partners. However, despite the exciting features of APIs and their undisputed important role in the enterprises, APIs lure cyber attackers and suffer from a number of attacks. This phenomenon makes them a double-edge sword where in addition to scaling the business of an enterprise, they introduce new attack vectors and new points of vulnerabilities. Recent researches have shown that cyber attackers are targeting APIs to attack enterprises because APIs are (possibly) the easy targets to launch attacks. Furthermore, the availability of computation and communication resources render other intelligent techniques (such as Artificial Intelligence) feasible for security in the cyber domain. The rationale for using Artificial Intelligence (AI)-based techniques and different breeds of AI in security, is their applicability and effectiveness in detecting and mitigating cyber-attacks. In the same spirit, AI, Machine Learning (ML), and Deep Learning (DL) have been used to protect APIs against misuse and different kinds of attacks. In this talk, the security requirements and the current state of API security will be discussed. From the security solutions standpoint, this talk will cover the current solutions for API security and their shortcomings that will lead us to discuss the role of AI, ML, and DL in API security. Furthermore, this talk will also touch upon the General Data Protection Regulation (GDPR) compliance of API security. Towards the end of the talk, we will identify the current trends and pressing issues in the API security that need immediate attention with respect to ML and DL

Bio

Dr. Rasheed Hussain received his B.S. Engineering degree in Computer Software Engineering from University of Engineering and Technology, Peshawar, Pakistan in 2007, MS and PhD degrees in Computer Science and Engineering from Hanyang University, South Korea in 2010 and 2015, respectively. He worked as a Postdoctoral Fellow at Hanyang University, South Korea from March 2015 to August 2015. He also worked as a guest researcher and consultant at University of Amsterdam (UvA), The Netherlands from September 2015 till May 2016 and as Assistant Professor at Innopolis University, Innopolis, Russia from June 2016 till December 2018. Currently he is an Associate Professor and head of the MS program in Security and Network Engineering (SNE) at Innopolis University, Innopolis, Russia. He is also the Director of Networks and Blockchain Lab at Innopolis University and serves as an ACM Distinguished Speaker. He is a senior member of IEEE and serves as editorial board member for various journals including IEEE Access, IEEE Internet Initiative, Internet Technology Letters, Wiley, and serves as reviewer for most of the IEEE transactions, Springer and Elsevier Journals. He also serves as technical program committee member of various conferences such as IEEE VTC, IEEE VNC, IEEE Globecom, IEEE ICCVE, IEEE ICC, and so on. He is a certified trainer for Instructional Skills Workshop (ISW) and a recipient of Netherland’s University Teaching Qualification (Basis Kwalificatie Onderwijs, BKO). His research interests include Information Security and Privacy and particularly security and privacy issues in Vehicular Ad Hoc NETworks (VANETs), vehicular clouds, and vehicular social networking, applied cryptography, Internet of Things, Content-Centric Networking (CCN), cloud computing, API security, and blockchain. Currently he is working on machine and deep learning for IoT security and API security.