SlideShare a Scribd company logo

Machine Learning for Security Analysts

Download as PPTX, PDF
GTKlondike
GTKlondike

1) Machine learning uses algorithms to learn from past data to predict future outcomes. It enables information mining, pattern discovery, and drawing inferences from data. 2) Today, 25% of security products use some form of machine learning for detection. To properly use machine learning products, it is important to understand how they work to ensure they are operating efficiently. 3) The presentation walks through building a spam filter from scratch using a naive Bayes algorithm as an example of how machine learning can be applied for classification problems like detecting spam emails.

Technology
1 of 25
Machine Learning for Security Analysts Out of the Buzzword and into the Mainstream 1
$ whoami Name: GTKlondike (Independent security researcher) (Consulting is my day job) Passionate about network security (Attack and Defense) NetSec Explained: A passion project and YouTube channel which covers intermediate and advanced level network security topics in an easy to understand way. I hate these pages 2
What Is Machine Learning? 3 What is it we’re trying to do?
What Is Machine Learning? 4 AI, ML, and deep learning
What Is Machine Learning? Machine Learning is a set of statistical techniques, that enables a process of information mining, pattern discovery, and drawing inferences from data. Machine Learning uses algorithms to “learn” from past data to predict future outcomes. 5 What is it we’re trying to do?
Machine Learning Examples 6 Domain Generation Algorithms
Machine Learning Examples 7 Web Application Firewall
Machine Learning Examples 8 Network Anomaly Detection
Why This Talk? Today, 25% of security products for detection have some form of machine learning To properly deploy and manage machine learning products, you will need to understand how they operate to ensure they are working efficiently. 9 In the future, we are all Skynet Source: Gartner Core Security; 2016
7 Step Machine Learning Process Gather the Data Prepare the Data Choose a Model Train the Model Evaluate the Model Hyperparameter Tuning Deploy 10 Gather, Build, Train, Test, Deploy
Machine Learning, Head First We’re going to start by building a Spam Filter (Something we’re all familiar with) Input: Emails Output: Determine if this is Spam or not 11 Building it from scratch
Machine Learning, Head First 12 But first, a little background Text Category “A great game” Sports “The election was over” Not sports “Very clean match” Sports “A clean but forgettable game” Sports “It was a close election” Not sports Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 13 Bayes’ Theorem Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 14 Bayes’ Theorem Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 15 Another look at the table Text Category “A great game” Sports “The election was over” Not sports “Very clean match” Sports “A clean but forgettable game” Sports “It was a close election” Not sports Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 16 But wait, what if this happens? Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 17 But wait, what if this happens? Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 18 Multinomial Naive Bayes Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 19 Calculate the probabilities Word P(word | Sports) P(word | Not sports) A 2 + 1 11 + 14 1 + 1 9 + 14 Very 1 + 1 11 + 14 0 + 1 9 + 14 Close 0 + 1 11 + 14 1 + 1 9 + 14 Game 2 + 1 11 + 14 0 + 1 9 + 14 Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First 20 Let’s finish it up Source: Applying Multinomial Naïve Bayes
Machine Learning, Head First (d) - The total number of unique words (N)spam - The total number of words in Spam (N)ham - The total number of words in Ham (Xi)spam - The count of each word in Spam (Xi)not spam - The count of each word in Ham 21 What we need to keep track of
Machine Learning, Head First Re: Re: East Asian fonts in Lenny. Thanks for your support. Installing unifonts did it well for me. ;) Nima -- To UNSUBSCRIBE, email to debian-user- REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org 22 Let’s look at one of the emails
Machine Learning, Head First re: re: east asian fonts in lenny. thanks for your support. Installing unifonts did it well for me. ;) nima -- To unsubscribe, email to debian-user- request@lists.debian.org with a subject of "unsubscribe". trouble? contact listmaster@lists.debian.org 23 Remove punctuation and stopwords
References Gartner Core Security –The Fast-Evolving State of Security Analytics; April 2016 Applying Multinomial Naïve Bayes –Applying Multinomial Naive Bayes to NLP Problems: A Practical Explanation; July 2017 AI Village –https://aivillage.org/ Machine Learning and Security –By Clarence Chio & David Freeman 24 And further reading
Thank You! Email: GTKlondike@gmail.com YouTube: Netsec Explained Website: NetsecExplained.com Github: github.com/NetsecExplained 25

Recommended

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 

Recommended

Machine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackMachine Learning & Cyber Security: Detecting Malicious URLs in the Haystack
Machine Learning & Cyber Security: Detecting Malicious URLs in the HaystackAlistair Gillespie
 
Application of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in CybersecurityPratap Dangeti
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurityscoopnewsgroup
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingNaveen Sihag
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Port scanning
Port scanningPort scanning
Port scanningHemanth Pasumarthi
 
malware analysis
malware analysismalware analysis
malware analysis20CS201AkashR
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingNamrata Raiyani
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information GatheringChristian Martorella
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 

More Related Content

What's hot

IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...ABHAY PATHAK
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrimepatelripal99
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detectionChong-Kuan Chen
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 

What's hot (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Port scanning
Port scanningPort scanning
Port scanning
 
malware analysis
malware analysismalware analysis
malware analysis
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Tactical Information Gathering
Tactical Information GatheringTactical Information Gathering
Tactical Information Gathering
 
Spoofing
SpoofingSpoofing
Spoofing
 
Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...Social Engineering,social engeineering techniques,social engineering protecti...
Social Engineering,social engeineering techniques,social engineering protecti...
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Tools and methods used in cybercrime
Tools and methods used in cybercrimeTools and methods used in cybercrime
Tools and methods used in cybercrime
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial Intelligence
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Malware classification and detection
Malware classification and detectionMalware classification and detection
Malware classification and detection
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 

Similar to Machine Learning for Security Analysts

Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273Abutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
lec21.ppt
lec21.pptlec21.ppt
lec21.pptbutest
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacksCyber Security Alliance
 
Teaching AI about human knowledge
Teaching AI about human knowledgeTeaching AI about human knowledge
Teaching AI about human knowledgeInes Montani
 
Java one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-isJava one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-issandhya kapoor
 
Building Cognitive Applications with Watson APIs
Building Cognitive Applications with Watson APIs Building Cognitive Applications with Watson APIs
Building Cognitive Applications with Watson APIs Dev_Events
 
Java one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-isJava one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-issandhya kapoor
 
Information Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesInformation Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesVince Verbeke
 

Similar to Machine Learning for Security Analysts (20)

Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
Machine Learning ICS 273A
Machine Learning ICS 273AMachine Learning ICS 273A
Machine Learning ICS 273A
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
lec21.ppt
lec21.pptlec21.ppt
lec21.ppt
 
Understanding the fundamentals of attacks
Understanding the fundamentals of attacksUnderstanding the fundamentals of attacks
Understanding the fundamentals of attacks
 
Teaching AI about human knowledge
Teaching AI about human knowledgeTeaching AI about human knowledge
Teaching AI about human knowledge
 
Ferret
FerretFerret
Ferret
 
UUUU
UUUUUUUU
UUUU
 
Ferret - Data Seepage
Ferret - Data SeepageFerret - Data Seepage
Ferret - Data Seepage
 
Java one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-isJava one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-is
 
Building Cognitive Applications with Watson APIs
Building Cognitive Applications with Watson APIs Building Cognitive Applications with Watson APIs
Building Cognitive Applications with Watson APIs
 
Java one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-isJava one2016 con3054-watsonap-is
Java one2016 con3054-watsonap-is
 
Information Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag SciencesInformation Security Day for Penn State Ag Sciences
Information Security Day for Penn State Ag Sciences
 
BDACA1516s2 - Lecture8
BDACA1516s2 - Lecture8BDACA1516s2 - Lecture8
BDACA1516s2 - Lecture8
 

Recently uploaded

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Machine Learning for Security Analysts

  • 1. Machine Learning for Security Analysts Out of the Buzzword and into the Mainstream 1
  • 2. $ whoami Name: GTKlondike (Independent security researcher) (Consulting is my day job) Passionate about network security (Attack and Defense) NetSec Explained: A passion project and YouTube channel which covers intermediate and advanced level network security topics in an easy to understand way. I hate these pages 2
  • 3. What Is Machine Learning? 3 What is it we’re trying to do?
  • 4. What Is Machine Learning? 4 AI, ML, and deep learning
  • 5. What Is Machine Learning? Machine Learning is a set of statistical techniques, that enables a process of information mining, pattern discovery, and drawing inferences from data. Machine Learning uses algorithms to “learn” from past data to predict future outcomes. 5 What is it we’re trying to do?
  • 6. Machine Learning Examples 6 Domain Generation Algorithms
  • 7. Machine Learning Examples 7 Web Application Firewall
  • 9. Why This Talk? Today, 25% of security products for detection have some form of machine learning To properly deploy and manage machine learning products, you will need to understand how they operate to ensure they are working efficiently. 9 In the future, we are all Skynet Source: Gartner Core Security; 2016
  • 10. 7 Step Machine Learning Process Gather the Data Prepare the Data Choose a Model Train the Model Evaluate the Model Hyperparameter Tuning Deploy 10 Gather, Build, Train, Test, Deploy
  • 11. Machine Learning, Head First We’re going to start by building a Spam Filter (Something we’re all familiar with) Input: Emails Output: Determine if this is Spam or not 11 Building it from scratch
  • 12. Machine Learning, Head First 12 But first, a little background Text Category “A great game” Sports “The election was over” Not sports “Very clean match” Sports “A clean but forgettable game” Sports “It was a close election” Not sports Source: Applying Multinomial Naïve Bayes
  • 13. Machine Learning, Head First 13 Bayes’ Theorem Source: Applying Multinomial Naïve Bayes
  • 14. Machine Learning, Head First 14 Bayes’ Theorem Source: Applying Multinomial Naïve Bayes
  • 15. Machine Learning, Head First 15 Another look at the table Text Category “A great game” Sports “The election was over” Not sports “Very clean match” Sports “A clean but forgettable game” Sports “It was a close election” Not sports Source: Applying Multinomial Naïve Bayes
  • 16. Machine Learning, Head First 16 But wait, what if this happens? Source: Applying Multinomial Naïve Bayes
  • 17. Machine Learning, Head First 17 But wait, what if this happens? Source: Applying Multinomial Naïve Bayes
  • 18. Machine Learning, Head First 18 Multinomial Naive Bayes Source: Applying Multinomial Naïve Bayes
  • 19. Machine Learning, Head First 19 Calculate the probabilities Word P(word | Sports) P(word | Not sports) A 2 + 1 11 + 14 1 + 1 9 + 14 Very 1 + 1 11 + 14 0 + 1 9 + 14 Close 0 + 1 11 + 14 1 + 1 9 + 14 Game 2 + 1 11 + 14 0 + 1 9 + 14 Source: Applying Multinomial Naïve Bayes
  • 20. Machine Learning, Head First 20 Let’s finish it up Source: Applying Multinomial Naïve Bayes
  • 21. Machine Learning, Head First (d) - The total number of unique words (N)spam - The total number of words in Spam (N)ham - The total number of words in Ham (Xi)spam - The count of each word in Spam (Xi)not spam - The count of each word in Ham 21 What we need to keep track of
  • 22. Machine Learning, Head First Re: Re: East Asian fonts in Lenny. Thanks for your support. Installing unifonts did it well for me. ;) Nima -- To UNSUBSCRIBE, email to debian-user- REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org 22 Let’s look at one of the emails
  • 23. Machine Learning, Head First re: re: east asian fonts in lenny. thanks for your support. Installing unifonts did it well for me. ;) nima -- To unsubscribe, email to debian-user- request@lists.debian.org with a subject of "unsubscribe". trouble? contact listmaster@lists.debian.org 23 Remove punctuation and stopwords
  • 24. References Gartner Core Security –The Fast-Evolving State of Security Analytics; April 2016 Applying Multinomial Naïve Bayes –Applying Multinomial Naive Bayes to NLP Problems: A Practical Explanation; July 2017 AI Village –https://aivillage.org/ Machine Learning and Security –By Clarence Chio & David Freeman 24 And further reading
  • 25. Thank You! Email: GTKlondike@gmail.com YouTube: Netsec Explained Website: NetsecExplained.com Github: github.com/NetsecExplained 25