1. SEIZE THE DATA. 2015
PredictingCyberSecurityIndustry
HP Security Briefing 21
John Park/ August 11th, 2015

2. It all starts with a simple question.

3. “What is happening with
computer security ?”

4. First solution:
“READ EVERYTHING.”

6. After 5000 hours of reading…

8. Lesson #1: There is more info than one
can read in a lifetime.

9. Lesson #2: The more one reads, the
more it sounds the same.

10. Second solution:
“USE MACHINES.”

11. Natural Language Processing (NLP)

12. Word-smithing

13. Mass Media 101: Journalism
The more important it is,
the more it’s talked about.

14. Mass Media 102: Advertising
The more it’s talked about,
the more important it becomes.

15. Mid-way: questions?

16. Game Plan:
Count the number of words
and sequences of words (n-grams).

17. Data tip #1:
Start with a high-quality dataset.

19. HPSR Cyber Risk Report 2015

20. NLP tip #1: Word (1-gram) frequency
shows the ingredients.

21. NLP tip #2: Word pair (2-grams) are
intersections. More niche.

22. NLP tip #3: 3+ grams are super-niche.
May be too unique.

23. NLP tip #4: Stemming
lowercase + substr(word,0,7)

24. NLP tip #5: Stop-words (is, the, ...)
Normalize against general text.
(go over the top 300 manually)

25. NLP tip #6:
If timeline analysis,
balance the “before” and the “after”.

26. NLP tip #7:
It’s always best to have final
human verification.
Use the common sense.
Find similar exploiters.

27. Without further ado,
let’s see some results.

28. Result #1: Top 5 words (2013+2014)
1. Malware
2. Security
3. Attack
4. System
5. Exploits

29. Power Law/Long-Tail

30. Result #2: Top 5 n-grams (2013+2014)
1. Operating System
2. Targeted Attack
3. Exploit Kits
4. United States
5. Social Engineering

31. Result #3: Security conferences
Black Hat
1. attack
2. security
3. presentation
4. system
5. talk
Def Con
1. security
2. talk
3. attack
4. network
5. hackers
Virus Bulletin
1. malware
2. system
3. security
4. app
5. detection

32. Result #4: National mentions
1. United States
2. Russia
3. China
4. Germany
5. Brazil

33. One more thing…

34. What we really want:
Predictions

35. Prediction #1: Word frequency 2015
(extrapolated from 2013 + 2014)
1. Security (2)
2. Attacks (3)
3. Malware (1)
4. System (4)
5. Data (6)

36. Prediction #1: n-gram frequency 2015
(extrapolated from 2013 + 2014)
1. Operating System (1)
2. Malware Family (9)
3. Exploit Kits (3)
4. Targeted Attacks (2)
5. Cyber Security (19)

37. And another thing…

38. What we really want:
Competitive Analysis

39. What are other companies in the industry
working on?
Microsoft
1. computers
2. detected
3. exploits
4. Microsoft
5. malware
FireEye
1. attack
2. malware
3. targeted
4. FireEye
5. verticals
Verizon
1. data
2. incidents
3. breaches
4. attacks
5. organizations

40. More data on
HP Security Briefing 21:

41. Security is about defending the System
against Attacks, that start with Exploits
and controlled by Malware.

42. SEIZE THE DATA. 2015