Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
A SOBER LOOK AT MACHINE
LEARNING
DR. SVEN KRASSER CHIEF SCIENTIST
@SVENKRASSER
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Distinguishing Science…
Source: CERN, http://home.cern/sites/home.web.cern.ch/...
…from FictionSource: “Chain Reaction,” 20th Century Fox
MACHINE LEARNING 101
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
EXAMPLES OF MACHINE LEARNING
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
SPAM
FILTERING
MOVIE
RECOMMENDATIONS
SIRI
(iPHONE)
TODAY’S FOCUS: SUPERVISED LEARNING
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TODAY’S FOCUS: GEOMETRIC MODELS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
EVERYTHING YOU WILL SEE TODAY
IS REAL WORLD DATA
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Some Data to Get Started:
1988 ANTHROPOMETRIC
SURVEY OF ARMY PERSONNEL
Source: http://mreed.umtri.umich.edu/mreed/download...
• Over 4000 soldiers surveyed
• Over 100 measurements
• Reported by gender
Test subjects are in better shape
than the rest...
FIRST LOOK
Height [mm]
Density
• Difference in distribution
• Significant overlap
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERV...
SECOND DIMENSION
Height [mm]
Weight[10-1
kg]
• Correlation
• Overlap
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
FEATURE SELECTION
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Correlation
• Gender-specific slope
• Reduced overlap
• S...
K-NEAREST NEIGHBOR
“Buttock Circumference” [mm]
Weight[10-1
kg]
m
f
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
SUPPORT VECTOR MACHINE
“Buttock Circumference” [mm]
Weight[10-1
kg]
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
SUPPORT VECTOR MACHINE
2016 CrowdStrike, Inc. All rights reserved.
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Overfitt...
CROSS
VALIDATION
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TRAIN TRAIN TRAIN TEST
TRAIN TRAIN TEST TRAIN
TRAIN TEST TRAI...
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Classifier generalizes
• Note some
misclassifications
• Let’...
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight  [10-­1
kg]
• Get more “blue” right
(true positives)
• Get more “red” w...
RECEIVER OPERATING CHARACTERISTICS CURVE
False Positive Rate
TruePositiveRate
Detect	
  more	
  by	
  accepting	
  more	
 ...
THREE DIMENSIONS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
MORE DIMENSIONS
Decision Value
Density
• Linear model in ~160
dimensions
• Linearly separable
2016 CROWDSTRIKE, INC. ALL R...
Source:Source: http://playground.tensorflow.org/
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TREES AND TREE ENSEMBLES
SPARSE
FEATURES
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
400 401 402 403 404 405 406 407 408 409 410 411 412 413 414
ar...
N-GRAMS
43 72 6F 77 64 53 74 72 69 6B 65
43726F 776453 747269
726F77 645374 72696B
6F7764 537472 696B65
2016 CROWDSTRIKE, ...
MISSION ACCOMPLISHED:
WE JUST ADD MORE DIMENSIONS…
RIGHT?
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
CURSE OF DIMENSIONALITY
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
REDUCED
predictive
performance
INCREASED
training time...
Source: https://commons.wikimedia.org/w/index.php?curid=2257082
Source: https://commons.wikimedia.org/w/index.php?curid=2257082
DIMENSIONALITY AND SPARSENESS
2016 CrowdStrike, Inc. All rights reserved.
Height (mm)
Weight[10-1
kg]
DIMENSIONALITY AND SPARSENESS
2016 CrowdStrike, Inc. All rights reserved.
Height (mm)
Weight[10-1
kg]
MANAGING
DIMENSIONALITY
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• FEATURE ELIMINATION
– Feature ranking
– Stop words
•...
SECURITY APPLICATIONS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
FILE
ANALYSIS
AKA Static Analysis
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• THE GOOD
– Relatively fast
– Scalable
– No...
EXAMPLE FEATURES
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
32/64BIT
EXECUTABLE
GUI
SUBSYSTEM
COMMAND
LINE
SUBSYSTEM
FILE...
COMBINING FEATURES
• Projection to show
clusters
• For illustration, not
the space in that we
classify
2016 CROWDSTRIKE, I...
EXECUTION
ANALYSIS
AKA Dynamic Analysis
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• THE GOOD
– Captures actual behavior ...
EXAMPLE: GLOBAL BEHAVIOR
§ Behavior across many executions
of a file
§ Conducted on event data centrally
located in the ...
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ML VS OTHER TECHNIQUES
§ ML output is probabilistic
§ Use other techniques w...
EVALUATING ML SOLUTIONS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PRELIMINARIES
§ ML is not a feature, it is an implementation detail
§ Every ...
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
How much data is there to train on?
SCOPE: SCALE
§ Volume of data generated b...
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
How many data sources are used?
SCOPE: BREADTH
§ Varied sources and technique...
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
DETECTION RATE
§ Detection rate w/o false positive rate is
meaningless
§ Con...
APTS & 99% OF MALWARE DETECTED…
2016 CrowdStrike, Inc. All rights reserved.51
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
APTS (CONT.)
§ Combine techniques to offset tradeoffs
§ Static and behaviora...
KEY POINTS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• Machine Learning is an important part of the security tool chest
...
A Sober Look at Machine Learning
A Sober Look at Machine Learning
Upcoming SlideShare
Loading in …5
×

A Sober Look at Machine Learning

765 views

Published on

Slides from July 2016 ISSA OC talk (https://issa-oc.org/event/july-2016-meeting/).

Abstract:

Machine learning is presently a hot topic in the security industry. On the one side, we have companies praising machine learning as the panacea solving all of our security needs. On the other side, there are companies seeing no merit in machine learning urging us to stay with so-called proven approaches.

As always, the truth is a bit more complicated. In this talk, we will take a sober and scientific look at machine learning beyond the hype. First, we will cover what objectives machine learning addresses and how those are accomplished. Next, we will review how machine learning techniques apply to the security space, which problems they solve (and which ones they don’t), and what challenges and opportunities they present. Lastly, with these preliminaries addressed, we will dive into what customers need to look for when evaluating machine learning based security products.

Published in: Data & Analytics
  • Be the first to comment

A Sober Look at Machine Learning

  1. 1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. A SOBER LOOK AT MACHINE LEARNING DR. SVEN KRASSER CHIEF SCIENTIST @SVENKRASSER
  2. 2. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. Distinguishing Science… Source: CERN, http://home.cern/sites/home.web.cern.ch/files/image/experiment/2013/01/cms_0.jpeg
  3. 3. …from FictionSource: “Chain Reaction,” 20th Century Fox
  4. 4. MACHINE LEARNING 101 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  5. 5. EXAMPLES OF MACHINE LEARNING 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. SPAM FILTERING MOVIE RECOMMENDATIONS SIRI (iPHONE)
  6. 6. TODAY’S FOCUS: SUPERVISED LEARNING 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  7. 7. TODAY’S FOCUS: GEOMETRIC MODELS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  8. 8. EVERYTHING YOU WILL SEE TODAY IS REAL WORLD DATA 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  9. 9. Some Data to Get Started: 1988 ANTHROPOMETRIC SURVEY OF ARMY PERSONNEL Source: http://mreed.umtri.umich.edu/mreed/downloads.html#anthro 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  10. 10. • Over 4000 soldiers surveyed • Over 100 measurements • Reported by gender Test subjects are in better shape than the rest of us... Data Selection Bias 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  11. 11. FIRST LOOK Height [mm] Density • Difference in distribution • Significant overlap 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  12. 12. SECOND DIMENSION Height [mm] Weight[10-1 kg] • Correlation • Overlap 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  13. 13. FEATURE SELECTION “Buttock Circumference” [mm] Weight[10-1 kg] • Correlation • Gender-specific slope • Reduced overlap • Selection of features matters • How to make a prediction? 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  14. 14. K-NEAREST NEIGHBOR “Buttock Circumference” [mm] Weight[10-1 kg] m f 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  15. 15. SUPPORT VECTOR MACHINE “Buttock Circumference” [mm] Weight[10-1 kg] 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  16. 16. SUPPORT VECTOR MACHINE 2016 CrowdStrike, Inc. All rights reserved. “Buttock Circumference” [mm] Weight[10-1 kg] • Overfitting • Classifier does not generalize • Let’s take a closer look…
  17. 17. CROSS VALIDATION 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TRAIN TRAIN TRAIN TEST TRAIN TRAIN TEST TRAIN TRAIN TEST TRAIN TRAIN TEST TRAIN TRAIN TRAIN • Divide data into k folds • Train on k-1 folds, test on the remaining one • Repeat k times for all folds
  18. 18. LET’S CLASSIFY “Buttock Circumference” [mm] Weight[10-1 kg] • Classifier generalizes • Note some misclassifications • Let’s assume we want to detect males (blue) § I.e. “blue” is our positive class 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  19. 19. LET’S CLASSIFY “Buttock Circumference” [mm] Weight[10-1 kg] 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  20. 20. LET’S CLASSIFY “Buttock Circumference” [mm] Weight[10-1 kg] 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  21. 21. LET’S CLASSIFY “Buttock Circumference” [mm] Weight[10-1 kg] 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  22. 22. LET’S CLASSIFY “Buttock Circumference” [mm] Weight[10-1 kg] 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  23. 23. LET’S CLASSIFY “Buttock Circumference” [mm] Weight  [10-­1 kg] • Get more “blue” right (true positives) • Get more “red” wrong (false positives) 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  24. 24. RECEIVER OPERATING CHARACTERISTICS CURVE False Positive Rate TruePositiveRate Detect  more  by  accepting  more  false  positives 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  25. 25. THREE DIMENSIONS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  26. 26. MORE DIMENSIONS Decision Value Density • Linear model in ~160 dimensions • Linearly separable 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  27. 27. Source:Source: http://playground.tensorflow.org/
  28. 28. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. TREES AND TREE ENSEMBLES
  29. 29. SPARSE FEATURES 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 area codes 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0
  30. 30. N-GRAMS 43 72 6F 77 64 53 74 72 69 6B 65 43726F 776453 747269 726F77 645374 72696B 6F7764 537472 696B65 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  31. 31. MISSION ACCOMPLISHED: WE JUST ADD MORE DIMENSIONS… RIGHT? 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  32. 32. CURSE OF DIMENSIONALITY 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. REDUCED predictive performance INCREASED training time SLOWER classification LARGER memory footprint
  33. 33. Source: https://commons.wikimedia.org/w/index.php?curid=2257082
  34. 34. Source: https://commons.wikimedia.org/w/index.php?curid=2257082
  35. 35. DIMENSIONALITY AND SPARSENESS 2016 CrowdStrike, Inc. All rights reserved. Height (mm) Weight[10-1 kg]
  36. 36. DIMENSIONALITY AND SPARSENESS 2016 CrowdStrike, Inc. All rights reserved. Height (mm) Weight[10-1 kg]
  37. 37. MANAGING DIMENSIONALITY 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. • FEATURE ELIMINATION – Feature ranking – Stop words • FEATURE REDUCTION – Principal Component Analysis – Autoencoders – Points on lower-dimensional manifold – Stemming • ENSEMBLE METHODS – Classifier of classifiers, e.g. stacking – Bagging and subspace sampling, e.g. Random Forests • And much, much more…
  38. 38. SECURITY APPLICATIONS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  39. 39. FILE ANALYSIS AKA Static Analysis 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. • THE GOOD – Relatively fast – Scalable – No need to detonate – Platform independent, can be done at gateway – Can support file similarity analysis • THE BAD – Limited insight due to narrow view – Different file types require different techniques – Different subtypes need special consideration – Packed files – .Net – Installers – EXEs vs DLLs – Obfuscations (yet good if detectable) – Ineffective against exploitation and malware-less attacks – Asymmetry: a fraction of a second to decide for the defender, months to craft for the attacker
  40. 40. EXAMPLE FEATURES 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. 32/64BIT EXECUTABLE GUI SUBSYSTEM COMMAND LINE SUBSYSTEM FILESIZE TIMESTAMP DEBUG INFORMATION PRESENT PACKERTYPE FILEENTROPY NUMBEROF SECTIONS NUMBER WRITABLE NUMBER READABLE NUMBER EXECUTABLE DISTRIBUTION OFSECTION ENTROPY IMPORTED DLLNAMES IMPORTED FUNCTION NAMES COMPILER ARTIFACTS LINKER ARTIFACTS RESOURCE DATA EMBEDDED PROTOCOL STRINGS EMBEDDED IPS/DOMAINS EMBEDDED PATHS EMBEDDED PRODUCT METADATA DIGITAL SIGNATURE ICON CONTENT …
  41. 41. COMBINING FEATURES • Projection to show clusters • For illustration, not the space in that we classify 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  42. 42. EXECUTION ANALYSIS AKA Dynamic Analysis 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. • THE GOOD – Captures actual behavior of file – Obfuscating behavior is hard – Effective against exploitation – Effective against malware-less attacks – Not dependent on awareness of specific file types • THE BAD – File needs to be executed – Takes additional time to observe execution – Execution depends on environment (e.g. sandbox vs real world)
  43. 43. EXAMPLE: GLOBAL BEHAVIOR § Behavior across many executions of a file § Conducted on event data centrally located in the cloud Krasser, S., Meyer, B., & Crenshaw, P. (2015). Valkyrie: Behavioral Malware Detection using Global Kernel- level Telemetry Data. In Proceedings of the 2015 IEEE International Workshop on Machine Learning for Signal Processing.
  44. 44. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. ML VS OTHER TECHNIQUES § ML output is probabilistic § Use other techniques where appropriate § Most ML-based engines use standard hashes or fuzzy hashes on top of a model § Example: credentials theft IoA
  45. 45. EVALUATING ML SOLUTIONS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
  46. 46. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. PRELIMINARIES § ML is not a feature, it is an implementation detail § Every solution must make trade-offs of conflicting objectives § FP vs TP § Speed vs accuracy § Memory footprint vs accuracy § Expressiveness vs explainability § Benchmarks under different assumptions are very hard to compare, even internally § Marchitecture § Looking at the right data: 60% of intrusions do not involve malware
  47. 47. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. How much data is there to train on? SCOPE: SCALE § Volume of data generated by sources used § Aperture: footprint of deployment § Data collection § Point of analysis (endpoint, on- prem, cloud)
  48. 48. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. How many data sources are used? SCOPE: BREADTH § Varied sources and techniques § Static analysis § Behavioral analysis § Proliferation § Indicators from other techniques § Access to historical data § Baseline § Process lineage § “Number of characteristics” is not a useful metric
  49. 49. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. DETECTION RATE § Detection rate w/o false positive rate is meaningless § Considering the base rate is important § System § 100k clean files, 1 malware file § 99% TPR at 0.1% FPR è 100 FPs, 1 TP § Downloads § 1k clean files, 1 malware file § 99% TPR at 0.1% FPR è 1 FP, 1 TP § Sourcing of test files skews results § Number of samples used to measure (often too small) § False Positive Rate §TruePositiveRate
  50. 50. APTS & 99% OF MALWARE DETECTED… 2016 CrowdStrike, Inc. All rights reserved.51
  51. 51. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. APTS (CONT.) § Combine techniques to offset tradeoffs § Static and behavioral § ML and non-ML § Lean local techniques and heavy-weight cloud techniques § Avoid silent failure: what happens when the adversary made it onto the system? § Avoid brittle techniques: does the solution depend on the attacker not having access to detection results?
  52. 52. KEY POINTS 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED. • Machine Learning is an important part of the security tool chest • Hidden untapped structure in your data • Various trade-offs, most importantly between true and false positives • Dimensionality is good…until it’s not • Not all dimensions are created equal • Comprehensive coverage by combining techniques

×