SlideShare a Scribd company logo

Machine learning cybersecurity boon or boondoggle

Priyanka Aash
Priyanka Aash

Machine learning (ML) and artificial intelligence (AI) are the latest “shiny new things” in cybersecurity technology but while ML and AI hold great promise for automating routine processes and tasks and accelerating threat detection, they are not a panacea. This session will demonstrate what they can and can’t do in a cybersecurity program through real world examples of possibilities and limits. (Source: RSA Conference USA 2017)

Technology
1 of 27
Download to read offline
SESSION ID: SESSION ID: #RSAC Zulfikar Ramzan, Ph.D Machine Learning: Cybersecurity Boon or Boondoggle? AIR-W03 Chief Technology Officer RSA @zulfikar_ramzan
#RSAC Outline 2 High-Level Overview of Machine Learning How Machine Learning Can be Used in a Cybersecurity Context PiJalls & Best PracMces 1 2 3
#RSAC What is machine learning?
#RSAC 4 Machine Learning Overview “Field of study that gives computers the ability to learn without being explicitly programmed” (Arthu r Samuelson, 1959) Development of algorithms that can draw inferences and make predicMons based on data Evolved from paern recogniMon and computaMonal learning theory; closely related to data mining and staMsMcs Benefits of machine learning include automaMon, being unbiased, and being able to improve over Mme In cybersecurity applicaMons, machine learning approaches can decrease Mme needed to find new threats and can evolve more-or-less automaMcally as new data becomes available
#RSAC 5 Machine Learning Process Data Model PredicMons Data Model Parameters: ?,?,? PredicMons Data Model Parameters: a,b,c PredicMons
#RSAC 6 What Machine Learning is Not… In Kasparov vs. Deep Blue, the machine’s programmers (with help from a team of strong chess players) explicitly entered parameters -- and even changed them between games in the match!
#RSAC 7 Supervised Learning <Example 1, Label 1> <Example 2, Label 2> . . . <Example N, Label N> Generate Model Apply Model: <New Example, ??> Example: Historical loan applicaMons; labels represent whether applicant defaulted. Generate model that can predict whether new applicant will default.
#RSAC 8 Supervised Learning: More refined… <Ex. 1, Label 1> <Ex. 2, Label 2> . . . <Ex. N, Label N> Generate Model Apply Model: <New Example, ??> Extract features Example: Extract relevant aributes from loan applicaMon (e.g., years of employment, age, marital status, loan size, income). Generate model / classificaMon algorithm from those features. (Feature idenMficaMon is typically performed by a human domain expert.)
#RSAC 9 Unsupervised Learning Learn from unlabeled examples No labels, so no noMon of right/wrong Useful for idenMfying structure, paerns in data
#RSAC How can machine learning be used in a cybersecurity sejng?
#RSAC 11 Applying Supervised Machine Learning to Security Supervised machine learning naturally suited to classificaMon (yes/no) problems; transacMons can be viewed under a good / bad lens: Spam: Is a given email message spam? Online Fraud: Is a given financial transacMon fraudulent? Malware: Is a given file malware? Malicious URLs / domains / IPs: Is a network connecMon to a given URL (resp. domain, IP address) associated with malicious acMvity? Note these applicaMons are not new; they have been studied in academia and/or have been implemented in commercial use for many years.
#RSAC 12 Unsupervised Machine Learning and Security Unsupervised machine learning can be used to cluster data – which can help idenMfy outliers; e.g., by baselining normal behavior and find instances outside the norm: Is there an abnormal amount of network traffic from a parMcular host? Is there a significant increase in failed log-in aempts? Is a user accessing resources he or she does not normally access (or that would not be normally accessed by his or her peer group)? Are there access paerns that are too “regular” to be associated with a human? Is a user working during hours outside his or her normal behavior? Is a user connecMng from or to unusual geographic locaMons (or a set of geographic locaMons that does not make sense)?
#RSAC What are the piJalls and best pracMces when applying machine learning to cybersecurity?
#RSAC 14 Challenge: Good Data is CriQcal Machine learning is garbage-in-garbage out Training set ideally has to be representaMve of what you will actually encounter in real life UlMmately, you have to ask the right quesMons of your data, otherwise you won’t get the right answers.
#RSAC 15 Data Features Classifiers PiRall: Becoming Obsessed with Classifier Orderofimportance AmountofMmespent
#RSAC 16 Challenges: Class Imbalance in Security # Good instances >> # Bad Instances Must sidestep many landmines Security scenarios: Class Imbalance Problem
#RSAC 17 Typical Metrics Classic efficacy metrics: True PosiMve Rate (TPR): % of actual malicious transacMons are correctly idenMfied False PosiMve Rate (FPR): % of legiMmate transacMons are labeled as malicious Tradeoff between these two metrics: Aggressive in calling acMvity malicious: high TPR, but likely also a high FPR ConservaMve in calling acMvity malicious: low FPR, but also likely low TPR Tradeoff open represented by Receiver OperaMng CharacterisMc (ROC) Curve TruePosi<veRate False Posi<ve Rate
#RSAC 18 False PosiQves Don’t Tell the Whole Story Suppose that you have built a system with a false posiMve rate of %0.1 and a true posiMve rate of 100%. These numbers ostensibly seem amazing. However, imagine that for every 10,000 legiMmate transacMons, one is malicious. Then, out of these transacMons, your system will have 11 alarms (10,000 * 0.001 + 1), of which only one is jusMfied! (~90%+ of the Mme will be chasing false leads)
#RSAC 19 Think About Your Metrics Carefully Not all false posiMves created equal (popular file vs. rare file) Not all true posiMves created equal (pernicious threat vs. mild one) Maliciousness is subjecMve (some people want adware and spam!) If machine learning tech part of larger system, look at addiMve benefit
#RSAC 20 Machine Learning PiRalls: Adversaries Adapt Threat actors change behaviors as needed; Mme to change is correlated with how big a threat you are to their operaMons Machine learning algorithms typically don’t assume adversarial scenarios where threat is acMvely trying to sabotage the algorithm Can address through careful weighMng of recent data vs. older data, rapid retraining / relearning, online learning Transfer learning or inducMve transfer is area of research designed for developing ML algorithms that try to use knowledge gained from solving one problem towards different, but related problem Much work remains to be done in this areas
#RSAC 21 Supervised Learning PiRalls Training set captures what you know about; inferences from training set expand your capabiliMes, but don’t help with the “unknown unknowns”; your model may be a glorified signature… Malicious behavior is subjecMve (not everyone agrees). Further, whether something is malicious is not so much about acMons, but more about the intent behind those acMons. There is sMll some important low-hanging fruit that needs to be picked. Machine Learning can move the needle, but not always as much as one might hope. It’s easy to miss a new paradigm.
#RSAC 22 The importance of line 23…
#RSAC 23 Unsupervised Learning PiRalls Unsupervised learning used to find abnormal behaviors, but that’s not the same as malicious behaviors People open act abnormally for legiMmate reasons (travel, deadlines, new project / role / promoMon) It’s not always easy to measure normal behavior (e.g., geolocaMon isn’t always accurate…) Again, acMons are not the same thing as the intent behind those acMons….
#RSAC 24 Model Deployment Key Concerns: Machine Learning algorithms can produce models, but that model sMll has to be deployed successfully. Need independent mechanism for determining whether model “makes sense” and will not cause issues in real life; i.e., real-world ROI is hard to measure. Key Ques<ons: Did you overfit to the training set? Can someone with limited machine learning ability understand the model and how/why it works (e.g., when debugging in-field issue)? Are there fail-safe measures in place in case model is flawed?
#RSAC 25 Best PracMces: •  Data >> Features >> Classifier •  Know what success means (not necessarily high TP, low FP) •  Don’t set it and forget it; adversaries adapt! •  Think about model deployment; not everyone touching system will have deep machine learning knowledge Summary Machine Learning is an excellent tool for security applicaMons, but it’s important to understand when hype fails to reflect reality
#RSAC Apply What You Have Learned (1) 26 Next week, you should: IdenMfy what cybersecurity efficacy metrics maer to you Develop an efficacy tesMng plan that measures against these metrics and evaluates the tradeoffs among them In the first three months following the presentaMon, you should Implement your efficacy tesMng plans IdenMfy the data sources being fed into machine learning systems you use and determine how representaMve those sources are of real world scenarios Determine how models are updated for future use
#RSAC Apply What You Have Learned (2) 27 What data sources are being fed into their machine learning system? How is efficacy being measured prior to model deployment? (And is it being measured independently?) Do other vendors offer soluMons to address the same problems (including those that do not leverage machine learning)? If so, are there rigorous third party tesMng reports to substanMate efficacy claims of ? (If not, why?) How are models deployed and updated? If you are considering procuring a third-party machine learning soluMon, develop a vendor quesMonnaire that asks (at least) the following quesMons:

Recommended

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Priyanka Aash
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai
 

Recommended

SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Applied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documentsApplied machine learning defeating modern malicious documents
Applied machine learning defeating modern malicious documents
Priyanka Aash
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
Priyanka Aash
 
Advances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defenseAdvances in cloud scale machine learning for cyber-defense
Advances in cloud scale machine learning for cyber-defense
Priyanka Aash
 
Confusion and deception new tools for data protection
Confusion and deception new tools for data protectionConfusion and deception new tools for data protection
Confusion and deception new tools for data protection
Priyanka Aash
 
The Rise of the Purple Team
The Rise of the Purple TeamThe Rise of the Purple Team
The Rise of the Purple Team
Priyanka Aash
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Priyanka Aash
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai
 
The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
Priyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
Priyanka Aash
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
Priyanka Aash
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
MITRE - ATT&CKcon
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
Dragos, Inc.
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 
BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6Rod Soto
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 

More Related Content

What's hot

The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
Priyanka Aash
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using HadoopDataWorks Summit
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
Priyanka Aash
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
Priyanka Aash
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
Priyanka Aash
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
Priyanka Aash
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
Priyanka Aash
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
MITRE - ATT&CKcon
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
Sqrrl
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
Dragos, Inc.
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE - ATT&CKcon
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
Teymur Kheirkhabarov
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
Priyanka Aash
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
Priyanka Aash
 

What's hot (20)

The Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOSThe Incident Response Playbook for Android and iOS
The Incident Response Playbook for Android and iOS
 
Treat Detection using Hadoop
Treat Detection using HadoopTreat Detection using Hadoop
Treat Detection using Hadoop
 
Insights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-centerInsights from-NSAs-cybersecurity-threat-operations-center
Insights from-NSAs-cybersecurity-threat-operations-center
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
Dreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat IntelligenceDreaming of IoCs Adding Time Context to Threat Intelligence
Dreaming of IoCs Adding Time Context to Threat Intelligence
 
Soc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- themSoc 2030-socs-are-broken-lets-fix- them
Soc 2030-socs-are-broken-lets-fix- them
 
Predicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-managementPredicting exploitability-forecasts-for-vulnerability-management
Predicting exploitability-forecasts-for-vulnerability-management
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
Pulling our-socs-up
Pulling our-socs-upPulling our-socs-up
Pulling our-socs-up
 
MITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - OctoberMITRE ATTACKcon Power Hour - October
MITRE ATTACKcon Power Hour - October
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
How to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your NetworkHow to Hunt for Lateral Movement on Your Network
How to Hunt for Lateral Movement on Your Network
 
TTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil RefineriesTTPs for Threat hunting In Oil Refineries
TTPs for Threat hunting In Oil Refineries
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On Lab
 
Anton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability IntelligenceAnton Chuvakin on Threat and Vulnerability Intelligence
Anton Chuvakin on Threat and Vulnerability Intelligence
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
Threat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty TrainingThreat Intelligence Is Like Three Day Potty Training
Threat Intelligence Is Like Three Day Potty Training
 
Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”Attacks on Critical Infrastructure: Insights from the “Big Board”
Attacks on Critical Infrastructure: Insights from the “Big Board”
 

Similar to Machine learning cybersecurity boon or boondoggle

BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6Rod Soto
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
Kaspersky
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
RajathV2
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
Priyanka Aash
 
Lessons Learned in Automated Decision Making / How to Delay Building Skynet
Lessons Learned in Automated Decision Making / How to Delay Building SkynetLessons Learned in Automated Decision Making / How to Delay Building Skynet
Lessons Learned in Automated Decision Making / How to Delay Building Skynet
Sounil Yu
 
Harnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfHarnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdf
CIOWomenMagazine
 
Machine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdfMachine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdf
Business Thrust Pte. Ltd. (BThrust)
 
Brighterion bai july 2016 fraud white paper
Brighterion bai july 2016 fraud white paperBrighterion bai july 2016 fraud white paper
Brighterion bai july 2016 fraud white paper
Andrew Morrison
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
Siemplify
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
MapR Technologies
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Symantec
 
How adversaries interfere with AI and ML systems
How adversaries interfere with AI and ML systemsHow adversaries interfere with AI and ML systems
How adversaries interfere with AI and ML systems
aNumak & Company
 
Cybersecurity Research.pptx
Cybersecurity Research.pptxCybersecurity Research.pptx
Cybersecurity Research.pptx
BT Techsoft Pvt. Ltd
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
Sandip Juthani
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Jon Mead
 
Eckovation Machine Learning
Eckovation Machine LearningEckovation Machine Learning
Eckovation Machine Learning
Shikhar Srivastava
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
Ahmed Banafa
 
Rise of the machines -- Owasp israel -- June 2014 meetup
Rise of the machines -- Owasp israel -- June 2014 meetupRise of the machines -- Owasp israel -- June 2014 meetup
Rise of the machines -- Owasp israel -- June 2014 meetup
Shlomo Yona
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
Ulf Mattsson
 
Classification with R
Classification with RClassification with R
Classification with R
Najima Begum
 

Similar to Machine learning cybersecurity boon or boondoggle (20)

BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6BsidesLVPresso2016_JZeditsv6
BsidesLVPresso2016_JZeditsv6
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
 
Data Science Transforming Security Operations
Data Science Transforming Security OperationsData Science Transforming Security Operations
Data Science Transforming Security Operations
 
Lessons Learned in Automated Decision Making / How to Delay Building Skynet
Lessons Learned in Automated Decision Making / How to Delay Building SkynetLessons Learned in Automated Decision Making / How to Delay Building Skynet
Lessons Learned in Automated Decision Making / How to Delay Building Skynet
 
Harnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdfHarnessing the Power of Machine Learning in Cybersecurity.pdf
Harnessing the Power of Machine Learning in Cybersecurity.pdf
 
Machine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdfMachine Learning in Cybersecurity.pdf
Machine Learning in Cybersecurity.pdf
 
Brighterion bai july 2016 fraud white paper
Brighterion bai july 2016 fraud white paperBrighterion bai july 2016 fraud white paper
Brighterion bai july 2016 fraud white paper
 
Security Automation and Machine Learning
Security Automation and Machine LearningSecurity Automation and Machine Learning
Security Automation and Machine Learning
 
Security Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to KnowSecurity Analytics and Big Data: What You Need to Know
Security Analytics and Big Data: What You Need to Know
 
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine LearningTackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
Tackle Unknown Threats with Symantec Endpoint Protection 14 Machine Learning
 
How adversaries interfere with AI and ML systems
How adversaries interfere with AI and ML systemsHow adversaries interfere with AI and ML systems
How adversaries interfere with AI and ML systems
 
Cybersecurity Research.pptx
Cybersecurity Research.pptxCybersecurity Research.pptx
Cybersecurity Research.pptx
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
Machine Learning: Addressing the Disillusionment to Bring Actual Business Ben...
 
Eckovation Machine Learning
Eckovation Machine LearningEckovation Machine Learning
Eckovation Machine Learning
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
Rise of the machines -- Owasp israel -- June 2014 meetup
Rise of the machines -- Owasp israel -- June 2014 meetupRise of the machines -- Owasp israel -- June 2014 meetup
Rise of the machines -- Owasp israel -- June 2014 meetup
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Classification with R
Classification with RClassification with R
Classification with R
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
Priyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
Priyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
Priyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
Priyanka Aash
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
Priyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Priyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
Priyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
Priyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
Priyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
Priyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
Priyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 

Recently uploaded (20)

To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 

Machine learning cybersecurity boon or boondoggle

  • 2. #RSAC Outline 2 High-Level Overview of Machine Learning How Machine Learning Can be Used in a Cybersecurity Context PiJalls & Best PracMces 1 2 3
  • 4. #RSAC 4 Machine Learning Overview “Field of study that gives computers the ability to learn without being explicitly programmed” (Arthu r Samuelson, 1959) Development of algorithms that can draw inferences and make predicMons based on data Evolved from paern recogniMon and computaMonal learning theory; closely related to data mining and staMsMcs Benefits of machine learning include automaMon, being unbiased, and being able to improve over Mme In cybersecurity applicaMons, machine learning approaches can decrease Mme needed to find new threats and can evolve more-or-less automaMcally as new data becomes available
  • 5. #RSAC 5 Machine Learning Process Data Model PredicMons Data Model Parameters: ?,?,? PredicMons Data Model Parameters: a,b,c PredicMons
  • 6. #RSAC 6 What Machine Learning is Not… In Kasparov vs. Deep Blue, the machine’s programmers (with help from a team of strong chess players) explicitly entered parameters -- and even changed them between games in the match!
  • 7. #RSAC 7 Supervised Learning <Example 1, Label 1> <Example 2, Label 2> . . . <Example N, Label N> Generate Model Apply Model: <New Example, ??> Example: Historical loan applicaMons; labels represent whether applicant defaulted. Generate model that can predict whether new applicant will default.
  • 8. #RSAC 8 Supervised Learning: More refined… <Ex. 1, Label 1> <Ex. 2, Label 2> . . . <Ex. N, Label N> Generate Model Apply Model: <New Example, ??> Extract features Example: Extract relevant aributes from loan applicaMon (e.g., years of employment, age, marital status, loan size, income). Generate model / classificaMon algorithm from those features. (Feature idenMficaMon is typically performed by a human domain expert.)
  • 9. #RSAC 9 Unsupervised Learning Learn from unlabeled examples No labels, so no noMon of right/wrong Useful for idenMfying structure, paerns in data
  • 10. #RSAC How can machine learning be used in a cybersecurity sejng?
  • 11. #RSAC 11 Applying Supervised Machine Learning to Security Supervised machine learning naturally suited to classificaMon (yes/no) problems; transacMons can be viewed under a good / bad lens: Spam: Is a given email message spam? Online Fraud: Is a given financial transacMon fraudulent? Malware: Is a given file malware? Malicious URLs / domains / IPs: Is a network connecMon to a given URL (resp. domain, IP address) associated with malicious acMvity? Note these applicaMons are not new; they have been studied in academia and/or have been implemented in commercial use for many years.
  • 12. #RSAC 12 Unsupervised Machine Learning and Security Unsupervised machine learning can be used to cluster data – which can help idenMfy outliers; e.g., by baselining normal behavior and find instances outside the norm: Is there an abnormal amount of network traffic from a parMcular host? Is there a significant increase in failed log-in aempts? Is a user accessing resources he or she does not normally access (or that would not be normally accessed by his or her peer group)? Are there access paerns that are too “regular” to be associated with a human? Is a user working during hours outside his or her normal behavior? Is a user connecMng from or to unusual geographic locaMons (or a set of geographic locaMons that does not make sense)?
  • 13. #RSAC What are the piJalls and best pracMces when applying machine learning to cybersecurity?
  • 14. #RSAC 14 Challenge: Good Data is CriQcal Machine learning is garbage-in-garbage out Training set ideally has to be representaMve of what you will actually encounter in real life UlMmately, you have to ask the right quesMons of your data, otherwise you won’t get the right answers.
  • 16. #RSAC 16 Challenges: Class Imbalance in Security # Good instances >> # Bad Instances Must sidestep many landmines Security scenarios: Class Imbalance Problem
  • 17. #RSAC 17 Typical Metrics Classic efficacy metrics: True PosiMve Rate (TPR): % of actual malicious transacMons are correctly idenMfied False PosiMve Rate (FPR): % of legiMmate transacMons are labeled as malicious Tradeoff between these two metrics: Aggressive in calling acMvity malicious: high TPR, but likely also a high FPR ConservaMve in calling acMvity malicious: low FPR, but also likely low TPR Tradeoff open represented by Receiver OperaMng CharacterisMc (ROC) Curve TruePosi<veRate False Posi<ve Rate
  • 18. #RSAC 18 False PosiQves Don’t Tell the Whole Story Suppose that you have built a system with a false posiMve rate of %0.1 and a true posiMve rate of 100%. These numbers ostensibly seem amazing. However, imagine that for every 10,000 legiMmate transacMons, one is malicious. Then, out of these transacMons, your system will have 11 alarms (10,000 * 0.001 + 1), of which only one is jusMfied! (~90%+ of the Mme will be chasing false leads)
  • 19. #RSAC 19 Think About Your Metrics Carefully Not all false posiMves created equal (popular file vs. rare file) Not all true posiMves created equal (pernicious threat vs. mild one) Maliciousness is subjecMve (some people want adware and spam!) If machine learning tech part of larger system, look at addiMve benefit
  • 20. #RSAC 20 Machine Learning PiRalls: Adversaries Adapt Threat actors change behaviors as needed; Mme to change is correlated with how big a threat you are to their operaMons Machine learning algorithms typically don’t assume adversarial scenarios where threat is acMvely trying to sabotage the algorithm Can address through careful weighMng of recent data vs. older data, rapid retraining / relearning, online learning Transfer learning or inducMve transfer is area of research designed for developing ML algorithms that try to use knowledge gained from solving one problem towards different, but related problem Much work remains to be done in this areas
  • 21. #RSAC 21 Supervised Learning PiRalls Training set captures what you know about; inferences from training set expand your capabiliMes, but don’t help with the “unknown unknowns”; your model may be a glorified signature… Malicious behavior is subjecMve (not everyone agrees). Further, whether something is malicious is not so much about acMons, but more about the intent behind those acMons. There is sMll some important low-hanging fruit that needs to be picked. Machine Learning can move the needle, but not always as much as one might hope. It’s easy to miss a new paradigm.
  • 23. #RSAC 23 Unsupervised Learning PiRalls Unsupervised learning used to find abnormal behaviors, but that’s not the same as malicious behaviors People open act abnormally for legiMmate reasons (travel, deadlines, new project / role / promoMon) It’s not always easy to measure normal behavior (e.g., geolocaMon isn’t always accurate…) Again, acMons are not the same thing as the intent behind those acMons….
  • 24. #RSAC 24 Model Deployment Key Concerns: Machine Learning algorithms can produce models, but that model sMll has to be deployed successfully. Need independent mechanism for determining whether model “makes sense” and will not cause issues in real life; i.e., real-world ROI is hard to measure. Key Ques<ons: Did you overfit to the training set? Can someone with limited machine learning ability understand the model and how/why it works (e.g., when debugging in-field issue)? Are there fail-safe measures in place in case model is flawed?
  • 25. #RSAC 25 Best PracMces: •  Data >> Features >> Classifier •  Know what success means (not necessarily high TP, low FP) •  Don’t set it and forget it; adversaries adapt! •  Think about model deployment; not everyone touching system will have deep machine learning knowledge Summary Machine Learning is an excellent tool for security applicaMons, but it’s important to understand when hype fails to reflect reality
  • 26. #RSAC Apply What You Have Learned (1) 26 Next week, you should: IdenMfy what cybersecurity efficacy metrics maer to you Develop an efficacy tesMng plan that measures against these metrics and evaluates the tradeoffs among them In the first three months following the presentaMon, you should Implement your efficacy tesMng plans IdenMfy the data sources being fed into machine learning systems you use and determine how representaMve those sources are of real world scenarios Determine how models are updated for future use
  • 27. #RSAC Apply What You Have Learned (2) 27 What data sources are being fed into their machine learning system? How is efficacy being measured prior to model deployment? (And is it being measured independently?) Do other vendors offer soluMons to address the same problems (including those that do not leverage machine learning)? If so, are there rigorous third party tesMng reports to substanMate efficacy claims of ? (If not, why?) How are models deployed and updated? If you are considering procuring a third-party machine learning soluMon, develop a vendor quesMonnaire that asks (at least) the following quesMons: