MALIGN MACHINE LEARNING MODELS
•
0 likes•350 views
ROMAN PALKIN Backed up with real examples, this talk reviews the capabilities of widely-used frameworks TensorFlow and PyTorch for creating and spreading malicious software as well as implementing covert data communication channels. The purpose of this presentation is to draw attention of the community to the danger posed by careless use of Machine Learning models from unreliable sources.
Report
Share
Report
Share
Download to read offline
Recommended
AI for security or security for AI - Sergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Security and Privacy of Machine Learning
Machine learning is a powerful new tool that can be used for security applications (for example, to detect malware) but machine learning itself introduces many new attack surfaces. For example, attackers can control the output of machine learning models by manipulating their inputs or training data. In this session, I give an overview of the emerging field of machine learning security and privacy.
Learning Objectives:
1: Learn about vulnerabilities of machine learning.
2: Explore existing defense techniques (differential privacy).
3: Understand opportunities to join research effort to make new defenses.
(Source: RSA Conference USA 2018)
Yapay Zeka Güvenliği : Machine Learning & Deep Learning & Computer Vision Sec...
Yapay Zeka Güvenliği : Machine Learning & Deep Learning & Computer Vision Security
http://deeplab.co
cihan@deeplab.co
AI Security : Machine Learning, Deep Learning and Computer Vision Security
http://deeplab.co
cihan [ at ] deeplab.co
The Future of Security: How Artificial Intelligence Will Impact Us
For decades, the security profession has relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of virus and malware attacks. Now, as predicted by Thomas Kuhn in his book “The Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. This session will explore this new paradigm and how it will impact our future.
Main points covered:
• How did our profession change in the world of reactive detection?
• How to escape the inertia that held us, prisoners?
• What is the power of AI and machine learning?
• What are the risks of this new technology?
Presenter:
Our presenter for this webinar, John McClurg serves as Vice President and Ambassador-At-Large of Cylance, where he is responsible for building Security and Trust programs & operational excellence efforts. Prior to Cylance, he served as the CSO of Dell, Honeywell, and Lucent and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI). He also served as a Deputy Branch Chief of CIA where he helped to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. McClurg was voted one of America’s 25 most influential security professionals.
Organizer: Ardian Berisha
Date: October 25th, 2018
Recorded webinar link:
Talha Obaid, Email Security, Symantec at MLconf ATL 2017
A Machine Learning approach for detecting a Malware:
The project is to improve the way we detect script based malware using Machine Learning. Malware has become one of the most active channel to deliver threats like Banking Trojans and Ransomware. The talk is aimed at finding a new and effective way to detect the malware. We started with acquiring both malicious and clean samples. Later we performed feature identification, while building on top of existing knowledge base of malware. Then we performed automated feature extraction. After certain feature set is obtained, we teased-out feature which are categorical, interdependent or composite. We applied varying machine learning models, producing both binary and categorical outcomes. We cross validated our results and re-tuned our feature set and our model, until we obtained satisfying results, with least false-positives. We concluded that not all the extracted features are significant, in fact some features are detrimental on the model performance. Once such features are factored-out, it results not only in better match, but also provides a significant gain in performance.
Testing Your App in the Cloud
Lecture about techniques, frameworks and tools to automate the testing for your Android App and how to use Testdroid, one of the available device farms, to test your App in the cloud and overcome fragmentation issues.
Recommended
AI for security or security for AI - Sergey Gordeychik
Machine learning technologies are turning from rocket science into daily engineering life. You no longer have to know the difference between Faster R-CNN and HMM to develop a machine vision system, and even OpenCV has bindings for JavaScript allowing to resolve quite serious tasks all the while remaining in front end. On other hand massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. In the broader context security is really all about trust.
Do we trust AI? I don’t, personally.
What is “state of the art” in AI security? Yesterday it was a PoC, not a product, today becoming a We will fix it later, tomorrow it will be a if it works, don’t touch it. And tomorrow is too late.
But what we can do for Trustworthy AI? There are just no simple answers.
You can’t install antivirus or calculate hashes to control integrity of annotated dataset. Traditional firewalls and IDS are almost useless in ML cloud internal SDN Infiniband network. Event C-level Compliance such as PCI DSS and GDPR doesn’t work for massive country-level AI deployments. What about vulnerability management for TensorFlow ML model? How it will impact ROC and AUC?..
To make it better we should rethink Cyber Resilience for AI process, systems and applications to make sure that they continuously deliver the intended outcome despite adverse cyber events. Make sure that security is genuinely integrated into innovation that AI brings into our lives. To trust AI and earn his trust, perhaps?
Security and Privacy of Machine Learning
Machine learning is a powerful new tool that can be used for security applications (for example, to detect malware) but machine learning itself introduces many new attack surfaces. For example, attackers can control the output of machine learning models by manipulating their inputs or training data. In this session, I give an overview of the emerging field of machine learning security and privacy.
Learning Objectives:
1: Learn about vulnerabilities of machine learning.
2: Explore existing defense techniques (differential privacy).
3: Understand opportunities to join research effort to make new defenses.
(Source: RSA Conference USA 2018)
Yapay Zeka Güvenliği : Machine Learning & Deep Learning & Computer Vision Sec...
Yapay Zeka Güvenliği : Machine Learning & Deep Learning & Computer Vision Security
http://deeplab.co
cihan@deeplab.co
AI Security : Machine Learning, Deep Learning and Computer Vision Security
http://deeplab.co
cihan [ at ] deeplab.co
The Future of Security: How Artificial Intelligence Will Impact Us
For decades, the security profession has relied on the best technology we had at the time to deflect the onslaught of what we faced daily in the way of virus and malware attacks. Now, as predicted by Thomas Kuhn in his book “The Structure of Scientific Revolutions, we’re seeing the dawn of a new day where AI’s machine learning and advanced mathematical algorithms now offer validated deflection rates, pre-execution, in the realm of 99%. This session will explore this new paradigm and how it will impact our future.
Main points covered:
• How did our profession change in the world of reactive detection?
• How to escape the inertia that held us, prisoners?
• What is the power of AI and machine learning?
• What are the risks of this new technology?
Presenter:
Our presenter for this webinar, John McClurg serves as Vice President and Ambassador-At-Large of Cylance, where he is responsible for building Security and Trust programs & operational excellence efforts. Prior to Cylance, he served as the CSO of Dell, Honeywell, and Lucent and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation (FBI). He also served as a Deputy Branch Chief of CIA where he helped to establish the new Counterespionage Group and was responsible for the management of complex counterespionage investigations. McClurg was voted one of America’s 25 most influential security professionals.
Organizer: Ardian Berisha
Date: October 25th, 2018
Recorded webinar link:
Talha Obaid, Email Security, Symantec at MLconf ATL 2017
A Machine Learning approach for detecting a Malware:
The project is to improve the way we detect script based malware using Machine Learning. Malware has become one of the most active channel to deliver threats like Banking Trojans and Ransomware. The talk is aimed at finding a new and effective way to detect the malware. We started with acquiring both malicious and clean samples. Later we performed feature identification, while building on top of existing knowledge base of malware. Then we performed automated feature extraction. After certain feature set is obtained, we teased-out feature which are categorical, interdependent or composite. We applied varying machine learning models, producing both binary and categorical outcomes. We cross validated our results and re-tuned our feature set and our model, until we obtained satisfying results, with least false-positives. We concluded that not all the extracted features are significant, in fact some features are detrimental on the model performance. Once such features are factored-out, it results not only in better match, but also provides a significant gain in performance.
Testing Your App in the Cloud
Lecture about techniques, frameworks and tools to automate the testing for your Android App and how to use Testdroid, one of the available device farms, to test your App in the cloud and overcome fragmentation issues.
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
Pankaj Kumar who is a Principal Quality Engineer at Allscripts took a Session on "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/05/global-testing-retreat-atagtr2019-welcomes-pankaj-kumar-as-our-esteemed-speaker/Is AI going to provide safety for us?
Trends in AI:
- 67% of executives say AI will help humans and machines work together to be stronger using both artificial and human intelligence.
- 65% think that AI would free employees from menial tasks.
- 27% of executives say their organization plans to invest within a year in cybersecurity safeguards that use AI and machine learning.
So is Artificial Intelligence going to provide safety for us?
Challenges in Applying AI to Enterprise Cybersecurity
Applying AI/ML in live Cybersecurity environments can be challenging. We share some of our learnings and identify common pitfalls.
Bibu Labs is a leading Cybersecurity company leveraging AI to solve complex problems faced by Enterprise clients.
Windows 10 CredentialGuard vs Mimikatz - SEC599
In this presentation, Erik Van Buggenhout (NVISO founder & SANS Instructor) zooms in on Windows 10 CredentialGuard and how it can be used to protect against LSASS hash dumping (e.g. using Mimikatz). Want to learn more? Join us at SANS SEC599!
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
What is Data Science?
What is Machine Learning, Deep Learning, and AI?
Motivation
Philosophy of Artificial Intelligence (AI)
Role of AI in Daily life
Use cases/Applications
Tools & Technologies
Challenges: Bias, Fake Content, Digital Psychography, Security
Detect Fake Content with “AI”
Learning Path
Career Path
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Zero-Knowledge Proofs: Identity Proofing and Authentication
According to Matthew Green, Zero-Knowledge Proofs are the most powerful tool cryptographers have ever devised. Find out why. Find out how ZKPs apply to identity proofing and authentication.
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Baythreat Cryptolocker Presentation
OpenDNS Security Labs Team members Ping Yan and Thibault Reuille presented this talk at BayThreat 2013.
Security Opportunities
A Silicon Valley VC Perspective
Security Opportunities
A Silicon Valley VC Perspective
SEC599 - Breaking The Kill Chain
Presentation from SANS Network Security 2018. Focus on cyber kill chain and key controls.
MITRE ATTACKcon Power Hour - October
Presentation slides from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.
Jerod Brennen - What You Need to Know About OSINT
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 7th July.
Watch the webinar here - https://youtu.be/BQWcUjzxJE0
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing. Starting from what platform to choose, where to learn, good resources, hardware requirements etc etc. Will also demo you about Mobexler - A Mobile Application Penetration Testing Platform and how you can use it for pentesting of iOS as well as android apps. This talk will be a mix of some demo, and some knowledge.
Ethical Hacking
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
Using Crowdsourced Images to Create Image Recognition Models with Analytics Z...
Volunteers around the world increasingly act as human sensors to collect millions of data points. A team from the World Bank trained deep learning models, using Apache Spark and BigDL, to confirm that photos gathered through a crowdsourced data collection pilot matched the goods for which observations were submitted.
In this talk, Maurice Nsabimana, a statistician at the World Bank, and Jiao Wang, a software engineer on the Big Data Technology team at Intel, demonstrate a collaborative project to design and train large-scale deep learning models using crowdsourced images from around the world. BigDL is a distributed deep learning library designed from the ground up to run natively on Apache Spark. It enables data engineers and scientists to write deep learning applications in Scala or Python as standard Spark programs-without having to explicitly manage distributed computations. Attendees of this session will learn how to get started with BigDL, which runs in any Apache Spark environment, whether on-premise or in the Cloud.
More Related Content
What's hot
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...Agile Testing Alliance
Pankaj Kumar who is a Principal Quality Engineer at Allscripts took a Session on "Security testing using ML(Machine learning), AI(Artifical intelligence), Deep learning(DL)" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/05/global-testing-retreat-atagtr2019-welcomes-pankaj-kumar-as-our-esteemed-speaker/Is AI going to provide safety for us?
Trends in AI:
- 67% of executives say AI will help humans and machines work together to be stronger using both artificial and human intelligence.
- 65% think that AI would free employees from menial tasks.
- 27% of executives say their organization plans to invest within a year in cybersecurity safeguards that use AI and machine learning.
So is Artificial Intelligence going to provide safety for us?
Challenges in Applying AI to Enterprise Cybersecurity
Applying AI/ML in live Cybersecurity environments can be challenging. We share some of our learnings and identify common pitfalls.
Bibu Labs is a leading Cybersecurity company leveraging AI to solve complex problems faced by Enterprise clients.
Windows 10 CredentialGuard vs Mimikatz - SEC599
In this presentation, Erik Van Buggenhout (NVISO founder & SANS Instructor) zooms in on Windows 10 CredentialGuard and how it can be used to protect against LSASS hash dumping (e.g. using Mimikatz). Want to learn more? Join us at SANS SEC599!
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
What is Data Science?
What is Machine Learning, Deep Learning, and AI?
Motivation
Philosophy of Artificial Intelligence (AI)
Role of AI in Daily life
Use cases/Applications
Tools & Technologies
Challenges: Bias, Fake Content, Digital Psychography, Security
Detect Fake Content with “AI”
Learning Path
Career Path
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
Presentation for September 2017 ISC2 Security Congress
Biometric Recognition for Multi-Factor Authentication
- Biological and Behavioral Biometrics
- Benefits and Issues
- What Every CISO Should Know
- Laws, Standards, and Guidelines
- How to Measure Biometric Recognition
- Attack Vectors
- Multimodal Biometric Recognition
- Continuous Authentication with Biometrics
- Face ID Update
- The Future
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Zero-Knowledge Proofs: Identity Proofing and Authentication
According to Matthew Green, Zero-Knowledge Proofs are the most powerful tool cryptographers have ever devised. Find out why. Find out how ZKPs apply to identity proofing and authentication.
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...Clare Nelson, CISSP, CIPP-E
In the near future, privacy-preserving authentication methods will flood the market, and they will be based on Zero-Knowledge Proofs. IBM and Microsoft invested in these solutions many years ago.Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
This talk will introduce Zero-Knowledge Proofs (ZKPs) and explain why they are a key element in a growing number of privacy-preserving, digital-identity platforms. Clare will provide basic illustrations of ZKPs and leave the necessary mathematics foundations to the readers.
After this talk you will understand that there is a variety of ZKPs, it’s still early days, and why ZKP is such a perfect tool for digital identity platforms. This talk includes significant updates from the newly-organized ZKProof Standardization organization plus a signal of maturity: one of the first known ZKP vulnerabilities.
Clare will explain why ZKPs are so powerful, and why they are building blocks for a range of applications including privacy-preserving cryptocurrency such as Zcash, Ethereum, Artificial Intelligence, and older versions of Trusted Platform Modules (TPMs). The presentation includes many backup slides for future learning and researching, including four slides of references.
Baythreat Cryptolocker Presentation
OpenDNS Security Labs Team members Ping Yan and Thibault Reuille presented this talk at BayThreat 2013.
Security Opportunities
A Silicon Valley VC Perspective
Security Opportunities
A Silicon Valley VC Perspective
SEC599 - Breaking The Kill Chain
Presentation from SANS Network Security 2018. Focus on cyber kill chain and key controls.
MITRE ATTACKcon Power Hour - October
Presentation slides from the MITRE ATT&CKcon Power Hour session held on October 9, 2020.
Jerod Brennen - What You Need to Know About OSINT
Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Session presented in the Combined [nullDelhi + OWASPDelhi] webinar on 7th July.
Watch the webinar here - https://youtu.be/BQWcUjzxJE0
Have you been wondering about how to start in mobile application security, more specifically iOS/Android application security? In this talk, I will try to answer some of the most common questions about getting started in mobile application security testing. Starting from what platform to choose, where to learn, good resources, hardware requirements etc etc. Will also demo you about Mobexler - A Mobile Application Penetration Testing Platform and how you can use it for pentesting of iOS as well as android apps. This talk will be a mix of some demo, and some knowledge.
Ethical Hacking
This is a presentation I gave to senior high school students. The 1st part is an overview the 2nd part is more detailed on the ways to perform the Ethical Hacking.
Need my help? Contact Keith Brooks via one of the following ways:
Blog http://blog.vanessabrooks.com
Twitter http://twitter.com/lotusevangelist
http://about.me/keithbrooks
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
The objective of this talk is to inspire defensive strategies designed to impact cost incurred by adversaries to perform compromises. It explores targeting economic considerations when defending against techniques used by adversaries.
Diving into economics for adversaries to use or build certain techniques and tools over others. How can defenders defend against specific techniques by increasing the adversaries cost per intrusion. How can ATT&CK be used to make strategic risk management decisions.
What's hot (20)
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
#ATAGTR2019 Presentation "Security testing using ML(Machine learning), AI(Art...
Challenges in Applying AI to Enterprise Cybersecurity
Challenges in Applying AI to Enterprise Cybersecurity
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Data Science for Beginner by Chetan Khatri and Deptt. of Computer Science, Ka...
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
Biometrics and Multi-Factor Authentication, The Unleashed Dragon
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
Zero-Knowledge Proofs: Identity Proofing and Authentication
Zero-Knowledge Proofs: Identity Proofing and Authentication
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Privacy-Preserving Authentication, Another Reason to Care about Zero-Knowledg...
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Zero-Knowledge Proofs: Privacy-Preserving Digital Identity with Clare Nelson
Security Opportunities
A Silicon Valley VC Perspective
Security Opportunities
A Silicon Valley VC Perspective
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
Getting Started With Hacking Android & iOS Apps? Tools, Techniques and resources
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
ATT&CKcon Power Hour - ATT&CK-onomics - gert-jan bruggink
Similar to MALIGN MACHINE LEARNING MODELS
Using Crowdsourced Images to Create Image Recognition Models with Analytics Z...
Volunteers around the world increasingly act as human sensors to collect millions of data points. A team from the World Bank trained deep learning models, using Apache Spark and BigDL, to confirm that photos gathered through a crowdsourced data collection pilot matched the goods for which observations were submitted.
In this talk, Maurice Nsabimana, a statistician at the World Bank, and Jiao Wang, a software engineer on the Big Data Technology team at Intel, demonstrate a collaborative project to design and train large-scale deep learning models using crowdsourced images from around the world. BigDL is a distributed deep learning library designed from the ground up to run natively on Apache Spark. It enables data engineers and scientists to write deep learning applications in Scala or Python as standard Spark programs-without having to explicitly manage distributed computations. Attendees of this session will learn how to get started with BigDL, which runs in any Apache Spark environment, whether on-premise or in the Cloud.
GLOA:A New Job Scheduling Algorithm for Grid Computing
The paper review presentation of 'GLOA:A New Job Scheduling Algorithm for Grid Computing' published in International Journal of Artificial Intelligence and Interactive Multimedia, Vol. 2, Nº 1.
Using Application Skeletons to Improve eScience Infrastructure
presentation of Zhao Zhang & Daniel S. Katz, "Using Application Skeletons to Improve eScience Infrastructure", Proceedings of 10th IEEE International Conference on eScience (eScience 2014), Guarujá, Brazil, October 23, 2014. DOI: 10.1109/eScience.2014.9
5212303961620480 1585670953 joanna_stachera_proposal_g_soc2020
Google Summer of Code project proposal
Ultra Fast Deep Learning in Hybrid Cloud Using Intel Analytics Zoo & Alluxio
Alluxio Global Online Meetup
Apr 23, 2020
For more Alluxio events: https://www.alluxio.io/events/
Speakers:
Jiao (Jennie) Wang, Intel
Tsai Louie, Intel
Bin Fan, Alluxio
Today, many people run deep learning applications with training data from separate storage such as object storage or remote data centers. This presentation will demo the Intel Analytics Zoo + Alluxio stack, an architecture that enables high performance while keeping cost and resource efficiency balanced without network being I/O bottlenecked.
Intel Analytics Zoo is a unified data analytics and AI platform open-sourced by Intel. It seamlessly unites TensorFlow, Keras, PyTorch, Spark, Flink, and Ray programs into an integrated pipeline, which can transparently scale from a laptop to large clusters to process production big data. Alluxio, as an open-source data orchestration layer, accelerates data loading and processing in Analytics Zoo deep learning applications.
This talk, we will go over:
- What is Analytics Zoo and how it works
- How to run Analytics Zoo with Alluxio in deep learning applications
- Initial performance benchmark results using the Analytics Zoo + Alluxio stack
The Quest for an Open Source Data Science Platform
Cloud Native Night July 2019, Munich: Talk by Jörg Schad (@joerg_schad, Head of Engineering & ML at ArangoDB)
=== Please download slides if blurred! ===
Abstract: With the rapid and recent rise of data science, the Machine Learning Platforms being built are becoming more complex. For example, consider the various Kubeflow components: Distributed Training, Jupyter Notebooks, CI/CD, Hyperparameter Optimization, Feature store, and more. Each of these components is producing metadata: Different (versions) Datasets, different versions a of a jupyter notebooks, different training parameters, test/training accuracy, different features, model serving statistics, and many more.
For production use it is critical to have a common view across all these metadata as we have to ask questions such as: Which jupyter notebook has been used to build Model xyz currently running in production? If there is new data for a given dataset, which models (currently serving in production) have to be updated?
In this talk, we look at existing implementations, in particular MLMD as part of the TensorFlow ecosystem. Further, propose a first draft of a (MLMD compatible) universal Metadata API. We demo the first implementation of this API using ArangoDB.
Trenowanie i wdrażanie modeli uczenia maszynowego z wykorzystaniem Google Clo...
Okej, mam już mój świetny model w Notebooku, co dalej? Większość kursów i źródeł dotyczących uczenia maszynowego dobrze przygotowuje nas do implementacji algorytmów uczenia maszynowego i budowy mniej lub bardziej skomplikowanych modeli. Jednak w większości przypadków model jest jedynie małym fragmentem większego systemu, a jego wdrożenie i utrzymywanie okazuje się w praktyce procesem czasochłonnym i generującym rozmaite błędy. Problem potęguje się kiedy mamy do sproduktyzowania nie jeden, a więcej modeli. Choć z roku na rok powstaje coraz więcej narzędzi i platform do usprawnienia tego procesu, jest to zagadnienie któremu wciąż poświęca się stosunkowo mało uwagi.
W mojej prezentacji przedstawię jakich podejść, dobrych praktyk oraz narzędzi i usług Google Cloud Platform używamy w Sotrender do efektywnego trenowania i produktyzacji naszych modeli ML, służących do analizy danych z mediów społecznościowych. Omówię na które aspekty DevOps zwracamy uwagę w kontekście wytwarzania produktów opartych o modele ML (MLOps) i jak z wykorzystaniem Google Cloud Platform można je w łatwy sposób wdrożyć w swoim startupie lub firmie.
Prezentacja Macieja Pieńkosza z Sotrendera poczas Data Science Summit 2020
Reproducibility and automation of machine learning process
A speech about organization of machine learning process in practice. Conceptual and technical aspects discussed. Introduction into Luigi framework. A short story about neural networks fitting in Flo - top-level mobile tracker of women health.
Mozilla: Mozmill meets L10n
Basics of Mozmill and how this functional testing tool can help us to improve the quality of localized Firefox builds.
Open Embedded Assessments:
Play, Author; Anywhere, Anytime
Presented by Brandon Muramatsu, Justin Ball, Kirky Delong, Joel Duffin and Bracken Mosbacker, 2017 Open Education Conference, Anaheim, CA.,October 11-13, 2017
PyData Berlin 2018: dvc.org
Data versioning in machine learning projects. How is data science different from software engineering? Is there a methodology mismatch? How to use dvc.org to version data and experiments.
Fast and Reproducible Deep Learning
Deep learning projects require managing large datasets, heavy-duty dependencies, complex experiments, and large amounts of code. This talk provides best practices for accomplishing these tasks efficiently and reproducibly. Tools that are covered include the Creevey library for processing large collections of files; pip-tools and nvidia-docker for managing dependencies; and MLflow Tracking for tracking experiments.
Big Data LDN 2018: HOW RANK GAMING PRODUCTIONISED & AUTOMATED THE MANAGEMENT ...
Date: 13th November 2018
Location: Data Ops Theatre
Time: 13:50 - 14:20
Speakers: Terry McCann, Adatis & Chris Conroy, Rank Group
About: Rank Group approached Adatis Consulting Ltd in 2017 to help tackle a key issue their data science team were encountering – “How do you to gracefully transition from one machine learning model to another as models are retrained and rewritten?”
Rank Group is the owner of many popular gaming brands in the UK, including Grosvenor Casinos and Mecca Bingo. Rank use Machine Learning to optimise and influence business decisions across their enterprise. Models are deployed to identify customers churn, improve cross sale, enhance retention and most importantly to identify customers who are at risk of having a gambling addiction. These models are constantly being evaluated and retrained as gambling habits change and new games are introduced.
London-based advanced analytics consultancy Adatis implemented a new advanced Machine Learning Model Management service based on the "Rendezvous" Architecture created by Ellen Friedman and Ted Dunning. Rendezvous handles the distribution of a single request to multiple models, scoring all in parallel, then decides on the most appropriate output to return. This is a massively scalable, flexible architecture that solves one of the key problems encountered by Data Science teams today. In this session we will look at the original problem and the architecture which was used to solve it.
2018 data engineering for ml asset management for features and models
How to really accelerate your enterprise effort through AI and what we learned is important to consider
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
This is a English slides of my presentation about machine learning implementation for model web application. Some advices for developers, which decided to create the same implementation in real production environment.
Similar to MALIGN MACHINE LEARNING MODELS (20)
Using Crowdsourced Images to Create Image Recognition Models with Analytics Z...
Using Crowdsourced Images to Create Image Recognition Models with Analytics Z...
GLOA:A New Job Scheduling Algorithm for Grid Computing
GLOA:A New Job Scheduling Algorithm for Grid Computing
Using Application Skeletons to Improve eScience Infrastructure
Using Application Skeletons to Improve eScience Infrastructure
5212303961620480 1585670953 joanna_stachera_proposal_g_soc2020
5212303961620480 1585670953 joanna_stachera_proposal_g_soc2020
Ultra Fast Deep Learning in Hybrid Cloud Using Intel Analytics Zoo & Alluxio
Ultra Fast Deep Learning in Hybrid Cloud Using Intel Analytics Zoo & Alluxio
The Quest for an Open Source Data Science Platform
The Quest for an Open Source Data Science Platform
Trenowanie i wdrażanie modeli uczenia maszynowego z wykorzystaniem Google Clo...
Trenowanie i wdrażanie modeli uczenia maszynowego z wykorzystaniem Google Clo...
Reproducibility and automation of machine learning process
Reproducibility and automation of machine learning process
Open Embedded Assessments:
Play, Author; Anywhere, Anytime
Open Embedded Assessments:
Play, Author; Anywhere, Anytime
Big Data LDN 2018: HOW RANK GAMING PRODUCTIONISED & AUTOMATED THE MANAGEMENT ...
Big Data LDN 2018: HOW RANK GAMING PRODUCTIONISED & AUTOMATED THE MANAGEMENT ...
Exploring GitHub Actions through EGAD: An Experience Report
Exploring GitHub Actions through EGAD: An Experience Report
2018 data engineering for ml asset management for features and models
2018 data engineering for ml asset management for features and models
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
Ml based detection of users anomaly activities (20th OWASP Night Tokyo, English)
Cloud Programming Models: eScience, Big Data, etc.
Cloud Programming Models: eScience, Big Data, etc.
More from Sergey Gordeychik
Vulnerabilities of machine learning infrastructure
The boom of artificial intelligence brought to the market a set of impressive solutions both on hardware and software sides. On the other hand, massive implementation of AI in various areas brings about problems, and security is one of the greatest concerns. The speaker will present results of hands-on vulnerability research of different components of AI infrastructure, including NVIDIA DGX GPU servers, ML frameworks, such as PyTorch, Keras, and TensorFlow, data processing pipelines and specific applications, including medical imaging and face recognition–powered CCTV. Updated Internet Census toolkit based on the Grinder framework will be introduced.
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Practical analysis of the cybersecurity of European smart grids
This paper summarizes the experience gained during a series of
practical cybersecurity assessments of various components of Europe’s
smart electrical grids.
SD-WAN Internet Census, Zeronighst 2018
The goal of this talk is to provide the results of passive and active fingerprinting for SD-WAN systems using a common threat intelligence approach. We explore Internet-based and cloud-based publicly available SD-WAN systems using the well-known «Shodan» and «Censys» search engines and custom developed automation tools and show that most of the SD-WAN systems have known vulnerabilities related to outdated software and insecure configuration.
Anton Nikolaev, Denis Kolegov, Oleg Broslavsky
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
Denis Kolegov, Oleg Broslavsky, Power of Community 2018, Seoul, Korea
Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020.
In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.
Too soft[ware defined] networks SD-Wan vulnerability assessment
The software defined wide-area network is technology based on SDN approach applied to branch office connections in Enterprises. According to Gartner's predictions, more than 50% of routers will be replaced with SD-WAN Solutions by 2020.
The SD-WAN can have firewalls and other perimeter security features on board which makes them attractive targets for attackers. Vendors promise "on-the-fly agility, security" and many other benefits. But what does "security" really mean from a hand-on perspective? Most of SD-WAN solutions are distributed as Linux-based Virtual Appliances or a Cloud-centric service which can make them low-hanging fruit even for script kiddie.
This presentation will introduce practical analysis of different SD-WAN solutions from the attacker perspective. Attack surface, threat model and real-world vulnerabilities in SD-WAN solutions will be presented.
Root via sms. 4G security assessment
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network.
And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier.
Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Recon: Hopeless relay protection for substation automation
Recon 2017: By Kirill Nesterov, Alexander Tlyapov
Digital Substation is an essential part of every electrical network. It is also a base ground for modern Smart Grid technologies. More than 4000 of IEC 61850 compatible substations operated in Europe, 20 000+ worldwide, each of the comprising communication and flow of gigawatts of electrical current between large power plants (thermoelectrical, hydroelectrical or even nuclear) and their respective consumers. Such consumers include cities, industrial objects and power plants themselves. During this talk we will focus on security analysis results of key Digital Substation component - Relay Protection Terminals. Protective relays are devices for detection of electrical faults. When such fault is detected relay device designed to trip a circuit breaker. Without them problems like over-current, over-voltage, reverse power flow, over-frequency, and under-frequency can lead to colorful and impressive pictures of giant electric arcs accompanied by bunch of sparks with total blackouts as a result.
Nowadays protective relays became digital devices with network access through which operators can access different services like self-testing, statistics, logs and others. More of it, electrical lines are also combined with fiber-optic lines for communications. Electrical part of such lines need minimal traffic, but protection against surges. So such lines can be leased to different organizations, exposing great target for attacker. All of services inside such networks are available through different industrial protocols like IEC 61850 (MMS, GOOSE), IEC104 and Modbus, a not very industrial protocols HTTP, FTP, SSH and everybody’s favorite proprietary protocols. We will show how to dig very deep inside Relay Protection Terminal and how to abuse numerous weaknesses and vulnerabilities inside.
The Great Train Robbery: Fast and Furious
Railway cybersecurity for high speed trains as presented by Sergey Sidorov on Overdrive Con 2017
Cybersecurity Assessment of Communication-Based Train Control systems
Recently published information on the cybersecurity assessment of railway computer and communication-based control systems (CBCS) identified several weaknesses and vulnerabilities, which allow threat agents to not only degrade system reliability and bypass safety mechanisms, but to carry out attacks which directly affect the rail traffic safety 1. Despite these findings, remarkably these systems meet all relevant IT security and functional safety requirements and have the required international, national and industrial certificates. To reduce the risks associated with cyberattacks against CBCS and their components, we recommend that system certification procedures be designed to include elements of security assessment and penetration testing.
Greater China Cyber Threat Landscape - ISC 2016
The goal of the talk is to demonstrate how technical vulnerabilities in the IT components can be used to bypass industrial and functional safety features and create cable melting or blackout conditions. Few (fixed) vulnerabilities in Relay Protection terminals discovered by the SCADA StrangeLove team will be discussed.
SCADA StrangeLove Practical security assessment of European Smartgrid
スマートグリッドのサイバーセキュリティ
電力系統は人類がこれまで構築した洗練されたシステムの1つである。IEC 61850のような新技術および欧州全体の取り組みは、大陸全体のスマートグリッドシステムの創造をより複雑にさせている。私たちの最新研究は、継電器保護や風力・太陽光発電を含めた、脅威の展望やアーキテクチャと現代的なスマートグリッド要素の実装の分析に注力していた。驚くべきこと(ではない)かもしれないが、巨大なタービンタワーや家庭用の太陽光発電機を管理するシステムはインターネットに接続されているだけでなく、多くの既知の脆弱性や容易にゼロデイになりやすい。たとえこれらのシステムがShodanで見つからなかったとしても、派手なクラウド技術はセキュリティのためにならない。この講演では、ハウスキーピングと屋上太陽光発電システムからデジタル変電所までの、欧州のスマートグリッド技術の様々な要素の安全性評価における実際の経験を述べる。スマートグリッド要素における新たな(しかし、責任を持って開示する)脆弱性やクラウドSCADA技術だけでなくスマートグリッド産業プロトコルの安全性評価のための新しいツールも公開する。
More from Sergey Gordeychik (12)
Vulnerabilities of machine learning infrastructure
Vulnerabilities of machine learning infrastructure
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Practical analysis of the cybersecurity of European smart grids
Practical analysis of the cybersecurity of European smart grids
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
Too soft[ware defined] networks SD-Wan vulnerability assessment
Recon: Hopeless relay protection for substation automation
Recon: Hopeless relay protection for substation automation
Cybersecurity Assessment of Communication-Based Train Control systems
Cybersecurity Assessment of Communication-Based Train Control systems
SCADA StrangeLove Practical security assessment of European Smartgrid
SCADA StrangeLove Practical security assessment of European Smartgrid
Recently uploaded
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GridMate - End to end testing is a critical piece to ensure quality and avoid...
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsBy Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Recently uploaded (20)
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
MALIGN MACHINE LEARNING MODELS
- 1. MALIGN MACHINE LEARNING MODELS Roman Palkin, Tomsk State University, AISec
- 2. github.com/sdnewhop/AISec 2 The project’s goal: Cybersecurity of Machine Learning and Artificial Intelligence Implementations Contributors: ● Sergey Gordeychik ● Denis Kolegov ● Antoniy Nikolaev ● Roman Palkin ● Maria Nedyak AISec Team That’s me!
- 3. Problem overview 3 Data science in the 60s Data science in the 80s Data science in the 10s Data science in 2019
- 5. More parameters -> Longer train 5
- 6. Pre-trained model workflow 6 1. Model interface (some wrapper, cli, etc.) 2. Download the weights in some form 3. Run the model .py / .sh / etc .pb / .h5 / .pth .json / .yml /.csv
- 7. Distribution 7 •~ 2k repos on github •~ 100 repos on gitlab •~ 500 models on https://modelzoo.co/
- 8. Part I 8
- 9. Documentation 9 Whole model Weights only PyTorch model (.pth)
- 10. Reality 10 Whole model Weights only
- 11. Step 1. Find an existing model 11
- 12. Step 2. Infect it! 12 Overwrite the magic number `Classic` Pickle payload Python code to execute on load Shell code to run on load
- 13. Step 3. Upload it 13 Link to our malicious file
- 14. •Just one command to run from anywhere! •torch.hub.load(“ChickenDuo/top”, “model”) 14
- 15. Part II 15
- 17. Cross-platform -> Another approach 17
- 18. Custom serialization •Protobuf format (.pb) •~1300 operations (math, conditionals, statistics, etc.) •Only TWO of them were found dangerous •WriteFile (any text, any file) •ReadFile (any file) 18 Looks like Google is aware of them
- 19. Graph serialization 19 Result Tenso r Some ops Payload > result? Result Tenso r Some ops Payload ops True False
- 20. Code 20 Read the existing graph and rename the “ending” tensor Execute func to determine which route to take (tensor or tensor) Write it all back
- 21. Wrapper 21 Check if file exists Append our payload to a file
- 22. Wrapper 22 Check if file exists Append our payload to a file
- 23. Configs 23
- 24. Part III 24
- 25. 25 Keras model Serialization Saved Model Keras with h5 Weights onlyModel from config
- 26. Serialization with topology 26 - Only Keras layers (Functional model) - … has a Lambda layer, which serialize custom python function with marshal (https://github.com/keras-team/keras/blob/master/k eras/layers/core.py#L566) - No warning on launching third-party models! © keras.io
- 27. Example 27
- 28. 28