DEF CON 22 - Alex Pinto - Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring

preview_player
Показать описание

Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring
Alex Pinto CHIEF DATA SCIENTIST, MLSEC PROJECT
We could all have predicted this with our magical Big Data analytics platforms, but it seems that Machine Learning is the new hotness in Information Security. A great number of startups with ‘cy’ and ‘threat’ in their names that claim that their product will defend or detect more effectively than their neighbour's product "because math". And it should be easy to fool people without a PhD or two that math just works.

Indeed, math is powerful and large scale machine learning is an important cornerstone of much of the systems that we use today. However, not all algorithms and techniques are born equal. Machine Learning is a most powerful tool box, but not every tool can be applied to every problem and that’s where the pitfalls lie.

This presentation will describe the different techniques available for data analysis and machine learning for information security, and discuss their strengths and caveats. The Ghost of Marketing Past will also show how similar the unfulfilled promises of deterministic and exploratory analysis were, and how to avoid making the same mistakes again.

Finally, the presentation will describe the techniques and feature sets that were developed by the presenter on the past year as a part of his ongoing research project on the subject, in particular present some interesting results obtained since the last presentation on DefCon 21, and some ideas that could improve the application of machine learning for use in information security, especially in its use as a helper for security analysts in incident detection and response.

Alex Pinto is the Chief Data Scientist of MLSec Project. The goal of the project is to provide a platform for hypothesis testing for people interested in the development of machine learning algorithms to support the information security monitoring practice. He has over 14 years dedicated to information security solutions architecture, strategic advisory and monitoring. He has experience with a great range of security products, and has managed SOCs and SIEM implementations for way too long. Alex currently currently holds the CISSP-ISSAP, CISA, CISM and PMP certifications, not that anyone cares. He was also a PCI QSA for almost 7 years, but is almost fully recovered.

Twitter: @alexcpsec
Рекомендации по теме
Комментарии
Автор

*The **_"machine learning"_** bit should be tested against random datasets then, right?* Is that like, somehow illogical?

Maybe if one's brain is full of higher maths, one sees a pitfall in this idea. Dunno, I didn't get that Ph.D. either. But you've really had a go at the marketing gurus, who'll put anything they think would sell shit in the brochures, and then leave you holding the bag, when your customer service goes to pot because the sales force has been selling "X" and you can only deliver "Y".

VelMa-opinion