Catching Bad Guys with Machine Learning

Transcript

1. Catching Bad Catching Bad Guys with ML Guys with ML

   by Eugene Teo by Eugene Teo IICSG2018 IICSG2018

2. whoami whoami Director of Security at Ultimate Software Was part

   of [email protected] Ex-{CSIT, Red Hat, Symantec} 15+ years in Cybersecurity

3. Agenda Agenda {Machine, Deep} learning Security problems we can solve

   Can we trust machine learning When not to trust the algorithm Chasing the red queen

4. Machine learning is eating the Machine learning is eating the

   world world

5. Flying a plane Flying a plane Dobelli, R. (2017). The

   Art of the Good Life. Hachette Books.

6. Flying a plane Flying a plane "Flying a plane" by

   Eugene Teo is licensed under CC BY-NC-ND.

7. Machine learning model Machine learning model Zheng, A. (2015). Evaluating

   Machine Learning Models. O'Reilly Media.

8. Deep learning model Deep learning model Chollet, F. (2017). Deep

   Learning with Python. Manning Publications.

9. When to use machine When to use machine learning (or

   not) learning (or not)

10. No free lunch theorem No free lunch theorem

11. Security threats Security threats Chio, C., & Freeman, D. (2018).

    Machine Learning & Security. O'Reilly Media.

12. Recent research papers Recent research papers What we learn from

    learning - Understanding capabilities and limitations of machine learning in botnet attacks [Santana et al.] Detecting Malicious PowerShell Commands using Deep Neural Networks [Hendler et al.] A Deep Learning Approach to Fast, Format-Agnostic Detection of Malicious Web Content [Saxe et al.] RAPTOR: Ransomware Attack PredicTOR [Quinkert et al.] EMBER: An Open Dataset for Training Static PE Malware Machine Learning Models [Anderson et al.]

13. Detecting Necurs DGAs Detecting Necurs DGAs Spam botnet - Dridex

    and Locky P&D and DDoS attacks https://www.symantec.com/content/dam/symantec/docs/reports/istr-23-2018-en.pdf

14. Detecting Necurs DGAs Detecting Necurs DGAs LSTM RNN Datasets: Alexa

    Top Sites The DGArchive Project Binary classi cation Based on https://arxiv.org/abs/1611.00791

15. Demo Demo

16. Can we trust machine Can we trust machine learning? learning?

17. Machine learning risk factors Machine learning risk factors Imperfect learning

    CACE (Changing Anything Changes Everything) Correction cascades Unstable data dependencies Etc. Sculley, D., Holt, G., Golovin, D., Davydov, E., Phillips, T., Ebner, D., et al. (2015). Hidden Technical Debt in Machine Learning Systems, 2503–2511.

18. When not to trust the When not to trust the

    algorithm? algorithm? Chio, C., & Freeman, D. (2018). Machine Learning & Security. O'Reilly Media.

19. When not to trust the When not to trust the

    algorithm? algorithm? Evasion attack Model poisoning Information leakage Etc.

20. Machine learning code Machine learning code Sculley, D., Holt, G.,

    Golovin, D., Davydov, E., Phillips, T., Ebner, D., et al. (2015). Hidden Technical Debt in Machine Learning Systems, 2503–2511.

21. Chasing the red queen Chasing the red queen Have a

    fundamental understanding of machine learning SOC and Threat Intelligence teams: To improve e cacy of security detections For intelligence gathering Red teams: To avoid being detected by machine learning models To perform adversarial attacks on models, evade classi ers, and steal information from models Dealing with machine learning bugs Vendor management: Asking the right questions

22. Thanks! Thanks! Eugene Teo Eugene Teo Website: https://temasek.org/ Email: eugene[0x40]temasek.org