machine learning - triangleinfosecon.com...• if a given machine can interpret the data, learn from...
TRANSCRIPT
![Page 2: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/2.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity Attack Landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 3: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/3.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 4: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/4.jpg)
INDUSTRY HOOPLA
High accuracy- no noise
No update ever needed
No endpoint protected by our products has ever
been breached
Machine Learning and AI – same results as SME
29x better productivity
Automatically detects and
classifies
![Page 5: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/5.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity Attack Landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 6: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/6.jpg)
ML VISIONARIES
“The development of full artificial intelligence could spell the end of the human race.” Hawking
Artificial intelligence could be the “most likely” cause of a third world war. Musk
the nation that leads in AI ‘will be the ruler of the world’ Putin
“We are at the beginning of the goldern age of Ai” Bezos
![Page 7: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/7.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity Attack Landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 8: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/8.jpg)
ARTIFICIAL INTELLIGENCE Artificial intelligence
• If a given machine can
interpret the data, learn from it,
and use that knowledge to
adapt and achieve specific goals
Machine Learning
• If a machine can learn
without being explicitly programmed
![Page 9: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/9.jpg)
ML FURTHER DEFINED
The process by which a computer can improve its own performance by continuously incorporating new data into an existing statistical model (Merriam-Webster)
The hope is that ML can help us with better prediction, classification, prioritization
![Page 10: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/10.jpg)
ML (CONT…)
![Page 11: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/11.jpg)
SUPERVISED LEARNING
![Page 12: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/12.jpg)
UNSUPERVISED LEARNING
![Page 13: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/13.jpg)
MACHINE LEARNING GENERAL ALGORITHMS
![Page 14: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/14.jpg)
ALGORITHMS (CONT…)
https://medium.com/machine-learning-in-practice/cheat-sheet-of-machine-learning-and-python-and-math-cheat-sheets-a4afe4e791b6
![Page 15: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/15.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity Attack Landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 16: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/16.jpg)
DOMO : DATA NEVER SLEEPS
![Page 17: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/17.jpg)
CYBERSECURITY ATTACK LANDSCAPE
• Prior actions
• Occurred actions
• Potential actions
• Detection Mitigation
• Relevant threat
actors
• Intent
• Capabilities
• Tactics,
techniques
and procedures (TTP)
• Vulnerable
• Misconfigurations
• Weaknesses
![Page 18: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/18.jpg)
DATA MINING
Classification Estimation Prediction
Clustering Visualization
![Page 19: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/19.jpg)
CYBER KILL CHAIN
![Page 20: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/20.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity Attack Landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 21: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/21.jpg)
ML USE CASES IN CYBERSECURITYNetwork Threat Identification
DLP Antivirus/Malware detection
Email/Chatbot
User Behavior Modeling
ShiledX-identifying which security policies are applicable for each application
Bay Dynamics and Symantec
Smart Antivirus : AI to predict, detect and respond to cybersecurity threats
KnowmailAgariinbenta
Darktrace
Versive - use anomaly detection to identify network security threats
Harvest.AIMacieMcAfee, Sophos, Symantec, Trend Micro, Webroot, MobileIron and Zimperium
![Page 22: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/22.jpg)
MALWARE DETECTION TAXONOMY
![Page 23: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/23.jpg)
EMAIL SPAM SAMPLE WORKFLOW
![Page 24: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/24.jpg)
THREAT INTELLIGENCE MODEL
https://littlefield.co/cyber-threat-intelligence-applying-machine-learning-data-mining-and-text-feature-extraction-to-bb00c3b729bc
![Page 25: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/25.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 26: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/26.jpg)
ML SHORTCOMINGS IN CYBERSECURITY
• No standard framework
• Not enough rich data
• Not enough experts per domain
• No standard features set
• Not enough computational power/memory to process ton of data
• Not enough training time
• Not enough customization on blocks & algorithms
![Page 27: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/27.jpg)
AGENDA
• Industry Hoopla
• Machine Learning (ML) Visionaries
• What’s Machine Learning?
• Supervised Learning
• Unsupervised Learning
• Cybersecurity landscape
• Possible use cases
• ML Shortcomings
• Conclusion
![Page 28: MACHINE LEARNING - triangleinfosecon.com...• If a given machine can interpret the data, learn from it, and use that knowledge to adapt and achieve specific goals Machine Learning](https://reader035.vdocuments.mx/reader035/viewer/2022070818/5f16e5a9bd2808121c23934a/html5/thumbnails/28.jpg)
CONCLUSION
Models does not learn on its own
Models does not give us 99% accuracy
Once model is trained, we need to keep retraining with changing situation
Need continuous learning and shifting
Still not at the level of production