
Dailydave mailing list archives
Re: Machine Learning and Dimensions and stuff
From: "shadown [at] gmail" <shadown () gmail com>
Date: Sat, 22 Nov 2014 10:30:23 +0100
Willie, could you elaborate? I'm interested in details, from vague statements we don't learn anything new. Please remember this is not the physical world, and very different rules apply. Cheers, Sergio
On 21.11.2014, at 22:19, William Kupersanin <wkupersa () gmail com> wrote: The implications are though, that even if the adversary adapts, that the ML analytic is forcing the adversary to operate in a smaller space to avoid appearing anomalous. I consider anything that can shift the balance of cost from the defender to the adversary to be wildly successful. --WillieOn Thu, Nov 20, 2014 at 5:25 PM, Halvar Flake <HalVar () gmx de> wrote: Hey all, thanks for the link, and it is indeed a fun talk :-) An important detail that many people in "machine learning for security" neglect is that the vast majority of ML algorithms were not designed for (and will not function well) in an adversarial model. Normally, one is trying to model an unknown statistical process based on past observables; the concept that the statistical process may adapt itself with the intent of fooling you isn't really of interest when you try to recognize faces / letters / cats / copyrighted content programmatically. For entertainment, I think everyone that plays with statistics / curve fitting / machine learning in our field should have a look at two things: http://cvdazzle.com/ - people trying crazy makeup / hair styles to screw with face detection. http://blaine-nelson.com/research/pubs/Huang-Joseph-AISec-2011 - a riot of a paper that introduces "Adversarial Machine Learning" This doesn't mean that you can't have huge successes temporarily using ML / curve fitting / statistics; attackers haven't felt the need to adapt to anything but AV signatures and DNS blacklisting yet, so relatively simple ML will have big gains initially. I suspect, though, that a really important part of using ML for defense in any form is "not becoming an oracle" - which is often counter to commercial success. It may be that the only good, long-term ML-based defense is one that can't be bought. Cheers, Halvar Gesendet: Donnerstag, 20. November 2014 um 19:16 Uhr Von: "Dave Aitel" <dave () immunityinc com> An: dailydave () lists immunityinc com Betreff: [Dailydave] Machine Learning and Dimensions and stuff https://vimeo.com/112322888 Dmitri pointed me at the above talk which is essentially a good specialized 101-level lecture on how machine learning works in the security space. There's not much to criticize in the talk! (It has a lot of the features of El Jefe!) They use a real graph database to run their algorithms against process trees - but if you wanted to heckle you'd ask "Doesn't the CreateProcess() system call also take "parent process" as an argument? What IS the rate of false positives? Because if you can't get it down to basically 0 then you are essentially wasting your time? etc." :> But again, nobody asked any hard questions - and while the talk nibbled around the edges of the tradeoffs with using machine learning techniques on this kind of data, it didn't go into any depth at all about which ones they've tried and failed at. It's a technical talk, but it's not a DETAILED talk in the sense of "Here's some outliers that show us where we fail and where we succeed and perhaps why". That said, if you don't have a plan to do this sort of thing, then you're probably failing at some level, so worth a watch. :> -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Machine Learning and Dimensions and stuff Dave Aitel (Nov 20)
- Re: Machine Learning and Dimensions and stuff Halvar Flake (Nov 20)
- Re: Machine Learning and Dimensions and stuff William Kupersanin (Nov 21)
- Re: Machine Learning and Dimensions and stuff shadown [at] gmail (Nov 22)
- Re: Machine Learning and Dimensions and stuff William Kupersanin (Nov 22)
- Re: Machine Learning and Dimensions and stuff Halvar Flake (Nov 22)
- Re: Machine Learning and Dimensions and stuff Parity (Nov 22)
- Re: Machine Learning and Dimensions and stuff William Kupersanin (Nov 21)
- Re: Machine Learning and Dimensions and stuff Halvar Flake (Nov 20)
- <Possible follow-ups>
- Re: Machine Learning and Dimensions and stuff Sven Krasser (Nov 24)
- Re: Machine Learning and Dimensions and stuff Oleg Kolesnikov (Nov 27)