The implications are though, that even if the adversary adapts, that the ML analytic is forcing the adversary to operate in a smaller space to avoid appearing anomalous. I consider anything that can shift the balance of cost from the defender to the adversary to be wildly successful.
--Willie On Thu, Nov 20, 2014 at 5:25 PM, Halvar Flake <[email protected]> wrote: > Hey all, > > thanks for the link, and it is indeed a fun talk :-) > > An important detail that many people in "machine learning for security" > neglect > is that the vast majority > of ML algorithms were not designed for (and will not function well) in an > adversarial model. Normally, > one is trying to model an unknown statistical process based on past > observables; the concept that the > statistical process may adapt itself with the intent of fooling you isn't > really of interest when you try to > recognize faces / letters / cats / copyrighted content programmatically. > > For entertainment, I think everyone that plays with statistics / curve > fitting / machine learning in our field > should have a look at two things: > > http://cvdazzle.com/ - people trying crazy makeup / hair styles to > screw with face detection. > http://blaine-nelson.com/research/pubs/Huang-Joseph-AISec-2011 - a > riot of a paper that introduces "Adversarial Machine Learning" > > This doesn't mean that you can't have huge successes temporarily using ML > / curve fitting / statistics; > attackers haven't felt the need to adapt to anything but AV signatures > and DNS blacklisting yet, so relatively simple > ML will have big gains initially. I suspect, though, that a really > important part of using ML for defense in any form > is "not becoming an oracle" - which is often counter to commercial > success. It may be that the only good, long-term > ML-based defense is one that can't be bought. > > Cheers, > Halvar > > > > > *Gesendet:* Donnerstag, 20. November 2014 um 19:16 Uhr > *Von:* "Dave Aitel" <[email protected]> > *An:* [email protected] > *Betreff:* [Dailydave] Machine Learning and Dimensions and stuff > https://vimeo.com/112322888 > > Dmitri pointed me at the above talk which is essentially a good > specialized 101-level lecture on how machine learning works in the > security space. > > There's not much to criticize in the talk! (It has a lot of the features > of El Jefe!) They use a real graph database to run their algorithms > against process trees - but if you wanted to heckle you'd ask "Doesn't > the CreateProcess() system call also take "parent process" as an > argument? What IS the rate of false positives? Because if you can't get > it down to basically 0 then you are essentially wasting your time? etc." :> > > But again, nobody asked any hard questions - and while the talk nibbled > around the edges of the tradeoffs with using machine learning techniques > on this kind of data, it didn't go into any depth at all about which > ones they've tried and failed at. It's a technical talk, but it's not a > DETAILED talk in the sense of "Here's some outliers that show us where > we fail and where we succeed and perhaps why". > > That said, if you don't have a plan to do this sort of thing, then > you're probably failing at some level, so worth a watch. :> > > -dave > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
