book

Machine Learning and Security

by Clarence Chio, David Freeman

February 2018

Intermediate to advanced

383 pages

11h 30m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Preface
What’s In This Book?Who Is This Book For?Conventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
1. Why Machine Learning and Security?
Cyber Threat LandscapeThe Cyber Attacker’s EconomyA Marketplace for Hacking SkillsIndirect MonetizationThe UpshotWhat Is Machine Learning?What Machine Learning Is NotAdversaries Using Machine LearningReal-World Uses of Machine Learning in SecuritySpam Fighting: An Iterative ApproachLimitations of Machine Learning in Security
2. Classifying and Clustering
Machine Learning: Problems and ApproachesMachine Learning in Practice: A Worked ExampleTraining Algorithms to LearnModel FamiliesLoss FunctionsOptimizationSupervised Classification AlgorithmsLogistic RegressionDecision TreesDecision ForestsSupport Vector MachinesNaive Bayesk-Nearest NeighborsNeural NetworksPractical Considerations in ClassificationSelecting a Model FamilyTraining Data ConstructionFeature SelectionOverfitting and UnderfittingChoosing Thresholds and Comparing ModelsClusteringClustering AlgorithmsEvaluating Clustering ResultsConclusion
3. Anomaly Detection
When to Use Anomaly Detection Versus Supervised LearningIntrusion Detection with HeuristicsData-Driven MethodsFeature Engineering for Anomaly DetectionHost Intrusion DetectionNetwork Intrusion DetectionWeb Application Intrusion DetectionIn SummaryAnomaly Detection with Data and AlgorithmsForecasting (Supervised Machine Learning)Statistical MetricsGoodness-of-FitUnsupervised Machine Learning AlgorithmsDensity-Based MethodsIn SummaryChallenges of Using Machine Learning in Anomaly DetectionResponse and MitigationPractical System Design ConcernsOptimizing for ExplainabilityMaintainability of Anomaly Detection SystemsIntegrating Human FeedbackMitigating Adversarial EffectsConclusion
4. Malware Analysis
Understanding MalwareDefining Malware ClassificationMalware: Behind the ScenesFeature GenerationData CollectionGenerating FeaturesFeature SelectionFrom Features to ClassificationHow to Get Malware Samples and LabelsConclusion
5. Network Traffic Analysis
Theory of Network DefenseAccess Control and AuthenticationIntrusion DetectionDetecting In-Network AttackersData-Centric SecurityHoneypotsSummaryMachine Learning and Network SecurityFrom Captures to FeaturesThreats in the NetworkBotnets and YouBuilding a Predictive Model to Classify Network AttacksExploring the DataData PreparationClassificationSupervised LearningSemi-Supervised LearningUnsupervised LearningAdvanced EnsemblingConclusion
6. Protecting the Consumer Web
Monetizing the Consumer WebTypes of Abuse and the Data That Can Stop ThemAuthentication and Account TakeoverAccount CreationFinancial FraudBot ActivitySupervised Learning for Abuse ProblemsLabeling DataCold Start Versus Warm StartFalse Positives and False NegativesMultiple ResponsesLarge AttacksClustering AbuseExample: Clustering Spam DomainsGenerating ClustersScoring ClustersFurther Directions in ClusteringConclusion
7. Production Systems
Defining Machine Learning System Maturity and ScalabilityWhat’s Important for Security Machine Learning Systems?Data QualityProblem: Bias in DatasetsProblem: Label InaccuracySolutions: Data QualityProblem: Missing DataSolutions: Missing DataModel QualityProblem: Hyperparameter OptimizationSolutions: Hyperparameter OptimizationFeature: Feedback Loops, A/B Testing of ModelsFeature: Repeatable and Explainable ResultsPerformanceGoal: Low Latency, High ScalabilityPerformance OptimizationHorizontal Scaling with Distributed Computing FrameworksUsing Cloud ServicesMaintainabilityProblem: Checkpointing, Versioning, and Deploying ModelsGoal: Graceful DegradationGoal: Easily Tunable and ConfigurableMonitoring and AlertingSecurity and ReliabilityFeature: Robustness in Adversarial ContextsFeature: Data Privacy Safeguards and GuaranteesFeedback and UsabilityConclusion
8. Adversarial Machine Learning
TerminologyThe Importance of Adversarial MLSecurity Vulnerabilities in Machine Learning AlgorithmsAttack TransferabilityAttack Technique: Model PoisoningExample: Binary Classifier Poisoning AttackAttacker KnowledgeDefense Against Poisoning AttacksAttack Technique: Evasion AttackExample: Binary Classifier Evasion AttackDefense Against Evasion AttacksConclusion
A. Supplemental Material for Chapter 2
More About MetricsSize of Logistic Regression ModelsImplementing the Logistic Regression Cost FunctionMinimizing the Cost Function

B. Integrating Open Source Intelligence
Security Intelligence FeedsGeolocation
Index

Overview

Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself. With this practical guide, you’ll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.

Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.

Learn how machine learning has contributed to the success of modern spam filters
Quickly detect anomalies, including breaches, fraud, and impending system failure
Conduct malware analysis by extracting useful information from computer binaries
Uncover attackers within the network by finding patterns inside datasets
Examine how attackers exploit consumer-facing websites and app functionality
Translate your machine learning algorithms from the lab to production
Understand the threat attackers pose to machine learning solutions

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Hands-On Machine Learning for Cybersecurity

Publisher Resources

ISBN: 9781491979891Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills