book

Machine Learning and Security

by Clarence Chio, David Freeman

February 2018

Intermediate to advanced

383 pages

11h 30m

English

O'Reilly Media, Inc.

Book available

Read now

Unlock full access

What’s In This Book?Who Is This Book For?Conventions Used in This BookUsing Code ExamplesO’Reilly SafariHow to Contact UsAcknowledgments
Cyber Threat LandscapeThe Cyber Attacker’s EconomyA Marketplace for Hacking SkillsIndirect MonetizationThe UpshotWhat Is Machine Learning?What Machine Learning Is NotAdversaries Using Machine LearningReal-World Uses of Machine Learning in SecuritySpam Fighting: An Iterative ApproachLimitations of Machine Learning in Security
Machine Learning: Problems and ApproachesMachine Learning in Practice: A Worked ExampleTraining Algorithms to LearnModel FamiliesLoss FunctionsOptimizationSupervised Classification AlgorithmsLogistic RegressionDecision TreesDecision ForestsSupport Vector MachinesNaive Bayesk-Nearest NeighborsNeural NetworksPractical Considerations in ClassificationSelecting a Model FamilyTraining Data ConstructionFeature SelectionOverfitting and UnderfittingChoosing Thresholds and Comparing ModelsClusteringClustering AlgorithmsEvaluating Clustering ResultsConclusion
When to Use Anomaly Detection Versus Supervised LearningIntrusion Detection with HeuristicsData-Driven MethodsFeature Engineering for Anomaly DetectionHost Intrusion DetectionNetwork Intrusion DetectionWeb Application Intrusion DetectionIn SummaryAnomaly Detection with Data and AlgorithmsForecasting (Supervised Machine Learning)Statistical MetricsGoodness-of-FitUnsupervised Machine Learning AlgorithmsDensity-Based MethodsIn SummaryChallenges of Using Machine Learning in Anomaly DetectionResponse and MitigationPractical System Design ConcernsOptimizing for ExplainabilityMaintainability of Anomaly Detection SystemsIntegrating Human FeedbackMitigating Adversarial EffectsConclusion
Understanding MalwareDefining Malware ClassificationMalware: Behind the ScenesFeature GenerationData CollectionGenerating FeaturesFeature SelectionFrom Features to ClassificationHow to Get Malware Samples and LabelsConclusion
Theory of Network DefenseAccess Control and AuthenticationIntrusion DetectionDetecting In-Network AttackersData-Centric SecurityHoneypotsSummaryMachine Learning and Network SecurityFrom Captures to FeaturesThreats in the NetworkBotnets and YouBuilding a Predictive Model to Classify Network AttacksExploring the DataData PreparationClassificationSupervised LearningSemi-Supervised LearningUnsupervised LearningAdvanced EnsemblingConclusion
Monetizing the Consumer WebTypes of Abuse and the Data That Can Stop ThemAuthentication and Account TakeoverAccount CreationFinancial FraudBot ActivitySupervised Learning for Abuse ProblemsLabeling DataCold Start Versus Warm StartFalse Positives and False NegativesMultiple ResponsesLarge AttacksClustering AbuseExample: Clustering Spam DomainsGenerating ClustersScoring ClustersFurther Directions in ClusteringConclusion
Defining Machine Learning System Maturity and ScalabilityWhat’s Important for Security Machine Learning Systems?Data QualityProblem: Bias in DatasetsProblem: Label InaccuracySolutions: Data QualityProblem: Missing DataSolutions: Missing DataModel QualityProblem: Hyperparameter OptimizationSolutions: Hyperparameter OptimizationFeature: Feedback Loops, A/B Testing of ModelsFeature: Repeatable and Explainable ResultsPerformanceGoal: Low Latency, High ScalabilityPerformance OptimizationHorizontal Scaling with Distributed Computing FrameworksUsing Cloud ServicesMaintainabilityProblem: Checkpointing, Versioning, and Deploying ModelsGoal: Graceful DegradationGoal: Easily Tunable and ConfigurableMonitoring and AlertingSecurity and ReliabilityFeature: Robustness in Adversarial ContextsFeature: Data Privacy Safeguards and GuaranteesFeedback and UsabilityConclusion
TerminologyThe Importance of Adversarial MLSecurity Vulnerabilities in Machine Learning AlgorithmsAttack TransferabilityAttack Technique: Model PoisoningExample: Binary Classifier Poisoning AttackAttacker KnowledgeDefense Against Poisoning AttacksAttack Technique: Evasion AttackExample: Binary Classifier Evasion AttackDefense Against Evasion AttacksConclusion
More About MetricsSize of Logistic Regression ModelsImplementing the Logistic Regression Cost FunctionMinimizing the Cost Function

Security Intelligence FeedsGeolocation

Content preview from Machine Learning and Security

Chapter 4. Malware Analysis

When the air-gapped nuclear centrifuges in Iran’s Natanz uranium enrichment facility inexplicably ceased to function in 2010, no one knew for sure who was responsible. The Stuxnet worm was one of the most sensational successes of international cyber warfare, and a game-changing demonstration of the far-reaching destructive capabilities of malicious computer software. This piece of malware propagated itself indiscriminately around the world, only unleashing its payload when it detected a specific make of industrial computer system that the target used. Stuxnet reportedly ended up on tens of thousands of Windows machines in its dormant state, while resulting in the destruction of one-fifth of Iran’s nuclear centrifuges, thereby achieving its alleged goal of obstructing the state’s weapons program.

Malware analysis is the study of the functionality, purpose, origin, and potential impact of malicious software. This task is traditionally highly manual and laborious, requiring analysts with expert knowledge in software internals and reverse engineering. Data science and machine learning have shown promise in automating certain parts of malware analysis, but these methods still rely heavily on extracting meaningful features from the data, which is a nontrivial task that continues to require practitioners with specialized skillsets.

In this chapter, we do not focus on statistical learning methods.¹ Instead, we discuss one of the most important but often underemphasized ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Hands-On Machine Learning for Cybersecurity

Publisher Resources

ISBN: 9781491979891Errata Page

Machine Learning and Security

by Clarence Chio, David Freeman

Chapter 4. Malware Analysis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Hands-On Machine Learning for Cybersecurity

Machine Learning Bookcamp

Machine Learning for Cybersecurity Cookbook

Graph-Powered Machine Learning

Publisher Resources

Chapter 4. Malware Analysis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Hands-On Machine Learning for Cybersecurity

Machine Learning Bookcamp

Machine Learning for Cybersecurity Cookbook

Graph-Powered Machine Learning

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.