Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by David Freeman, Clarence Chio
Machine Learning and Security
Preface
What’s In This Book?
Who Is This Book For?
Conventions Used in This Book
Using Code Examples
O’Reilly Safari
How to Contact Us
Acknowledgments
1. Why Machine Learning and Security?
Cyber Threat Landscape
The Cyber Attacker’s Economy
A Marketplace for Hacking Skills
Indirect Monetization
The Upshot
What Is Machine Learning?
What Machine Learning Is Not
Adversaries Using Machine Learning
Real-World Uses of Machine Learning in Security
Spam Fighting: An Iterative Approach
Limitations of Machine Learning in Security
2. Classifying and Clustering
Machine Learning: Problems and Approaches
Machine Learning in Practice: A Worked Example
Training Algorithms to Learn
Model Families
Loss Functions
Optimization
Supervised Classification Algorithms
Logistic Regression
Decision Trees
Decision Forests
Support Vector Machines
Naive Bayes
k-Nearest Neighbors
Neural Networks
Practical Considerations in Classification
Selecting a Model Family
Training Data Construction
Feature Selection
Overfitting and Underfitting
Choosing Thresholds and Comparing Models
Clustering
Clustering Algorithms
Evaluating Clustering Results
Conclusion
3. Anomaly Detection
When to Use Anomaly Detection Versus Supervised Learning
Intrusion Detection with Heuristics
Data-Driven Methods
Feature Engineering for Anomaly Detection
Host Intrusion Detection
Network Intrusion Detection
Web Application Intrusion Detection
In Summary
Anomaly Detection with Data and Algorithms
Forecasting (Supervised Machine Learning)
Statistical Metrics
Goodness-of-Fit
Unsupervised Machine Learning Algorithms
Density-Based Methods
In Summary
Challenges of Using Machine Learning in Anomaly Detection
Response and Mitigation
Practical System Design Concerns
Optimizing for Explainability
Maintainability of Anomaly Detection Systems
Integrating Human Feedback
Mitigating Adversarial Effects
Conclusion
4. Malware Analysis
Understanding Malware
Defining Malware Classification
Malware: Behind the Scenes
Feature Generation
Data Collection
Generating Features
Feature Selection
From Features to Classification
How to Get Malware Samples and Labels
Conclusion
5. Network Traffic Analysis
Theory of Network Defense
Access Control and Authentication
Intrusion Detection
Detecting In-Network Attackers
Data-Centric Security
Honeypots
Summary
Machine Learning and Network Security
From Captures to Features
Threats in the Network
Botnets and You
Building a Predictive Model to Classify Network Attacks
Exploring the Data
Data Preparation
Classification
Supervised Learning
Semi-Supervised Learning
Unsupervised Learning
Advanced Ensembling
Conclusion
6. Protecting the Consumer Web
Monetizing the Consumer Web
Types of Abuse and the Data That Can Stop Them
Authentication and Account Takeover
Account Creation
Financial Fraud
Bot Activity
Supervised Learning for Abuse Problems
Labeling Data
Cold Start Versus Warm Start
False Positives and False Negatives
Multiple Responses
Large Attacks
Clustering Abuse
Example: Clustering Spam Domains
Generating Clusters
Scoring Clusters
Further Directions in Clustering
Conclusion
7. Production Systems
Defining Machine Learning System Maturity and Scalability
What’s Important for Security Machine Learning Systems?
Data Quality
Problem: Bias in Datasets
Problem: Label Inaccuracy
Solutions: Data Quality
Problem: Missing Data
Solutions: Missing Data
Model Quality
Problem: Hyperparameter Optimization
Solutions: Hyperparameter Optimization
Feature: Feedback Loops, A/B Testing of Models
Feature: Repeatable and Explainable Results
Performance
Goal: Low Latency, High Scalability
Performance Optimization
Horizontal Scaling with Distributed Computing Frameworks
Using Cloud Services
Maintainability
Problem: Checkpointing, Versioning, and Deploying Models
Goal: Graceful Degradation
Goal: Easily Tunable and Configurable
Monitoring and Alerting
Security and Reliability
Feature: Robustness in Adversarial Contexts
Feature: Data Privacy Safeguards and Guarantees
Feedback and Usability
Conclusion
8. Adversarial Machine Learning
Terminology
The Importance of Adversarial ML
Security Vulnerabilities in Machine Learning Algorithms
Attack Transferability
Attack Technique: Model Poisoning
Example: Binary Classifier Poisoning Attack
Attacker Knowledge
Defense Against Poisoning Attacks
Attack Technique: Evasion Attack
Example: Binary Classifier Evasion Attack
Defense Against Evasion Attacks
Conclusion
A. Supplemental Material for Chapter 2
More About Metrics
Size of Logistic Regression Models
Implementing the Logistic Regression Cost Function
Minimizing the Cost Function
B. Integrating Open Source Intelligence
Security Intelligence Feeds
Geolocation
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Praise for Machine Learning and Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset