Clarence Chio,
David Freeman
Machine Learning and Security
Protecting Systems with Data and Algorithms
Paperback Engels 2018 1e druk 9781491979907Verwachte levertijd ongeveer 16 werkdagen
Samenvatting
Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself. With this practical guide, you'll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.
Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.
- Learn how machine learning has contributed to the success of modern spam filters
- Quickly detect anomalies, including breaches, fraud, and impending system failure
- Conduct malware analysis by extracting useful information from computer binaries
- Uncover attackers within the network by finding patterns inside datasets
- Examine how attackers exploit consumer-facing websites and app functionality
- Translate your machine learning algorithms from the lab to production
- Understand the threat attackers pose to machine learning solutions
Specificaties
ISBN13:9781491979907
Trefwoorden:beveiliging, machine learning, IT-security
Taal:Engels
Bindwijze:paperback
Aantal pagina's:366
Uitgever:O'Reilly
Druk:1
Verschijningsdatum:16-2-2018
Hoofdrubriek:IT-management / ICT
Lezersrecensies
Wees de eerste die een lezersrecensie schrijft!
Inhoudsopgave
Preface
What’s In This Book?
Who Is This Book For?
Conventions Used in This Book
Using Code Examples
O’Reilly Safari
How to Contact Us
Acknowledgments
1. Why Machine Learning and Security?
Cyber Threat Landscape
The Cyber Attacker’s Economy
A Marketplace for Hacking Skills
Indirect Monetization
The Upshot
What Is Machine Learning?
What Machine Learning Is Not
Adversaries Using Machine Learning
Real-World Uses of Machine Learning in Security
Spam Fighting: An Iterative Approach
Limitations of Machine Learning in Security
2. Classifying and Clustering
Machine Learning: Problems and Approaches
Machine Learning in Practice: A Worked Example
Training Algorithms to Learn
Model Families
Loss Functions
Optimization
Supervised Classification Algorithms
Logistic Regression
Decision Trees
Decision Forests
Support Vector Machines
Naive Bayes
k-Nearest Neighbors
Neural Networks
Practical Considerations in Classification
Selecting a Model Family
Training Data Construction
Feature Selection
Overfitting and Underfitting
Choosing Thresholds and Comparing Models
Clustering
Clustering Algorithms
Evaluating Clustering Results
Conclusion
3. Anomaly Detection
When to Use Anomaly Detection Versus Supervised Learning
Intrusion Detection with Heuristics
Data-Driven Methods
Feature Engineering for Anomaly Detection
Host Intrusion Detection
Network Intrusion Detection
Web Application Intrusion Detection
In Summary
Anomaly Detection with Data and Algorithms
Forecasting (Supervised Machine Learning)
Statistical Metrics
Goodness-of-Fit
Unsupervised Machine Learning Algorithms
Density-Based Methods
In Summary
Challenges of Using Machine Learning in Anomaly Detection
Response and Mitigation
Practical System Design Concerns
Optimizing for Explainability
Maintainability of Anomaly Detection Systems
Integrating Human Feedback
Mitigating Adversarial Effects
Conclusion
4. Malware Analysis
Understanding Malware
Defining Malware Classification
Malware: Behind the Scenes
Feature Generation
Data Collection
Generating Features
Feature Selection
From Features to Classification
How to Get Malware Samples and Labels
Conclusion
5. Network Traffic Analysis
Theory of Network Defense
Access Control and Authentication
Intrusion Detection
Detecting In-Network Attackers
Data-Centric Security
Honeypots
Summary
Machine Learning and Network Security
From Captures to Features
Threats in the Network
Botnets and You
Building a Predictive Model to Classify Network Attacks
Exploring the Data
Data Preparation
Classification
Supervised Learning
Semi-Supervised Learning
Unsupervised Learning
Advanced Ensembling
Conclusion
6. Protecting the Consumer Web
Monetizing the Consumer Web
Types of Abuse and the Data That Can Stop Them
Authentication and Account Takeover
Account Creation
Financial Fraud
Bot Activity
Supervised Learning for Abuse Problems
Labeling Data
Cold Start Versus Warm Start
False Positives and False Negatives
Multiple Responses
Large Attacks
Clustering Abuse
Example: Clustering Spam Domains
Generating Clusters
Scoring Clusters
Further Directions in Clustering
Conclusion
7. Production Systems
Defining Machine Learning System Maturity and Scalability
What’s Important for Security Machine Learning Systems?
Data Quality
Problem: Bias in Datasets
Problem: Label Inaccuracy
Solutions: Data Quality
Problem: Missing Data
Solutions: Missing Data
Model Quality
Problem: Hyperparameter Optimization
Solutions: Hyperparameter Optimization
Feature: Feedback Loops, A/B Testing of Models
Feature: Repeatable and Explainable Results
Performance
Goal: Low Latency, High Scalability
Performance Optimization
Horizontal Scaling with Distributed Computing Frameworks
Using Cloud Services
Maintainability
Problem: Checkpointing, Versioning, and Deploying Models
Goal: Graceful Degradation
Goal: Easily Tunable and Configurable
Monitoring and Alerting
Security and Reliability
Feature: Robustness in Adversarial Contexts
Feature: Data Privacy Safeguards and Guarantees
Feedback and Usability
Conclusion
8. Adversarial Machine Learning
Terminology
The Importance of Adversarial ML
Security Vulnerabilities in Machine Learning Algorithms
Attack Transferability
Attack Technique: Model Poisoning
Example: Binary Classifier Poisoning Attack
Attacker Knowledge
Defense Against Poisoning Attacks
Attack Technique: Evasion Attack
Example: Binary Classifier Evasion Attack
Defense Against Evasion Attacks
Conclusion
A: Supplemental Material for Chapter 2
More About Metrics
Size of Logistic Regression Models
Implementing the Logistic Regression Cost Function
Minimizing the Cost Function
B: Integrating Open Source Intelligence
Security Intelligence Feeds
Geolocation
Index
What’s In This Book?
Who Is This Book For?
Conventions Used in This Book
Using Code Examples
O’Reilly Safari
How to Contact Us
Acknowledgments
1. Why Machine Learning and Security?
Cyber Threat Landscape
The Cyber Attacker’s Economy
A Marketplace for Hacking Skills
Indirect Monetization
The Upshot
What Is Machine Learning?
What Machine Learning Is Not
Adversaries Using Machine Learning
Real-World Uses of Machine Learning in Security
Spam Fighting: An Iterative Approach
Limitations of Machine Learning in Security
2. Classifying and Clustering
Machine Learning: Problems and Approaches
Machine Learning in Practice: A Worked Example
Training Algorithms to Learn
Model Families
Loss Functions
Optimization
Supervised Classification Algorithms
Logistic Regression
Decision Trees
Decision Forests
Support Vector Machines
Naive Bayes
k-Nearest Neighbors
Neural Networks
Practical Considerations in Classification
Selecting a Model Family
Training Data Construction
Feature Selection
Overfitting and Underfitting
Choosing Thresholds and Comparing Models
Clustering
Clustering Algorithms
Evaluating Clustering Results
Conclusion
3. Anomaly Detection
When to Use Anomaly Detection Versus Supervised Learning
Intrusion Detection with Heuristics
Data-Driven Methods
Feature Engineering for Anomaly Detection
Host Intrusion Detection
Network Intrusion Detection
Web Application Intrusion Detection
In Summary
Anomaly Detection with Data and Algorithms
Forecasting (Supervised Machine Learning)
Statistical Metrics
Goodness-of-Fit
Unsupervised Machine Learning Algorithms
Density-Based Methods
In Summary
Challenges of Using Machine Learning in Anomaly Detection
Response and Mitigation
Practical System Design Concerns
Optimizing for Explainability
Maintainability of Anomaly Detection Systems
Integrating Human Feedback
Mitigating Adversarial Effects
Conclusion
4. Malware Analysis
Understanding Malware
Defining Malware Classification
Malware: Behind the Scenes
Feature Generation
Data Collection
Generating Features
Feature Selection
From Features to Classification
How to Get Malware Samples and Labels
Conclusion
5. Network Traffic Analysis
Theory of Network Defense
Access Control and Authentication
Intrusion Detection
Detecting In-Network Attackers
Data-Centric Security
Honeypots
Summary
Machine Learning and Network Security
From Captures to Features
Threats in the Network
Botnets and You
Building a Predictive Model to Classify Network Attacks
Exploring the Data
Data Preparation
Classification
Supervised Learning
Semi-Supervised Learning
Unsupervised Learning
Advanced Ensembling
Conclusion
6. Protecting the Consumer Web
Monetizing the Consumer Web
Types of Abuse and the Data That Can Stop Them
Authentication and Account Takeover
Account Creation
Financial Fraud
Bot Activity
Supervised Learning for Abuse Problems
Labeling Data
Cold Start Versus Warm Start
False Positives and False Negatives
Multiple Responses
Large Attacks
Clustering Abuse
Example: Clustering Spam Domains
Generating Clusters
Scoring Clusters
Further Directions in Clustering
Conclusion
7. Production Systems
Defining Machine Learning System Maturity and Scalability
What’s Important for Security Machine Learning Systems?
Data Quality
Problem: Bias in Datasets
Problem: Label Inaccuracy
Solutions: Data Quality
Problem: Missing Data
Solutions: Missing Data
Model Quality
Problem: Hyperparameter Optimization
Solutions: Hyperparameter Optimization
Feature: Feedback Loops, A/B Testing of Models
Feature: Repeatable and Explainable Results
Performance
Goal: Low Latency, High Scalability
Performance Optimization
Horizontal Scaling with Distributed Computing Frameworks
Using Cloud Services
Maintainability
Problem: Checkpointing, Versioning, and Deploying Models
Goal: Graceful Degradation
Goal: Easily Tunable and Configurable
Monitoring and Alerting
Security and Reliability
Feature: Robustness in Adversarial Contexts
Feature: Data Privacy Safeguards and Guarantees
Feedback and Usability
Conclusion
8. Adversarial Machine Learning
Terminology
The Importance of Adversarial ML
Security Vulnerabilities in Machine Learning Algorithms
Attack Transferability
Attack Technique: Model Poisoning
Example: Binary Classifier Poisoning Attack
Attacker Knowledge
Defense Against Poisoning Attacks
Attack Technique: Evasion Attack
Example: Binary Classifier Evasion Attack
Defense Against Evasion Attacks
Conclusion
A: Supplemental Material for Chapter 2
More About Metrics
Size of Logistic Regression Models
Implementing the Logistic Regression Cost Function
Minimizing the Cost Function
B: Integrating Open Source Intelligence
Security Intelligence Feeds
Geolocation
Index
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan
