[Dailydave] Machine Learning and Dimensions and stuff

Dave Aitel dave at immunityinc.com
Thu Nov 20 13:16:39 EST 2014


Dmitri pointed me at the above talk which is essentially a good
specialized 101-level lecture on how machine learning works in the
security space.

There's not much to criticize in the talk! (It has a lot of the features
of El Jefe!) They use a real graph database to run their algorithms
against process trees - but if you wanted to heckle you'd ask "Doesn't
the CreateProcess() system call also take "parent process" as an
argument? What IS the rate of false positives? Because if you can't get
it down to basically 0 then you are essentially wasting your time? etc." :>

But again, nobody asked any hard questions - and while the talk nibbled
around the edges of the tradeoffs with using machine learning techniques
on this kind of data, it didn't go into any depth at all about which
ones they've tried and failed at. It's a technical talk, but it's not a
DETAILED talk in the sense of "Here's some outliers that show us where
we fail and where we succeed and perhaps why".

That said, if you don't have a plan to do this sort of thing, then
you're probably failing at some level, so worth a watch. :>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20141120/69012072/attachment.sig>

More information about the Dailydave mailing list