[Dailydave] Assymetry

Sven Krasser sven at crowdstrike.com
Fri Apr 1 15:37:15 EDT 2016


We need to work from both ends: increasing the cost to the adversary, e.g. by having them deplete their access to workable exploits, and by decreasing the cost of discovery to the defender. (This only considers the costs of the arms race, not the cost of mitigating a breach.)

Machine Learning allows us to algorithmically compute a large set of complex rules that are optimal to some loss function. If we can detect more True Positives with fewer False Positives by using such an empirical model compared to heuristically defined rules, then that is added value. That does not mean one should not use any rules that encode specific knowledge from subject matter experts. There are always trade-offs to be made.

There is also a time-based asymmetry. If an adversary has months worth of time to craft an attack while the defender’s systems must be able to decide within milliseconds (e.g. AV) or using a few hours worth of data, then the defender has a disadvantage. That’s where ML can help as well by looking at larger timeframes that are exceeding what a human analyst can review at a time.

To go back to your project, Dave: if there’s a single fight, you likely won’t need a TensorFlow-based BJJ judge. Once you’re in a situation where there are too many fights to keep track of with individual human judges, then an ML scoring judge becomes appealing. It would become even more appealing if a judge e.g. would need to deliberate for an hour after a fight (the time-based asymmetry from above).

-- 
Sven Krasser, Ph.D.
Chief Scientist, CrowdStrike, Inc.
http://www.crowdstrike.com | http://tinyurl.com/cs-svenk

From:  <dailydave-bounces at lists.immunityinc.com> on behalf of Dave Aitel <dave.aitel at gmail.com>
Date:  Friday, April 1, 2016 at 10:35 AM
To:  "dailydave at lists.immunityinc.com" <dailydave at lists.immunityinc.com>
Subject:  [Dailydave] Assymetry

One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure). 

Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at that rate?

But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?)

-dave


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160401/1f89dabf/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4363 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160401/1f89dabf/attachment.p7s>


More information about the Dailydave mailing list