<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div><div>We need to work from both ends: increasing the cost to the adversary, e.g. by having them deplete their access to workable exploits, and by decreasing the cost of discovery to the defender. (This only considers the costs of the arms race, not the cost of mitigating a breach.)</div><div><br></div><div>Machine Learning allows us to algorithmically compute a large set of complex rules that are optimal to some loss function. If we can detect more True Positives with fewer False Positives by using such an empirical model compared to heuristically defined rules, then that is added value. That does not mean one should not use any rules that encode specific knowledge from subject matter experts. There are always trade-offs to be made.</div><div><br></div><div>There is also a time-based asymmetry. If an adversary has months worth of time to craft an attack while the defender’s systems must be able to decide within milliseconds (e.g. AV) or using a few hours worth of data, then the defender has a disadvantage. That’s where ML can help as well by looking at larger timeframes that are exceeding what a human analyst can review at a time.</div><div><br></div><div>To go back to your project, Dave: if there’s a single fight, you likely won’t need a TensorFlow-based BJJ judge. Once you’re in a situation where there are too many fights to keep track of with individual human judges, then an ML scoring judge becomes appealing. It would become even more appealing if a judge e.g. would need to deliberate for an hour after a fight (the time-based asymmetry from above).</div><div><br></div><div><div id="MAC_OUTLOOK_SIGNATURE"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div>-- </div><div><div><span style="font-size: 12px;">Sven Krasser, Ph.D.</span></div><div><span style="font-size: 12px;">Chief Scientist, CrowdStrike, Inc.</span></div><div><span style="font-size: 12px;"><a href="http://www.crowdstrike.com">http://www.crowdstrike.com</a> | <a href="http://tinyurl.com/cs-svenk">http://tinyurl.com/cs-svenk</a></span></div></div></div></div></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> <<a href="mailto:dailydave-bounces@lists.immunityinc.com">dailydave-bounces@lists.immunityinc.com</a>> on behalf of Dave Aitel <<a href="mailto:dave.aitel@gmail.com">dave.aitel@gmail.com</a>><br><span style="font-weight:bold">Date: </span> Friday, April 1, 2016 at 10:35 AM<br><span style="font-weight:bold">To: </span> "<a href="mailto:dailydave@lists.immunityinc.com">dailydave@lists.immunityinc.com</a>" <<a href="mailto:dailydave@lists.immunityinc.com">dailydave@lists.immunityinc.com</a>><br><span style="font-weight:bold">Subject: </span> [Dailydave] Assymetry<br></div><div><br></div><blockquote id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE" style="BORDER-LEFT: #b5c4df 5 solid; PADDING:0 0 0 5; MARGIN:0 0 0 5;"><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div><div dir="ltr">One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure).
<div><br></div><div>Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at that rate?</div><div><br></div><div>But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?)</div><div><br></div><div>-dave</div><div><br></div></div></div></div></blockquote></span></body></html>