Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself. With this practical guide, you’ll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.

Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.

• Learn how machine learning has contributed to the success of modern spam filters
• Quickly detect anomalies, including breaches, fraud, and impending system failure
• Conduct malware analysis by extracting useful information from computer binaries
• Uncover attackers within the network by finding patterns inside datasets
• Examine how attackers exploit consumer-facing websites and app functionality
• Translate your machine learning algorithms from the lab to production
• Understand the threat attackers pose to machine learning solutions

What’s In This Book?

We wrote this book to provide a framework for discussing the inevitable marriage of two ubiquitous concepts: machine learning and security. While there is some literature on the intersection of these subjects (and multiple conference workshops: CCS’s AISec, AAAI’s AICS, and NIPS’s Machine Deception), most of the existing work is academic or theoretical. In particular, we did not find a guide that provides concrete, worked examples with code that can educate security practitioners about data science and help machine learning practitioners think about modern security problems effectively.

In examining a broad range of topics in the security space, we provide examples of how machine learning can be applied to augment or replace rule-based or heuristic solutions to problems like intrusion detection, malware classification, or network analysis. In addition to exploring the core machine learning algorithms and techniques, we focus on the challenges of building maintainable, reliable, and scalable data mining systems in the security space. Through worked examples and guided discussions, we show you how to think about data in an adversarial environment and how to identify the important signals that can get drowned out by noise.

Who Is This Book For?

If you are working in the security field and want to use machine learning to improve your systems, this book is for you. If you have worked with machine learning and now want to use it to solve security problems, this book is also for you.

We assume you have some basic knowledge of statistics; most of the more complex math can be skipped upon your first reading without losing the concepts. We also assume familiarity with a programming language. Our examples are in Python and we provide references to the Python packages required to implement the concepts we discuss, but you can implement the same concepts using open source libraries in Java, Scala, C++, Ruby, and many other languages.

About the Author

Clarence Chio is an engineer and entrepreneur who has given talks, workshops, and training courses on machine learning and security at DEF CON and other security/software engineering conferences and meetups across more than a dozen countries. He was previously a member of the security research team at Shape Security, a community speaker with Intel, and a security consultant for Oracle. Clarence advises a handful of startups on security data science, and is the founder and organizer of the Data Mining for Cyber Security meetup group, the largest gathering of security data scientists in the San Francisco Bay area. He holds a BS and MS in computer science from Stanford University, specializing in data mining and artificial intelligence.

David Freeman is a research scientist/engineer at Facebook working on spam and abuse problems. He previously led anti-abuse engineering and data science teams at LinkedIn, where he built statistical models to detect fraud and abuse and worked with the larger machine learning community at LinkedIn to build scalable modeling and scoring infrastructure. He is an author, presenter, and organizer at international conferences on machine learning and security, such as NDSS, WWW, and AISec, and has published more than twenty academic papers on mathematical and statistical aspects of computer security. He holds a PhD in mathematics from UC Berkeley and did postdoctoral research in cryptography and security at CWI and Stanford University.