Some of the most innovative approaches to cybersecurity still depend largely on human analysts. With the growing sophistication and volume of cyber threats, it is simply too difficult for analysts to keep pace. Machine learning is all about having an algorithm learn from the data rather than having a human encode the logic. Along with machine learning comes new cybersecurity threats. While artificial intelligence (AI) and machine learning (ML) have been transforming various fields of human activity for some time now, their full transformative potential is yet to be realized.

In this talk we will present some techniques that we use on a day to day basis in our research, where we combine our internet-wide data scanning and acquisition platform with ML/Data science techniques which allows us to find things faster or extract results in a more automated way. We will focus on practical cases and examples that even our audience at home will be able to use if they want. A couple of examples we will look at is how to classify images such as VNC screenshots, we will look at network scans and using machine learning to classify them and also the use of natural language processing to analyze CVEs. We will also talk a bit about a data analysis and classification pipeline architecture, we will look at the different technologies and what they do and how they can be used. We will start by giving a very brief entry to the data science world and talk about: Technologies Techniques How these relate to infosec Algorithms and how they can be used How people can come into the world of data and machine learning Data visualization techniques and what are the best choices for different types of data A couple of examples we will look at is how to classify images such as VNC or x11 screenshots, OCR, we will look at network scans and using machine learning to classify them and also the use of natural language processing to analyze CVEs.

They continue, "(2) Speed and Scale Matter. In order to analyze, swiftly and accurately, billions of events in real-time, machine learning models require a level of computational power and scalability that cannot be accomplished using old-school on-premise architecture and conventional database methods. Cloud-based architectures can significantly augment the efficacy of machine learning. Algorithms can be infused with the collective knowledge of a crowdsourced community where threat intelligence is aggregated and updated instantly. Identified attacks can then be turned into a new detection and learned by the algorithm, and shared with others within the cloud network to prevent the attack – sending the bad actors back to the drawing board."