Machine learning is currently receiving a lot of attention in network security. There are many start-ups and existing companies that claim they use it in their solutions; yet, few details are shared on why or how it works. So, is machine learning a potential solution or all hype? The answer depends on the problem.
In this talk we will demonstrate how machine learning can be leveraged to solve a set of practical network security problems. However, we will also discuss its limitations and show how it can fail. The focus of the talk will be on applying both supervised and unsupervised learning to problems in network security. Case studies of real machine learning systems will be used to illustrate some of the issues faced by practitioners and provide practical techniques that can be used to mitigate many of them.
Terry Nelms is the Director of Research at Damballa. His current research interests include the statistical analysis of network traffic, the network behavior of malware, and applying machine learning to identify network threats. Before joining Damballa, he spent nine years in IBM ISS X-Force Research inventing, designing, and developing protection technologies. His research has produced new security products, patents, and publications in top academic conferences. He holds a B.S. and M.S. in Information Systems and is currently a Ph.D. candidate in Computer Science at the Georgia Institute of Technology.