Machine learning techniques have been gaining significant traction in a variety of industries in recent years, and the security industry is no exception to it's influence. These techniques, when applied correctly, can help assist in many data driven tasks to provide interesting insights and decision recommendations to analyst. While these techniques can be powerful, for the researchers and analyst who are not well versed in machine learning, there can exist a gap in understanding that may prevent them from looking at and applying these tools to problems machine learning techniques could assist with.
The goal of this presentation is to help researchers, analyst, and security enthusiast get their hands dirty applying machine learning to security problems. We will walk the entire pipeline from idea to functioning tool on several diverse security related problems, including offensive and defensive use cases for machine learning. Through these examples and demonstrations, we will be able to explain in a very concrete fashion every step involved to tie in machine learning to the specified problem. In addition, we will be releasing every tool built, along with source code and related datasets, to enable those in attendance to reproduce the research and examples on their own. Machine learning based tools that will be released with this talk include an advanced obfuscation tool for data exfiltration, a network mapper, and command and control panel identification module.
Matt Wolff is a computer scientist with a research focus on the areas of datascience, machine learning, and information security. He leads the research andengineering efforts for Cylance's artificial intelligence technologies toimprove the security of computing systems. A 10-year veteran of the fields ofAI and security, he was previously a member of the NSA's TAO group, and wasawarded a fellowship from the US Department of Defense to research thecapabilities of machine learning and its impact in the security domain. Heholds several granted patents, has published academic papers and presented atvarious conferences in the security and AI space. Matt has a Master of Sciencedegree in Computer Science from Georgia Tech.
Brian Wallace is a security researcher at Cylance with experience in softwareengineering, reverse engineering, malware analysis, vulnerability research,cryptography, and more. As the primary researcher responsible for exposing thethreat actor behind Operation Cleaver, he also has experience as a threatactor investigator. Brian additionally works on non-traditional methods todissuade threat actors from their targets. He regularly builds tools to solveproblems and automate solutions, which are commonly published as open sourcetools. One of these tools, bamfdetect, statically identifies botnet malwaresamples, and attempts to extract their configuration details from them,allowing for quick and clean identification of command and control servers.
Xuan Zhao is a Data Scientist at Cylance, where she explores AI relatedresearch topics and their application to the computer security space. Herspecific research include advanced machine learning topics, including work inthe deep learning space. She is a member of several conference committees andhas 10+ publications in top-ranked journals and international conferences.Xuan holds a PhD in Electrical and Computer Engineering from CornellUniversity.