Machine Learning and Security. Protecting Systems with Data and Algorithms - Helion

ebook

Autor: Clarence Chio, David Freeman
ISBN: 978-14-919-7985-3
stron: 386, Format: ebook
Data wydania: 2018-01-26
Księgarnia: Helion

Cena książki: 186,15 zł (poprzednio: 216,45 zł)
Oszczędzasz: 14% (-30,30 zł)

Osoby, które kupiły tę książkę, wybierały także »

Can machine learning techniques solve our computer security problems and finally put an end to the cat-and-mouse game between attackers and defenders? Or is this hope merely hype? Now you can dive into the science and answer this question for yourself! With this practical guide, you’ll explore ways to apply machine learning to security issues such as intrusion detection, malware classification, and network analysis.

Machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems. This book is ideal for security engineers and data scientists alike.

Learn how machine learning has contributed to the success of modern spam filters
Quickly detect anomalies, including breaches, fraud, and impending system failure
Conduct malware analysis by extracting useful information from computer binaries
Uncover attackers within the network by finding patterns inside datasets
Examine how attackers exploit consumer-facing websites and app functionality
Translate your machine learning algorithms from the lab to production
Understand the threat attackers pose to machine learning solutions

Osoby które kupowały "Machine Learning and Security. Protecting Systems with Data and Algorithms", wybierały także:

Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)

Spis treści

Machine Learning and Security. Protecting Systems with Data and Algorithms eBook -- spis treści

Preface
- Whats In This Book?
- Who Is This Book For?
- Conventions Used in This Book
- Using Code Examples
- OReilly Safari
- How to Contact Us
- Acknowledgments
1. Why Machine Learning and Security?
- Cyber Threat Landscape
- The Cyber Attackers Economy
  - A Marketplace for Hacking Skills
  - Indirect Monetization
  - The Upshot
- What Is Machine Learning?
  - What Machine Learning Is Not
  - Adversaries Using Machine Learning
- Real-World Uses of Machine Learning in Security
- Spam Fighting: An Iterative Approach
- Limitations of Machine Learning in Security
2. Classifying and Clustering
- Machine Learning: Problems and Approaches
- Machine Learning in Practice: A Worked Example
- Training Algorithms to Learn
  - Model Families
  - Loss Functions
  - Optimization
    - Example: Gradient descent
    - Which optimization algorithm?
- Supervised Classification Algorithms
  - Logistic Regression
  - Decision Trees
  - Decision Forests
  - Support Vector Machines
  - Naive Bayes
  - k-Nearest Neighbors
  - Neural Networks
- Practical Considerations in Classification
  - Selecting a Model Family
  - Training Data Construction
    - Unbalanced data
    - Missing features
    - Large events
    - Attacker evolution
  - Feature Selection
  - Overfitting and Underfitting
  - Choosing Thresholds and Comparing Models
- Clustering
  - Clustering Algorithms
    - Grouping
    - k-means
    - Hierarchical clustering
    - Locality-sensitive hashing
    - k-d trees
    - DBSCAN
  - Evaluating Clustering Results
- Conclusion
3. Anomaly Detection
- When to Use Anomaly Detection Versus Supervised Learning
- Intrusion Detection with Heuristics
- Data-Driven Methods
- Feature Engineering for Anomaly Detection
  - Host Intrusion Detection
    - osquery
  - Network Intrusion Detection
    - Deep packet inspection
    - Features for network intrusion detection
  - Web Application Intrusion Detection
  - In Summary
- Anomaly Detection with Data and Algorithms
  - Forecasting (Supervised Machine Learning)
    - ARIMA
    - Artificial neural networks
    - Summary
  - Statistical Metrics
    - Median absolute deviation
    - Grubbs outlier test
    - Summary
  - Goodness-of-Fit
    - Elliptic envelope fitting (covariance estimate fitting)
  - Unsupervised Machine Learning Algorithms
    - One-class support vector machines
    - Isolation forests
  - Density-Based Methods
    - Local outlier factor
  - In Summary
- Challenges of Using Machine Learning in Anomaly Detection
- Response and Mitigation
- Practical System Design Concerns
  - Optimizing for Explainability
    - Performance and scalability in real-time streaming applications
  - Maintainability of Anomaly Detection Systems
  - Integrating Human Feedback
  - Mitigating Adversarial Effects
- Conclusion
4. Malware Analysis
- Understanding Malware
  - Defining Malware Classification
    - Machine learning in malware classification
  - Malware: Behind the Scenes
    - The malware economy
    - Modern code execution processes
      - Compiled code execution
      - Interpreted code execution
    - Typical malware attack flow
- Feature Generation
  - Data Collection
  - Generating Features
    - Android malware analysis
      - Structural analysis
      - Static analysis
      - Behavioral (dynamic) analysis
      - Debugging
      - Dynamic instrumentation
      - Summary
  - Feature Selection
    - Unsupervised feature learning and deep learning
- From Features to Classification
  - How to Get Malware Samples and Labels
- Conclusion
5. Network Traffic Analysis
- Theory of Network Defense
  - Access Control and Authentication
  - Intrusion Detection
  - Detecting In-Network Attackers
  - Data-Centric Security
  - Honeypots
  - Summary
- Machine Learning and Network Security
  - From Captures to Features
  - Threats in the Network
    - Passive attacks
    - Active attacks
  - Botnets and You
    - The importance of understanding botnets
    - How do botnets work?
- Building a Predictive Model to Classify Network Attacks
  - Exploring the Data
  - Data Preparation
  - Classification
  - Supervised Learning
    - Class imbalance
  - Semi-Supervised Learning
  - Unsupervised Learning
  - Advanced Ensembling
- Conclusion
6. Protecting the Consumer Web
- Monetizing the Consumer Web
- Types of Abuse and the Data That Can Stop Them
  - Authentication and Account Takeover
    - Features used to classify login attempts
    - Building your classifier
  - Account Creation
    - Velocity features
    - Reputation scores
  - Financial Fraud
  - Bot Activity
    - Labeling and metrics
- Supervised Learning for Abuse Problems
  - Labeling Data
  - Cold Start Versus Warm Start
  - False Positives and False Negatives
  - Multiple Responses
  - Large Attacks
- Clustering Abuse
  - Example: Clustering Spam Domains
  - Generating Clusters
    - Grouping
    - Locality-sensitive hashing
    - k-means
  - Scoring Clusters
    - Labeling
    - Feature extraction
    - Classification
- Further Directions in Clustering
- Conclusion
7. Production Systems
- Defining Machine Learning System Maturity and Scalability
  - Whats Important for Security Machine Learning Systems?
- Data Quality
  - Problem: Bias in Datasets
  - Problem: Label Inaccuracy
  - Solutions: Data Quality
  - Problem: Missing Data
  - Solutions: Missing Data
- Model Quality
  - Problem: Hyperparameter Optimization
  - Solutions: Hyperparameter Optimization
  - Feature: Feedback Loops, A/B Testing of Models
  - Feature: Repeatable and Explainable Results
    - Generating explanations with LIME
- Performance
  - Goal: Low Latency, High Scalability
  - Performance Optimization
  - Horizontal Scaling with Distributed Computing Frameworks
  - Using Cloud Services
- Maintainability
  - Problem: Checkpointing, Versioning, and Deploying Models
  - Goal: Graceful Degradation
  - Goal: Easily Tunable and Configurable
- Monitoring and Alerting
- Security and Reliability
  - Feature: Robustness in Adversarial Contexts
  - Feature: Data Privacy Safeguards and Guarantees
- Feedback and Usability
- Conclusion
8. Adversarial Machine Learning
- Terminology
- The Importance of Adversarial ML
- Security Vulnerabilities in Machine Learning Algorithms
  - Attack Transferability
- Attack Technique: Model Poisoning
  - Example: Binary Classifier Poisoning Attack
  - Attacker Knowledge
  - Defense Against Poisoning Attacks
- Attack Technique: Evasion Attack
  - Example: Binary Classifier Evasion Attack
  - Defense Against Evasion Attacks
- Conclusion
A. Supplemental Material for Chapter 2
- More About Metrics
- Size of Logistic Regression Models
- Implementing the Logistic Regression Cost Function
- Minimizing the Cost Function
B. Integrating Open Source Intelligence
- Security Intelligence Feeds
- Geolocation
Index