Presentation is loading. Please wait.

Presentation is loading. Please wait.

Machine Learning for Computer Security

Published byEthan Lawrence Modified over 6 years ago

Similar presentations

Presentation on theme: "Machine Learning for Computer Security"— Presentation transcript:

1 Machine Learning for Computer Security
What you will learn …. Current problems of computer security Detection and prevention of unknown attacks Large-scale analysis of security data, e.g. malware Development of “intelligent” defenses Machine learning as a tool for tacking Key concepts of learning theory Unsupervised and supervised learning algorithms Features and feature spaces

2 Module Contents Introduction to probabilistic learning Learning theory
Feature design Decision trees Neural networks Support Vector Machines Clustering and classification of malware Learning-based anomaly and intrusion detection methods Special topics on security

3 What you will need … Knowledge in core computer science
Computer security and operating systems Network communication and protocols Basic knowledge of: Probability Statistics Linear algebra Optimization The “Hacker Spirit” Eagerness to understand how things work Some endurance, if things get tricky

4 Machine Learning Machine learning = Branch of Artificial Intelligence
No science fiction please! We are talking algorithms

5 Machine Learning Theory and practice of making computers learn
Automatic inference of dependencies from data Generalization of dependencies; ↯ not simple memorization Application of learned dependencies to unseen data Example: Palm print recognition Dependencies: biometric data identity

6 Hurdles for Learning Computer security not the usual learning domain
Semantic gaps → what is actually learned? Operational constraints → what do errors cost? Need for transparency → why does the system work? Unfortunate divergence of research objectives Defense Defense Learning Learning Threats Threats Learning community Security community

7 A Particular Example Spam blocker
Sort incoming messages on an account according to two classes: Spam or Valid messages Steps: Preprocessing (segmentation) Feature extraction (measure features or properties) Classification (make final decision)

8 Figure 1.1 “valid message” “spam”

9 Histograms We decide to use “message subject” as the first feature.
Classification is then easy: Decide Valid Message if length l < l* Decide Spam if length l > l* (l* : critical threshold) Some features may give poor results. Part of the design of pattern recognition systems is to find the right features to discriminate between classes. What if we try number of hyperlinks in the message?

10 Figure 1.2 valid message spam count length 5 10 15 20 25 ℎ ∗ 22 20 18
16 12 10 8 6 4 2 length 5 10 15 20 25 ℎ ∗

11 Figure 1.3 valid message spam ℎ ∗ 14 12 10 8 6 4 2 2 10 4 6 8 count
number of hyperlinks 2 10 4 6 8 ℎ ∗

12 Decision Theory Most times we assume “symmetry” in the cost.
(e.g., it is as bad to misclassify spam as valid messages). That is not always the case: Case 1. Case 2. Spam message in the inbox X Work in the spam folder

13 Decision Boundary We will normally deal with several features at a time. An object will be represented as a feature vector X = x1 x2 Our problem then is to separate the space of feature values into a set of regions corresponding to the number of classes. The separating boundary is called the decision boundary.

14 Figure 1.4 length valid message spam number of hyperlinks 22 21 20 19
18 17 16 15 number of hyperlinks 14 2 4 6 8 10

15 Generalization The main goal of pattern classification is as follows:
To generalize or suggest the class or action of objects as yet unseen. Some complex decision boundaries are not good at generalization. Some simple boundaries are not good either. One must look for a tradeoff between performance and complexity This is at the core of statistical learning theory

16 Figure 1.5 length valid message spam number of hyperlinks 22 21 20 19
18 17 16 15 number of hyperlinks 14 2 4 6 8 10

17 Figure 1.6 length valid message spam number of hyperlinks 22 14 21 20
19 18 17 16 15 2 10 4 6 8 valid message spam number of hyperlinks

18 Related Fields Image processing Input: image; output: image.
Associative memory Input: pattern: output: pattern representative of groups of patterns Regression Predict values for new input (e.g., linear regression) Interpolation Predict the function for ranges of input Density estimation Estimate the probability density of input members

19 The Connection to Learning and Adaptation
Computer Learning Algorithm Class of Tasks T Performance P Experience E Supervised learning Unsupervised learning Reinforcement learning

20 References Material taken from: Chapters 1 and 2:
Pattern Classification by Duda, Hart and Stork, 2nd Edition Wiley-Interscience

Download ppt "Machine Learning for Computer Security"

Similar presentations

Chapter 1: Introduction to Pattern Recognition

Chapter 1: Introduction to Pattern Recognition
LEARNING FROM OBSERVATIONS Yılmaz KILIÇASLAN. Definition Learning takes place as the agent observes its interactions with the world and its own decision-making.

LEARNING FROM OBSERVATIONS Yılmaz KILIÇASLAN. Definition Learning takes place as the agent observes its interactions with the world and its own decision-making.
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John.

Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John.
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.

Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.

Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.
INTRODUCTION TO Machine Learning 3rd Edition

INTRODUCTION TO Machine Learning 3rd Edition
Introduction to machine learning

Introduction to machine learning
Machine Learning Usman Roshan Dept. of Computer Science NJIT.

Machine Learning Usman Roshan Dept. of Computer Science NJIT.
CS 60050 Machine Learning. What is Machine Learning? Adapt to / learn from data  To optimize a performance function Can be used to:  Extract knowledge.

CS Machine Learning. What is Machine Learning? Adapt to / learn from data  To optimize a performance function Can be used to:  Extract knowledge.
General Information Course Id: COSC6342 Machine Learning Time: MO/WE 2:30-4p Instructor: Christoph F. Eick Classroom:SEC 201

General Information Course Id: COSC6342 Machine Learning Time: MO/WE 2:30-4p Instructor: Christoph F. Eick Classroom:SEC 201
Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.

Pattern Classification All materials in these slides were taken from Pattern Classification (2nd ed) by R. O. Duda, P. E. Hart and D. G. Stork, John Wiley.
嵌入式視覺 Pattern Recognition for Embedded Vision Template matching Statistical / Structural Pattern Recognition Neural networks.

嵌入式視覺 Pattern Recognition for Embedded Vision Template matching Statistical / Structural Pattern Recognition Neural networks.
Introduction Mohammad Beigi Department of Biomedical Engineering Isfahan University

Introduction Mohammad Beigi Department of Biomedical Engineering Isfahan University
Introduction to Pattern Recognition Charles Tappert Seidenberg School of CSIS, Pace University.

Introduction to Pattern Recognition Charles Tappert Seidenberg School of CSIS, Pace University.
240-572: Chapter 1: Introduction 1 Montri Karnjanadecha ac.th/~montri 240-650 Principles of Pattern Recognition.

: Chapter 1: Introduction 1 Montri Karnjanadecha ac.th/~montri Principles of Pattern Recognition.
Chapter 4 CONCEPTS OF LEARNING, CLASSIFICATION AND REGRESSION Cios / Pedrycz / Swiniarski / Kurgan.

Chapter 4 CONCEPTS OF LEARNING, CLASSIFICATION AND REGRESSION Cios / Pedrycz / Swiniarski / Kurgan.
COMP3503 Intro to Inductive Modeling

COMP3503 Intro to Inductive Modeling
General Information Course Id: COSC6342 Machine Learning Time: TU/TH 10a-11:30a Instructor: Christoph F. Eick Classroom:AH123

General Information Course Id: COSC6342 Machine Learning Time: TU/TH 10a-11:30a Instructor: Christoph F. Eick Classroom:AH123
Classification. An Example (from Pattern Classification by Duda & Hart & Stork – Second Edition, 2001)

Classification. An Example (from Pattern Classification by Duda & Hart & Stork – Second Edition, 2001)
Perception Introduction Pattern Recognition Image Formation

Perception Introduction Pattern Recognition Image Formation

Similar presentations

Ads by Google