The good, the bad and the ugly of using machine learning for attack detection and response

Luke Jennings, MWR InfoSecurity

Machine learning often accompanies grand promises by vendors of its capabilities for attack detection. While it can be useful when used selectively, much like every technology that has come before it, it is not a silver bullet.

We’ll introduce the general concepts of machine learning and the common pitfalls faced when applying machine learning to real-world scenarios. This includes practical examples of strategies for solving attack detection problems, and the difficulties encountered in an enterprise environment.

We’ll give real-world examples from Countercept’s experience of using machine learning techniques in practice as a component of a larger attack detection capability set.

Required audience experience: Prior experience in enterprise technology or security. No prior machine learning experience required.

Objective of the talk:

  • Understand how machine learning works
  • Learn how we can apply machine learning to practical attack detection
  • Understand the many limitations that apply to using machine learning and the importance of human expertise in the process

Keywords: Security, attack detection, enterprise

Track 3
Location: Date: October 10, 2017 Time: 2:20 pm - 3:05 pm Luke Jennings, MWR InfoSecurity Luke Jennings, MWR InfoSecurity