Applied Machine learning for data exfiltration and other fun topics
The goal of this presentation is to help researchers, analyst, and security enthusiast get their hands dirty applying machine learning to security problems. We will walk the entire pipeline from idea to functioning tool on several diverse security related problems, including offensive and defensive use cases for machine learning. Through these examples and demonstrations, we will be able to explain in a very concrete fashion every step involved to tie in machine learning to the specified problem. In addition, we will be releasing every tool built, along with source code and related datasets, to enable those in attendance to reproduce the research and examples on their own. Machine learning based tools that will be released with this talk include an advanced obfuscation tool for data exfiltration, a network mapper, and command and control panel identification module.
Speakers
Matt Wolff
Matt Wolff is a computer scientist with a research focus on the areas of data science, machine learning, and information security. He leads the research and engineering efforts for Cylance's artificial intelligence technologies to improve the security of computing systems. A 10-year veteran of the fields of AI and security, he was previously a member of the NSA's TAO group, and was awarded a fellowship from the US Department of Defense to research the capabilities of machine learning and its impact in the security domain. He holds several granted patents, has published academic papers and presented at various conferences in the security and AI space. Matt has a Master of Science degree in Computer Science from Georgia Tech.
Brian Wallace
Brian Wallace is a security researcher at Cylance with experience in software engineering, reverse engineering, malware analysis, vulnerability research, cryptography, and more. As the primary researcher responsible for exposing the threat actor behind Operation Cleaver, he also has experience as a threat actor investigator. Brian additionally works on non-traditional methods to dissuade threat actors from their targets. He regularly builds tools to solve problems and automate solutions, which are commonly published as open source tools. One of these tools, bamfdetect, statically identifies botnet malware samples, and attempts to extract their configuration details from them, allowing for quick and clean identification of command and control servers.
Xuan Zhao
Xuan Zhao is a Data Scientist at Cylance, where she explores AI related research topics and their application to the computer security space. Her specific research include advanced machine learning topics, including work in the deep learning space. She is a member of several conference committees and has 10+ publications in top-ranked journals and international conferences. Xuan holds a PhD in Electrical and Computer Engineering from Cornell University.
Detailed Presentation:
(Source: Black Hat USA 2016, Las Vegas)
Comments