Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk, I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
Speaker
Raffael Marty
Raffael Marty is vice president of corporate strategy at Forcepoint. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research and strategy to the company. Marty provides strategic company growth counsel and guidance and is responsible for how Forcepoint creates value across the Human Point System of products. Prior to Forcepoint, Marty ran security analytics for Sophos, a leading endpoint and network security company, launched pixlcloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data and visualization. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events. Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.
Detailed Presentation:
(Source: Black Hat USA 2018, Las Vegas)
Comments