Applied Machine Learning for Data Exfil and Other Fun Topics

Presented at Black Hat USA 2016, Aug. 3, 2016, 11:30 a.m. (50 minutes)

Machine learning techniques have been gaining significant traction in a variety of industries in recent years, and the security industry is no exception to it's influence. These techniques, when applied correctly, can help assist in many data driven tasks to provide interesting insights and decision recommendations to analyst. While these techniques can be powerful, for the researchers and analyst who are not well versed in machine learning, there can exist a gap in understanding that may prevent them from looking at and applying these tools to problems machine learning techniques could assist with.

The goal of this presentation is to help researchers, analyst, and security enthusiast get their hands dirty applying machine learning to security problems. We will walk the entire pipeline from idea to functioning tool on several diverse security related problems, including offensive and defensive use cases for machine learning. Through these examples and demonstrations, we will be able to explain in a very concrete fashion every step involved to tie in machine learning to the specified problem. In addition, we will be releasing every tool built, along with source code and related datasets, to enable those in attendance to reproduce the research and examples on their own. Machine learning based tools that will be released with this talk include an advanced obfuscation tool for data exfiltration, a network mapper, and command and control panel identification module.


Presenters:

  • Xuan Zhao - Cylance
    Xuan Zhao is a Data Scientist at Cylance, where she explores AI related research topics and their application to the computer security space. Her specific research include advanced machine learning topics, including work in the deep learning space. She is a member of several conference committees and has 10+ publications in top-ranked journals and international conferences. Xuan holds a PhD in Electrical and Computer Engineering from Cornell University.
  • Brian Wallace - Cylance
    Brian Wallace is a security researcher at Cylance with experience in software engineering, reverse engineering, malware analysis, vulnerability research, cryptography, and more. As the primary researcher responsible for exposing the threat actor behind Operation Cleaver, he also has experience as a threat actor investigator. Brian additionally works on non-traditional methods to dissuade threat actors from their targets. He regularly builds tools to solve problems and automate solutions, which are commonly published as open source tools. One of these tools, bamfdetect, statically identifies botnet malware samples, and attempts to extract their configuration details from them, allowing for quick and clean identification of command and control servers.
  • Matt Wolff - Cylance
    Matt Wolff is a computer scientist with a research focus on the areas of data science, machine learning, and information security. He leads the research and engineering efforts for Cylance's artificial intelligence technologies to improve the security of computing systems. A 10-year veteran of the fields of AI and security, he was previously a member of the NSA's TAO group, and was awarded a fellowship from the US Department of Defense to research the capabilities of machine learning and its impact in the security domain. He holds several granted patents, has published academic papers and presented at various conferences in the security and AI space. Matt has a Master of Science degree in Computer Science from Georgia Tech.

Links:

Similar Presentations: