The New Cat and Mouse Game: Attacking and Defending Machine Learning Based Software

Presented at BSidesLV 2017, July 26, 2017, 10 a.m. (25 minutes).

Machine learning is increasingly woven into software that determines what objects our cars recognize as obstacles, whether or not we have cancer, what news articles we should read, and whether or not we should have access to a building or device. Thus far, the technology community has focused on the benefits of machine learning rather than the security risks. And while the security community has raised concerns about machine learning, most security professionals aren't also machine learning experts, and thus can miss ways in which machine learning systems can be manipulated. My talk will help to close this gap, providing an overview of the kinds of attacks that are possible against machine learning systems, an overview of state-of-the-art methods for making machine learning systems more robust, and a live demonstration of the ways one can attack (and defend) a state-of-the-start machine learning based intrusion detection system.


Presenters:

  • Joshua Saxe - Chief Data Scientist - Sophos
    Joshua Saxe is Chief Data Scientist at Sophos, where he and his team focus on developing breakthrough security data science technologies. Highlights of his work have included leading research to develop neural networks for detecting malicious PE, URL and HTML content, developing a crowd data driven malware reverse engineering system, and leading research to discover malware genealogical relationships at scale. He is currently working on a book for No Starch Press on security data science.

Links:

Similar Presentations: