本書探索如何將機器學(xué)習(xí)應(yīng)用于各種安全問題(如入侵檢測、惡意軟件分類和網(wǎng)絡(luò)分析)。機器學(xué)習(xí)和安全專家克拉倫斯·奇奧與大衛(wèi)·弗里曼為討論這兩個領(lǐng)域之間的聯(lián)姻提供了框架,另外還包括一個機器學(xué)習(xí)算法工具箱,你可以將其應(yīng)用于一系列安全問題。
Preface.
1. Why Machine Learning and Security
Cyber Thre* Landscape
The Cyber Attacker's Economy
A Marketplace for Hacking Skills
Indire* Moiz*ion
The Upshot
Wh* Is Machine Learning
Wh* Machine Learning Is Not
Adve*aries Using Machine Learning
Real-World Uses of Machine Learning in Security
Spam Fighting: An Iter*ive Approach
Limit*ions of Machine Learning in Security
2. Classifying and Clustering
Machine Learning: Problems and Approaches
Machine Learning in Pra*ice: A Worked Example
Training Algorit*s to Learn
Model Families
Loss Fun*ions
Optimiz*ion
Supervised Classific*ion Algorit*s
Logistic Regression
Decision Trees
Decision Forests
Support Ve*or Machines
Naive Bayes
k-Nearest Neio*
Neural Networks
Pra*ical Consider*ions in Classific*ion
Sele*ing a Model Family
Training D*a Constru*ion
Fe*ure Sele*ion
Overfitting and Underfitting
Choosing Thresholds and Comparing Models
Clustering
Clustering Algorit*s
Evalu*ing Clustering Results
Conclusion
3.Ano*ly Dete*ion
When to Use Ano*ly Dete*ion Ve*us Supervised Learning
Intrusion Dete*ion with Heuristics
D*a-Driven Methods
Fe*ure Engineering for Ano*ly Dete*ion
Host Intrusion Dete*ion
Network Intrusion Dete*ion
Web Applic*ion Intrusion Dete*ion
In Sum*ry
Ano*ly Dete*ion with D*a and Algorit*s
Forecasting (Supervised Machine Learning)
St*istical Metrics
Goodness-of-Fit
Unsupervised Machine Learning Algorit*s
Density-Based Methods
In Sum*ry
Challenges of Using Machine Learning in Ano*ly Dete*ion
Response and Mitig*ion
Pra*ical System Design Concerns
Optimizing for Exp*nability
Maintainability of Ano*ly Dete*ion Systems
Integr*ing Hu*n Feedback
Mitig*ing Adve*arial Effe*s
Conclusion
4. Malware Analysis
Unde*tanding Malware
Defining Malware Classific*ion
Malware: Behind the Scenes
Fe*ure Gener*ion
D*a Colle*ion
Gener*ing Fe*ures
Fe*ure Sele*ion
From Fe*ures to Classific*ion
How to Get Malware Samples and Labels
Conclusion
5. Network Traffic Analysis
Theory of Network Defense
Access Control and Authentic*ion
Intrusion Dete*ion
Dete*ing In-Network Attacke*
D*a-Centric Security
Honeypots
Sum*ry
Machine Learning and Network Security
From Captures to Fe*ures
Thre*s in the Network
Bots and You
Building a Predi*ive Model to Classify Network Attacks
Exploring the D*a
D*a Prepar*ion
Classific*ion
Supervised Learning
Semi-Supervised Learning
Unsupervised Learning
Advanced Ensembling
Conclusion
6. Prote*ing the Consumer Web
Moizing the Consumer Web
Types of Abuse and the D*a Th* Can Stop Them
Authentic*ion and Account Takeover
Account Cre*ion
Financial Fraud
Bot A*ivity
Supervised Learning for Abuse Problems
Labeling D*a
Cold Start Ve*us Warm Start
False Positives and False Neg*ives
Multiple Responses
Large Attacks
Clustering Abuse
Example: Clustering Spam Do*ins
Gener*ing Cluste*
Scoring Cluste*
Further Dire*ions in Clustering
Conclusion
7. Produ*ion Systems
Defining Machine Learning System M*urity and Scalability
Wh*'s Important for Security Machine Learning Systems
D*a Quality
Problem: Bias in D*asets
Problem: Label Inaccuracy
Solutions: D*a Quality
Problem: Missing D*a
Solutions: Missing D*a
Model Quality
Problem: Hyperparameter Optimiz*ion
Solutions: Hyperparameter Optimiz*ion
Fe*ure: Feedback Loops, A/B Testing of Models
Fe*ure: Repe*able and Exp*nable Results
Perfor*nce
Goal: Low L*ency, High Scalability
Perfor*nce Optimiz*ion
Hori*tal Scaling with Distributed Computing Frameworks
Using Cloud Services
Maintainability
Problem: Checkpointing, Ve*ioning, and Deploying Models
Goal: Graceful Degrad*ion
Goal: Easily Tunable and Configurable
Monitoring and Alerting
Security and Reliability
Fe*ure: Robus*ess in Adve*arial Contexts
Fe*ure: D*a Privacy Safeguards and Guarantees
Feedback and Usability
Conclusion
8. Adve*arial Machine Learning
Terminology
The Importance of Adve*arial ML
Security Vulnerabilities in Machine Learning Algorit*s
Attack Transferability
Attack Technique: Model Poisoning
Example: Binary Classifier Poisoning Attack
Attacker Knowledge
Defense Against Poisoning Attacks
Attack Technique: Evasion Attack
Example: Binary Classifier Evasion Attack
Defense Against Evasion Attacks
Conclusion
A. Supplemental M*erial for Chapter 2
B. Integr*ing Open Source Intelligence
Index