Slides from July 2016 ISSA OC talk (https://issa-oc.org/event/july-2016-meeting/).
Abstract:
Machine learning is presently a hot topic in the security industry. On the one side, we have companies praising machine learning as the panacea solving all of our security needs. On the other side, there are companies seeing no merit in machine learning urging us to stay with so-called proven approaches.
As always, the truth is a bit more complicated. In this talk, we will take a sober and scientific look at machine learning beyond the hype. First, we will cover what objectives machine learning addresses and how those are accomplished. Next, we will review how machine learning techniques apply to the security space, which problems they solve (and which ones they don’t), and what challenges and opportunities they present. Lastly, with these preliminaries addressed, we will dive into what customers need to look for when evaluating machine learning based security products.
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
A Sober Look at Machine Learning
1. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
A SOBER LOOK AT MACHINE
LEARNING
DR. SVEN KRASSER CHIEF SCIENTIST
@SVENKRASSER
2. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
Distinguishing Science…
Source: CERN, http://home.cern/sites/home.web.cern.ch/files/image/experiment/2013/01/cms_0.jpeg
8. EVERYTHING YOU WILL SEE TODAY
IS REAL WORLD DATA
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
9. Some Data to Get Started:
1988 ANTHROPOMETRIC
SURVEY OF ARMY PERSONNEL
Source: http://mreed.umtri.umich.edu/mreed/downloads.html#anthro 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
10. • Over 4000 soldiers surveyed
• Over 100 measurements
• Reported by gender
Test subjects are in better shape
than the rest of us...
Data
Selection Bias
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
13. FEATURE SELECTION
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Correlation
• Gender-specific slope
• Reduced overlap
• Selection of features
matters
• How to make a
prediction?
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
16. SUPPORT VECTOR MACHINE
2016 CrowdStrike, Inc. All rights reserved.
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Overfitting
• Classifier does not
generalize
• Let’s take a
closer look…
17. CROSS
VALIDATION
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
TRAIN TRAIN TRAIN TEST
TRAIN TRAIN TEST TRAIN
TRAIN TEST TRAIN TRAIN
TEST TRAIN TRAIN TRAIN
• Divide data into k folds
• Train on k-1 folds, test
on the remaining one
• Repeat k times for
all folds
18. LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight[10-1
kg]
• Classifier generalizes
• Note some
misclassifications
• Let’s assume we want
to detect males (blue)
§ I.e. “blue” is our
positive class
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
23. LET’S CLASSIFY
“Buttock Circumference” [mm]
Weight [10-1
kg]
• Get more “blue” right
(true positives)
• Get more “red” wrong
(false positives)
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
24. RECEIVER OPERATING CHARACTERISTICS CURVE
False Positive Rate
TruePositiveRate
Detect
more
by
accepting
more
false
positives
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
32. CURSE OF DIMENSIONALITY
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
REDUCED
predictive
performance
INCREASED
training time
SLOWER
classification
LARGER
memory footprint
38. MANAGING
DIMENSIONALITY
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• FEATURE ELIMINATION
– Feature ranking
– Stop words
• FEATURE REDUCTION
– Principal Component Analysis
– Autoencoders
– Points on lower-dimensional
manifold
– Stemming
• ENSEMBLE METHODS
– Classifier of classifiers, e.g. stacking
– Bagging and subspace sampling,
e.g. Random Forests
• And much, much more…
40. FILE
ANALYSIS
AKA Static Analysis
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• THE GOOD
– Relatively fast
– Scalable
– No need to detonate
– Platform independent, can be done at gateway
– Can support file similarity analysis
• THE BAD
– Limited insight due to narrow view
– Different file types require different techniques
– Different subtypes need special consideration
– Packed files
– .Net
– Installers
– EXEs vs DLLs
– Obfuscations (yet good if detectable)
– Ineffective against exploitation and malware-less attacks
– Asymmetry: a fraction of a second to decide for the
defender, months to craft for the attacker
41. EXAMPLE FEATURES
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
32/64BIT
EXECUTABLE
GUI
SUBSYSTEM
COMMAND
LINE
SUBSYSTEM
FILESIZE TIMESTAMP
DEBUG
INFORMATION
PRESENT
PACKERTYPE FILEENTROPY
NUMBEROF
SECTIONS
NUMBER
WRITABLE
NUMBER
READABLE
NUMBER
EXECUTABLE
DISTRIBUTION
OFSECTION
ENTROPY
IMPORTED
DLLNAMES
IMPORTED
FUNCTION
NAMES
COMPILER
ARTIFACTS
LINKER
ARTIFACTS
RESOURCE
DATA
EMBEDDED
PROTOCOL
STRINGS
EMBEDDED
IPS/DOMAINS
EMBEDDED
PATHS
EMBEDDED
PRODUCT
METADATA
DIGITAL
SIGNATURE
ICON
CONTENT
…
42. COMBINING FEATURES
• Projection to show
clusters
• For illustration, not
the space in that we
classify
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
43. EXECUTION
ANALYSIS
AKA Dynamic Analysis
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• THE GOOD
– Captures actual behavior of file
– Obfuscating behavior is hard
– Effective against exploitation
– Effective against malware-less attacks
– Not dependent on awareness of specific file
types
• THE BAD
– File needs to be executed
– Takes additional time to observe execution
– Execution depends on environment (e.g.
sandbox vs real world)
44. EXAMPLE: GLOBAL BEHAVIOR
§ Behavior across many executions
of a file
§ Conducted on event data centrally
located in the cloud
Krasser, S., Meyer, B., & Crenshaw, P. (2015). Valkyrie:
Behavioral Malware Detection using Global Kernel-
level Telemetry Data. In Proceedings of the 2015 IEEE
International Workshop on Machine Learning for Signal
Processing.
45. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
ML VS OTHER TECHNIQUES
§ ML output is probabilistic
§ Use other techniques where appropriate
§ Most ML-based engines use standard hashes or fuzzy hashes on top of a model
§ Example: credentials theft IoA
47. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
PRELIMINARIES
§ ML is not a feature, it is an implementation detail
§ Every solution must make trade-offs of conflicting objectives
§ FP vs TP
§ Speed vs accuracy
§ Memory footprint vs accuracy
§ Expressiveness vs explainability
§ Benchmarks under different assumptions are very hard to compare, even internally
§ Marchitecture
§ Looking at the right data: 60% of intrusions do not involve malware
48. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
How much data is there to train on?
SCOPE: SCALE
§ Volume of data generated by
sources used
§ Aperture: footprint of deployment
§ Data collection
§ Point of analysis (endpoint, on-
prem, cloud)
49. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
How many data sources are used?
SCOPE: BREADTH
§ Varied sources and techniques
§ Static analysis
§ Behavioral analysis
§ Proliferation
§ Indicators from other techniques
§ Access to historical data
§ Baseline
§ Process lineage
§ “Number of characteristics” is not a useful metric
50. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
DETECTION RATE
§ Detection rate w/o false positive rate is
meaningless
§ Considering the base rate is important
§ System
§ 100k clean files, 1 malware file
§ 99% TPR at 0.1% FPR è 100 FPs, 1 TP
§ Downloads
§ 1k clean files, 1 malware file
§ 99% TPR at 0.1% FPR è 1 FP, 1 TP
§ Sourcing of test files skews results
§ Number of samples used to measure
(often too small)
§ False Positive Rate
§TruePositiveRate
51. APTS & 99% OF MALWARE DETECTED…
2016 CrowdStrike, Inc. All rights reserved.51
52. 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
APTS (CONT.)
§ Combine techniques to offset tradeoffs
§ Static and behavioral
§ ML and non-ML
§ Lean local techniques and heavy-weight cloud techniques
§ Avoid silent failure: what happens when the adversary made it onto the system?
§ Avoid brittle techniques: does the solution depend on the attacker not having
access to detection results?
53. KEY POINTS
2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.
• Machine Learning is an important part of the security tool chest
• Hidden untapped structure in your data
• Various trade-offs, most importantly between true and false positives
• Dimensionality is good…until it’s not
• Not all dimensions are created equal
• Comprehensive coverage by combining techniques