a sober look at machine learning

2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

A SOBER LOOK AT MACHINE LEARNING

DR. SVEN KRASSER CHIEF SCIENTIST@SVENKRASSER


Distinguishing Science…

Source: CERN, http://home.cern/sites/home.web.cern.ch/files/image/experiment/2013/01/cms_0.jpeg

…from FictionSource: “Chain Reaction,” 20th Century Fox

MACHINE LEARNING 101


EXAMPLES OF MACHINE LEARNING


SPAM FILTERING

MOVIE RECOMMENDATIONS

SIRI(iPHONE)

TODAY’S FOCUS: SUPERVISED LEARNING


TODAY’S FOCUS: GEOMETRIC MODELS


EVERYTHING YOU WILL SEE TODAY IS REAL WORLD DATA


Some Data to Get Started:1988 ANTHROPOMETRIC

SURVEY OF ARMY PERSONNEL

Source: http://mreed.umtri.umich.edu/mreed/downloads.html#anthro 2016 CROWDSTRIKE, INC. ALL RIGHTS RESERVED.

• Over 4000 soldiers surveyed• Over 100 measurements• Reported by gender

Test subjects are in better shape than the rest of us...

Data

Selection Bias


FIRST LOOK

Height [mm]

Den

sity

• Difference in distribution

• Significant overlap


SECOND DIMENSION

Height [mm]

Wei

ght

[10

-1kg

]

• Correlation

• Overlap


FEATURE SELECTION

“Buttock Circumference” [mm]

Wei

ght

[10

-1kg

]

•Correlation

•Gender-specific slope

•Reduced overlap

• Selection of features matters

•How to make a prediction?


K-NEAREST NEIGHBOR


Wei

ght

[10

-1kg

]

m

f


SUPPORT VECTOR MACHINE


Wei

ght

[10

-1kg

]


SUPPORT VECTOR MACHINE

2016 CrowdStrike, Inc. All rights reserved.“Buttock Circumference” [mm]

Wei

ght

[10

-1kg

]

•Overfitting

•Classifier does not generalize

• Let’s take a closer look…

CROSSVALIDATION


TRAIN TRAIN TRAIN TEST

TRAIN TRAIN TEST TRAIN

TRAIN TEST TRAIN TRAIN

TEST TRAIN TRAIN TRAIN

• Divide data into k folds

• Train on k-1 folds, test on the remaining one

• Repeat k times for all folds

LET’S CLASSIFY


Wei

ght

[10

-1kg

]

• Classifier generalizes

• Note some misclassifications

• Let’s assume we want to detect males (blue)§ I.e. “blue” is our

positive class


LET’S CLASSIFY


Wei

ght

[10

-1kg

]


LET’S CLASSIFY


Weight [10

-1kg]

• Get more “blue” right (true positives)

• Get more “red” wrong (false positives)


RECEIVER OPERATING CHARACTERISTICS CURVE

False Positive Rate

Tru

e P

osi

tive

Rat

e

Detect more by accepting more false positives


THREE DIMENSIONS


MORE DIMENSIONS

Decision Value

Den

sity

• Linear model in ~160 dimensions

• Linearly separable


Source: Source: http://playground.tensorflow.org/


TREES AND TREE ENSEMBLES

SPARSEFEATURES


400 401 402 403 404 405 406 407 408 409 410 411 412 413 414

area codes

0 0 0 1 0 0 0 0 0 0 0 0 0 0 0

0 0 0 0 1 0 0 0 0 0 0 0 0 0 0

0 1 0 0 0 0 0 0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0 0 0 0 1 0 0 0

0 0 0 0 0 0 0 1 0 0 0 0 0 0 0

0 0 0 0 1 0 0 0 0 0 0 0 0 0 0

N-GRAMS

43 72 6F 77 64 53 74 72 69 6B 65

43726F 776453 747269

726F77 645374 72696B

6F7764 537472 696B65


MISSION ACCOMPLISHED:WE JUST ADD MORE DIMENSIONS…

RIGHT?


CURSE OF DIMENSIONALITY


REDUCEDpredictive

performance

INCREASEDtraining time

SLOWERclassification

LARGERmemory footprint

Source: https://commons.wikimedia.org/w/index.php?curid=2257082

DIMENSIONALITY AND SPARSENESS

2016 CrowdStrike, Inc. All rights reserved.Height (mm)

Wei

ght

[10

-1kg

]

MANAGINGDIMENSIONALITY


• FEATURE ELIMINATION

– Feature ranking

– Stop words

• FEATURE REDUCTION

– Principal Component Analysis

– Autoencoders

– Points on lower-dimensional manifold

– Stemming

• ENSEMBLE METHODS

– Classifier of classifiers, e.g. stacking

– Bagging and subspace sampling, e.g. Random Forests

• And much, much more…

SECURITY APPLICATIONS


FILE ANALYSISAKA Static Analysis


• THE GOOD

– Relatively fast

– Scalable

– No need to detonate

– Platform independent, can be done at gateway

– Can support file similarity analysis

• THE BAD

– Limited insight due to narrow view

– Different file types require different techniques

– Different subtypes need special consideration– Packed files

– .Net

– Installers

– EXEs vs DLLs

– Obfuscations (yet good if detectable)

– Ineffective against exploitation and malware-less attacks

– Asymmetry: a fraction of a second to decide for the defender, months to craft for the attacker

EXAMPLE FEATURES


32/64 BIT EXECUTABLE

GUI SUBSYSTEM

COMMAND LINE

SUBSYSTEMFILE SIZE TIMESTAMP

DEBUG INFORMATION

PRESENTPACKER TYPE FILE ENTROPY NUMBER OF

SECTIONSNUMBER

WRITABLE

NUMBER READABLE

NUMBER EXECUTABLE

DISTRIBUTION OF SECTION

ENTROPY

IMPORTED DLL NAMES

IMPORTED FUNCTION

NAMES

COMPILER ARTIFACTS

LINKER ARTIFACTS

RESOURCE DATA

EMBEDDED PROTOCOL STRINGS

EMBEDDED IPS/DOMAINS

EMBEDDED PATHS

EMBEDDED PRODUCT

META DATA

DIGITAL SIGNATURE

ICON CONTENT …

COMBINING FEATURES

• Projection to show clusters

• For illustration, not the space in that we classify


EXECUTIONANALYSISAKA Dynamic Analysis


• THE GOOD

– Captures actual behavior of file

– Obfuscating behavior is hard

– Effective against exploitation

– Effective against malware-less attacks

– Not dependent on awareness of specific file types

• THE BAD

– File needs to be executed

– Takes additional time to observe execution

– Execution depends on environment (e.g. sandbox vs real world)

EXAMPLE: GLOBAL BEHAVIOR

§ Behavior across many executions of a file

§ Conducted on event data centrally located in the cloud

Krasser, S., Meyer, B., & Crenshaw, P. (2015). Valkyrie: Behavioral Malware Detection using Global Kernel-level Telemetry Data. In Proceedings of the 2015 IEEE International Workshop on Machine Learning for Signal Processing.


ML VS OTHER TECHNIQUES

§ ML output is probabilistic

§ Use other techniques where appropriate

§ Most ML-based engines use standard hashes or fuzzy hashes on top of a model

§ Example: credentials theft IoA

EVALUATING ML SOLUTIONS



PRELIMINARIES

§ ML is not a feature, it is an implementation detail

§ Every solution must make trade-offs of conflicting objectives§ FP vs TP

§ Speed vs accuracy

§ Memory footprint vs accuracy

§ Expressiveness vs explainability

§ Benchmarks under different assumptions are very hard to compare, even internally

§ Marchitecture

§ Looking at the right data: 60% of intrusions do not involve malware


How much data is there to train on?

SCOPE: SCALE

§ Volume of data generated by sources used

§ Aperture: footprint of deployment

§ Data collection

§ Point of analysis (endpoint, on-prem, cloud)


How many data sources are used?

SCOPE: BREADTH

§ Varied sources and techniques§ Static analysis

§ Behavioral analysis

§ Proliferation

§ Indicators from other techniques

§ Access to historical data§ Baseline

§ Process lineage

§ “Number of characteristics” is not a useful metric


DETECTION RATE

§ Detection rate w/o false positive rate is meaningless

§ Considering the base rate is important§ System

§ 100k clean files, 1 malware file§ 99% TPR at 0.1% FPR è 100 FPs, 1 TP

§ Downloads§ 1k clean files, 1 malware file§ 99% TPR at 0.1% FPR è 1 FP, 1 TP

§ Sourcing of test files skews results

§ Number of samples used to measure (often too small)

§ False Positive Rate

§T

rue

Po

siti

ve R

ate


APTS (CONT.)

§ Combine techniques to offset tradeoffs§ Static and behavioral

§ ML and non-ML

§ Lean local techniques and heavy-weight cloud techniques

§ Avoid silent failure: what happens when the adversary made it onto the system?

§ Avoid brittle techniques: does the solution depend on the attacker not having access to detection results?

KEY POINTS


•Machine Learning is an important part of the security tool chest

• Hidden untapped structure in your data

• Various trade-offs, most importantly between true and false positives

•Dimensionality is good…until it’s not

•Not all dimensions are created equal

•Comprehensive coverage by combining techniques

a sober look at machine learning

Data & Analytics