down the dependency rabbit hole - intel.github.io · down the dependency rabbit hole machine...
TRANSCRIPT
![Page 1: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/1.jpg)
Down The Dependency Rabbit HoleMachine Learning as a first line of defense in Intel’s Dependency Review Process
![Page 2: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/2.jpg)
2@twitter handle
$ envNAME=John AndersenHOME=Portland ORUSER=pdxjohnnyWORK=IntelROLE=Open Source Security Software [email protected]=Embedded, Linux, Containers, Concurrency, Web Apps, PythonTHESIS=Machine Learning
![Page 3: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/3.jpg)
3
Dependency Evaluation Review Form
@twitter handle
![Page 4: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/4.jpg)
▪ Initial dataset is made up of
▪ URL of source repo
▪ Security team’s classification (Good / Bad)
▪ Review form data
▪ Plan
▪ Train model on dataset
▪ Assess accuracy
▪ Given URL, collect data to answer form questions
▪ Predict classification by feeding collected data to model
4
Automation Attempt One
@twitter handle
![Page 5: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/5.jpg)
5
Reviewers Rarely Fill Out Evaluation Form
@twitter handle
Bad
Datase
t
![Page 6: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/6.jpg)
▪ Initial dataset is made up of
▪ URL of source repo
▪ Security team’s classification (Good / Bad)
▪ Forms mostly not filled out 👎
▪ Plan
▪ Train model on dataset
▪ Assess accuracy
▪ Given URL, collect data to answer form questions
▪ Predict classification by feeding collected data to model
▪ ~60% Accuracy 🚫
6
Automation Attempt One
@twitter handle
![Page 7: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/7.jpg)
▪ Initial dataset is made up of
▪ URL of source repo
▪ Security team’s classification (Good / Bad)
▪ Plan
▪ Given URL, collect data
▪ Train model on dataset
▪ Assess accuracy
▪ Predict classification by feeding collected data to model
7
Automation Attempt Two
@twitter handle
![Page 8: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/8.jpg)
8
Brainstorming
@twitter handle
![Page 9: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/9.jpg)
Quarterly Ratio of Lines of Comments to Code
![Page 10: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/10.jpg)
10
Prediction Data Flow
@twitter handle
Labeled Data
Git Repo URL
Commits
Authors
...Tensorflow
Deep Neural Network
Good
Bad
![Page 11: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/11.jpg)
11
Request Classification Estimation
![Page 12: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/12.jpg)
Data Flow Facilitator for Machine LearningMachine Learning made easy
![Page 13: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/13.jpg)
▪ Data Flow
▪ Dataset generation
▪ Concurrency without dealing with locking
▪ Sources
▪ CSV
▪ JSON
▪ MySQL
▪ Models
▪ Tensorflow
▪ SciKit
13
Abstractions DFFML Provides
@twitter handle
![Page 14: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/14.jpg)
▪ Python Library
▪ Command Line Interface
▪ HTTP API
▪ JavaScript Client
14
Consistent API
@twitter handle
![Page 15: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/15.jpg)
15
Should I Be Installing This?
@twitter handle
![Page 16: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/16.jpg)
16
What is a Data Flow?
@twitter handle
![Page 17: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/17.jpg)
17
Deploy Anywhere - Command Line
![Page 18: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/18.jpg)
18
Deploy Anywhere - HTTP
![Page 19: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/19.jpg)
19
Deploy Anywhere - HTTP
![Page 20: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/20.jpg)
20
Deploy Anywhere - HTTP
![Page 21: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/21.jpg)
21
Extend Without Writing Code - Modify DataFlow
@twitter handle
![Page 22: Down The Dependency Rabbit Hole - intel.github.io · Down The Dependency Rabbit Hole Machine Learning as a first line of defense in Intel’s Dependency Review Process](https://reader033.vdocument.in/reader033/viewer/2022050203/5f56b61987ef332ed858c1f2/html5/thumbnails/22.jpg)
▪ How to Integrate Machine Learning Tutorial
▪ https://intel.github.io/dffml/usage/integration.html
▪ shouldi
▪ pip install shouldi && shouldi install some-package-name
▪ https://intel.github.io/dffml/tutorials/operations.html
▪ Use and Contribute!
▪ Weekly Meetings: Tuesdays at 9 AM
▪ Gitter, Mailing List, and Meeting Links: https://intel.github.io/dffml/community.html
▪ Documentation: https://intel.github.io/dffml
▪ Q&A
22
Where To Go From Here
@twitter handle