Dailydave mailing list archives
Re: Assymetry
From: Sven Krasser <sven () crowdstrike com>
Date: Fri, 1 Apr 2016 19:37:15 +0000
We need to work from both ends: increasing the cost to the adversary, e.g. by having them deplete their access to workable exploits, and by decreasing the cost of discovery to the defender. (This only considers the costs of the arms race, not the cost of mitigating a breach.) Machine Learning allows us to algorithmically compute a large set of complex rules that are optimal to some loss function. If we can detect more True Positives with fewer False Positives by using such an empirical model compared to heuristically defined rules, then that is added value. That does not mean one should not use any rules that encode specific knowledge from subject matter experts. There are always trade-offs to be made. There is also a time-based asymmetry. If an adversary has months worth of time to craft an attack while the defender’s systems must be able to decide within milliseconds (e.g. AV) or using a few hours worth of data, then the defender has a disadvantage. That’s where ML can help as well by looking at larger timeframes that are exceeding what a human analyst can review at a time. To go back to your project, Dave: if there’s a single fight, you likely won’t need a TensorFlow-based BJJ judge. Once you’re in a situation where there are too many fights to keep track of with individual human judges, then an ML scoring judge becomes appealing. It would become even more appealing if a judge e.g. would need to deliberate for an hour after a fight (the time-based asymmetry from above). -- Sven Krasser, Ph.D. Chief Scientist, CrowdStrike, Inc. http://www.crowdstrike.com | http://tinyurl.com/cs-svenk From: <dailydave-bounces () lists immunityinc com> on behalf of Dave Aitel <dave.aitel () gmail com> Date: Friday, April 1, 2016 at 10:35 AM To: "dailydave () lists immunityinc com" <dailydave () lists immunityinc com> Subject: [Dailydave] Assymetry One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure). Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at that rate? But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?) -dave
Attachment:
smime.p7s
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Assymetry Dave Aitel (Apr 01)
- Re: Assymetry Sven Krasser (Apr 01)
- Re: Assymetry Robin.Lowe (Apr 11)
- Message not available
- Re: Assymetry Josh Saxe (Apr 12)