Dailydave mailing list archives

Re: Assymetry

From: Sven Krasser <sven () crowdstrike com>
Date: Fri, 1 Apr 2016 19:37:15 +0000

We need to work from both ends: increasing the cost to the adversary, e.g. by having them deplete their access to 
workable exploits, and by decreasing the cost of discovery to the defender. (This only considers the costs of the arms 
race, not the cost of mitigating a breach.)

Machine Learning allows us to algorithmically compute a large set of complex rules that are optimal to some loss 
function. If we can detect more True Positives with fewer False Positives by using such an empirical model compared to 
heuristically defined rules, then that is added value. That does not mean one should not use any rules that encode 
specific knowledge from subject matter experts. There are always trade-offs to be made.

There is also a time-based asymmetry. If an adversary has months worth of time to craft an attack while the defender’s 
systems must be able to decide within milliseconds (e.g. AV) or using a few hours worth of data, then the defender has 
a disadvantage. That’s where ML can help as well by looking at larger timeframes that are exceeding what a human 
analyst can review at a time.

To go back to your project, Dave: if there’s a single fight, you likely won’t need a TensorFlow-based BJJ judge. Once 
you’re in a situation where there are too many fights to keep track of with individual human judges, then an ML scoring 
judge becomes appealing. It would become even more appealing if a judge e.g. would need to deliberate for an hour after 
a fight (the time-based asymmetry from above).

-- 
Sven Krasser, Ph.D.
Chief Scientist, CrowdStrike, Inc.
http://www.crowdstrike.com | http://tinyurl.com/cs-svenk

From:  <dailydave-bounces () lists immunityinc com> on behalf of Dave Aitel <dave.aitel () gmail com>
Date:  Friday, April 1, 2016 at 10:35 AM
To:  "dailydave () lists immunityinc com" <dailydave () lists immunityinc com>
Subject:  [Dailydave] Assymetry

One possible long-lasting cause of the "asymmetry" everyone talks about is that US defenders get quite high salaries 
compared to Chinese attackers (I assume, not being a Chinese attacker it's hard to know for sure). 

Just in pure "dollars spent vs dollars spent" it seems like it would be three times cheaper to be a Chinese attacker at 
that rate?

But I think it's still a question whether or not machine learning techniques make surveillance cheaper than intrusion 
as a rule. What if it does? What would that change about our national strategy? (And if it DOESN'T then why bother?)

-dave

Attachment: smime.p7s
Description:

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Assymetry Dave Aitel (Apr 01)
- Re: Assymetry Sven Krasser (Apr 01)
- Re: Assymetry Robin.Lowe (Apr 11)
- Message not available
  - Re: Assymetry Josh Saxe (Apr 12)