|Machine Learning and Security|
Author: Clarence Chio, David Freeman
AI and security is a natural, but difficult, match.
This is a book focused on the application of AI or Machine Learning (ML) to a particular subject area - security. In this case the area is defined in as wide a way as possible to include things like spam, malware, trojans etc. The first chapter starts off with a look a the world of security threats including some of the motivations.
Chapter 2 is a fairly traditional look at classifying and clustering by way of a general description of techniques with little or no math. It covers decision trees, nearest neighbor and even neural networks. The end of the chapter looks at general problems in training and using such models.
Anomaly detection is a big application of AI in security and other areas. In this case it focuses on host, network and web intrusion. Even so it is still basically about outlier detection. There were some methods described I didn't already know and this made it clear that if I wanted to know how things worked I was going to have to look up more detail. If you are happy to simply apply the method - Python code that performs the calculations referenced - then fine.
Chapter 4 is less successful because it tackles a very difficult problem - malware analysis. Many pages are spent on describing an outline of what makes malware malware but there isn't much real machine learning. It's a list of what you might use, but no real solutions. This isn't unreasonable as we don't currently know of any ML-based solutions that actually work well. The next chapter continues in the same way but with network traffic analysis. Again many pages are devoted to explaining the basic tools and how networks work. There is more ML in this chapter, perhaps because of the ease of obtaining large quantities of data.
Chapter 6 tackles a very messy area - protecting the consumer web. Yet here it seems a simple application of Bayes rule can let you know who is trustworthy. The section on financial fraud is interesting, but very short. As someone who has been involved in the design of a neural network to spot likely fraud, I can tell you it works, but this is not the approach described in this book. The latter part of the chapter describes the application of cluster analysis to detect possible fraud.
The final two chapters are on ML without much reference to security. Chapter 7 is on how to implement ML systems and covers the usual topics of overfitting, bias and how to organize the hardware you need. The final chapter is on adversarial learning, but not Generative Adversarial learning, which has clear advantages for many security problems, but instead how to subvert ML models. It's about finding adversarial examples that the ML model will get wrong and about poisoning the data used in learning. In other words, it's about the security of the ML model. This is a shame because, while it is relevant in a theoretical context, it isn't really a practical problem. Building an ML model that helps with security is difficult and worrying about its security is something that can be postponed until we have something working.
This is a reasonably good book hampered by the difficulty of the subject. It isn't the theory of ML that is difficult but how to go about detecting security violations. If the authors had the solution they wouldn't be writing a book on it, they would be making millions selling it. So what we have is book of techniques that might be useful and a lot of problems waiting for a solution. I enjoyed reading it, but it didn't provide me with any thing that could be used without putting in a lot of work with no promise that it would eventually do the job.
To keep up with our coverage of books for programmers, follow @bookwatchiprog on Twitter or subscribe to I Programmer's Books RSS feed for each day's new addition to Book Watch and for new reviews.
|Last Updated ( Tuesday, 18 June 2019 )|