Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi.

Published byPercival Hensley Modified over 9 years ago

Similar presentations

Presentation on theme: "Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi."— Presentation transcript:

1 Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi

2

3 Individual user differences Security needs - Data confidentiality - Data-loss tolerance - Recovery costs Usage patterns Computer knowledge Different users need different security tools.

4 Problems “Advanced user” assumption - Complicated customization - Unclear security warnings Inflexible engineered solutions with “too much security” - Too high security at high costs - Insufficient customization

5 Population statistics Almost everyone uses a computer Most users are naïve, with limited technical knowledge Many security problems are due to the user naïveté

6 Long-term goal We need an intelligent security assistant that... Learns the user needs Detects complex threats Prevents human mistakes Helps the user to apply available security tools

7

8 Crowdsourcing architecture Identification of web scams Detection of cross-site request forgery Initial results

9 Crowdsourcing architecture Gathering, sharing, and integration of opinions and warnings about web security threats.

10 Crowdsourcing architecture

11 Browser Extension Web Browser Multiple Users Web Service External Data Sources

12 Identification of web scams A web scam is fraudulent or intentionally misleading information posted on the web (e.g. work at home and miracle cures).

13 Identification of web scams Machine learning approach: Collect data about websites, available from various public services Collect human opinions Apply machine learning (currently, logistic regression) to recognize scams based on the available data Accuracy: 98%

14 Detection of cross-site request forgery A cross-site request forgery is an attack through a browser, in which a malicious website uses a trusted session to send unauthorized requests to a target site. Email Malicious Ads News Bank … … … …

15 Detection of cross-site request forgery Machine learning approach: Learn patterns of legitimate requests Detect deviations from these patterns Warn the user about potentially malicious sites and requests

16

17 Future research... newly evolving threats, not yet addressed by the standard defenses... cyber attacks by their observed “symptoms” in addition to using direct analysis of attacking code... “nontraditional” threats that go beyond malware attacks, such as scams and other social engineering Application of machine learning and crowdsourcing to detect...

Download ppt "Application of Machine Learning and Crowdsourcing to Detection of Cyber Threats Jaime G. Carbonell Eugene Fink Mehrbod Sharifi."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.

A NASSCOM ® Initiative Comprehensive Computer Security Software An advanced computer security software usually have one or more of the following utilities.
Wincite Knowledge Warehousing and Networking Sophisticated Simplicity.

Wincite Knowledge Warehousing and Networking Sophisticated Simplicity.
TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.

AVG- Protecting those who are vulnerable.  Free Anti-Virus Software ◦ J.R. Smith President of AVG oversees a lineup of antivirus products used by 110.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Cyber X-Force-SMS alert system for E-mail threats.

Cyber X-Force-SMS alert system for threats.
CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.

CS426Fall 2010/Lecture11 Computer Security CS 426 Lecture 1 Overview of the Course.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Machine Learning Methods for Personalized Cybersecurity Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Applying machine learning and artificial intelligence.

Machine Learning Methods for Personalized Cybersecurity Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Applying machine learning and artificial intelligence.
Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of machine learning and crowdsourcing to adapt cybersecurity.

Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of machine learning and crowdsourcing to adapt cybersecurity.
Detection of Internet Scam Using Logistic Regression

Detection of Internet Scam Using Logistic Regression
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google