Measurements, predictions, and the puzzle of machine learning: what data from 10 million hosts can teach us about security

Tudor Dumitraș
University of Maryland
http://users.umiacs.umd.edu/~tdumitra/Friday, November 16, 2018
1:00 -2:00 pm in CSE 1202

Tudor Dumitraș, Assistant Professor in the Electrical & Computer Engineering Department at the University of Maryland, College Park

TITLE:
Measurements, predictions, and the puzzle of machine learning: what data from 10 million hosts can teach us about security

ABSTRACT:
What are the odds that you will get hacked tomorrow? To answer this question, we must understand the capabilities of real-world adversaries and what helps them exploit software vulnerabilities and distribute malware around the world. Moreover, the machine learning techniques that drive the success of such inferences in non-adversarial domains, like computer vision or autonomous driving, face new challenges in security.

In this talk I will discuss my work, combining machine learning with global-scale measurements, that has exposed critical security threats and has guided industrial practices. First, I will present the Worldwide Intelligence Network Environment (WINE), an analytics platform that has enabled systematic studies of security threats across more than 10 million hosts from around the world. Second, I will use WINE as a vehicle for exploring open questions in security, such as the duration and impact of zero-day attacks and whether we can use machine learning to predict which vulnerabilities are going to be exploited. I will also describe applications of these techniques in the emerging cyber insurance industry. I will conclude by discussing how these results have taught us important lessons about the security of machine learning systems.

BIO:
Tudor Dumitraș is an Assistant Professor in the Electrical & Computer Engineering Department at the University of Maryland, College Park. His research focuses on data-driven security: he studies real-world adversaries empirically, he builds machine learning systems for detecting attacks and predicting security incidents, and he investigates the security of machine learning in adversarial environments. In his previous role at Symantec Research Labs he built the Worldwide Intelligence Network Environment (WINE) – a data analytics platform for security research. His work on the effectiveness of certificate revocations in the Web PKI was featured in the Research Highlights of the Communications of the ACM in 2018, and his measurement of the duration and prevalence of zero-day attacks received an Honorable Mention in the NSA competition for the Best Scientific Cybersecurity Paper of 2012. He also received the 2011 A. G. Jordan Award from the ECE Department at Carnegie Mellon University, the 2009 John Vlissides Award from ACM SIGPLAN, and the Best Paper Award at ASP-DAC’03. Tudor holds a Ph.D. degree from Carnegie Mellon University.