MLSec Project is a select community of like-minded individuals that want to work together on using machine learning and data science in information security. It features open source projects, blog posts and community content to help further the understanding of how this technology can help defenders handle the growing complexity and verbosity of their environments and tools.
If you have been researching Machine Learning and Data Science applications on Information security, reach out to us so you can be a part of our growing community!
Open Source Projects
These are the projects developed or supported by MLSec Project members. Feel free to use them and contribute back to the community.
Combine is a Python program that automates the process of handling threat intelligence indicators from a variety of public or private sources. It gathers, enriches and exports the indicators in one of several supported standard formats.
TIQ Test is an R package that allows easy statistical comparison of different threat intelligence indicator sources such as novelty, overlap, population, aging and uniqueness. The output can be in raw data format or via visualizations using ggplot2.
SecRepo.com is a repository of Security Data Samples licensed as Creative Commons for researchers to get their feet wet on data analysis in Information Security. Maintained by Mike Sconzo.
These are some of the research presented by MLSec Project in some of the most respected Information Security conferences in the world!
Using Machine Learning to Support Information Security
Presented on BSides Las Vegas on 2013. One of the first presentations put together by MLSec Project, it is an overview of Machine Learning for security practitioners.
Defending Networks with Incomplete Information: A Machine Learning Approach
Presented on Black Hat USA 2013 and DefCon 21. This presentation discusses the design of a classifier that is able to predict attacks based on network firewall logs.
Applying Machine Learning to Network Security Monitoring
Presented on BayThreat 4 and HushCon 2013. This talk updated the research that was presented on the previous talk with new datasets and techniques.
Measuring the IQ of your Threat Intelligence Feeds
Presented on BSides Las Vegas on 2014 and DefCon 22. This talk introduced the threat intelligence statistical analysis package TIQ Test and the indicator harvesting tool Combine.
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring
Presented on Black Hat USA 2014 and DefCon 22. This fun talk presents a view beyond marketing claims of what works and what doesn't on the Machine Learning landscape for Information Security.
From Threat Intelligence to Defense Cleverness: A Data Science Approach
Presented on SANS CTI Summit 2015. This talk expands on the concepts and tools from TIQ Test to provide even deeper insights on our threat intelligence ecosystem.
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
Presented on Black Hat USA 2015, this talk wraps up the TIQ Test exploration of feeds and starts analyzing Threat Intelligence Sharing communities.
In order to have the necessary data to experiment and develop machine learning models and data science for security, we need a lot of data. These are the data sharing partners that are enabling our ongoing research
Farsight Security is a provider of bleeding edge intelligence feeds and passive DNS data.
AlienVault’s Open Threat Exchange (OTX) delivers the first truly open threat intelligence community that makes this vision a reality.