Overview
Syllabus
Intro
Windows Defender Advanced Threat Protection
Windows Defender ATP Research
Types of Machine Learning
Machine Learning for Endpoint Protection
Client Machine Learning
Cloud Machine Learning
Theoretical Attack Vectors: Supervised Model
Attacks on Certificate Reputation (Early 2017)
Attacks on Certificate Reputation (cont.)
Challenges
Diverse Models 1. Different feature sets
Features - Highly dimensional data
Diverse Set of Classifiers Feature Set PE Properties
Optimizing for Different Threat Scenarios
Boolean Stacking TRAINING DATA
Model Selection
Data Leaks
Using Unsupervised Features
Experiment Design Supervised Training
What if ... Attacker crafts adversarial samples to flip verdicts SAMPLES
Realtime Monitoring
Impact of Ensemble Models
Bonus: Interpretability
Benefits of an Ensemble Model
Recent Realworld Case Studies (2)
Key Takeaways
Taught by
Black Hat