BSides Brisbane - Beyond The Hype: Machine Learning for Security
•Anthony G. Tellez•2 min read
Machine LearningSecurityData ScienceRansomwareBotnetBSides
An overview of machine learning and AI concepts tailored for security analysts, cutting through the marketing hype to focus on practical applications and real-world use cases.
What You'll Learn
ML & AI Fundamentals
Understanding the core concepts:
- What is data science?
- The difference between ML and AI
- The promise (and limitations) of AI for security analysts
- Separating vendor marketing from practical reality
Practical Use Cases
Real-world applications with demonstrated results:
Ransomware Detection
Using machine learning to identify ransomware behavior patterns:
- Behavioral analysis techniques
- Feature engineering from endpoint data
- Model training and validation
- Operationalizing detection at scale
Botnet Detection
Applying ML to network data for botnet identification:
- Network traffic analysis
- Statistical anomaly detection
- Command and control pattern recognition
- Automated threat intelligence integration
Key Takeaways
Beyond the Marketing
Understanding what ML can and cannot do in security:
- Realistic expectations vs. vendor claims
- When to use ML vs. traditional approaches
- Common pitfalls and how to avoid them
Operational Implementation
Making ML work in production environments:
- Data requirements and quality
- Model lifecycle management
- Integration with existing security tools
- Continuous improvement and feedback loops
The Security Data Scientist
What security practitioners need to know:
- Essential ML concepts for security work
- Tools and platforms available
- Building vs. buying ML capabilities
- Career paths in security data science
Presentation Materials
Presented at BSides Brisbane 2019