BSides Brisbane - Beyond The Hype: Machine Learning for Security

An overview of machine learning and AI concepts tailored for security analysts, cutting through the marketing hype to focus on practical applications and real-world use cases.

What You'll Learn

ML & AI Fundamentals

Understanding the core concepts:

• What is data science?
• The difference between ML and AI
• The promise (and limitations) of AI for security analysts
• Separating vendor marketing from practical reality

Practical Use Cases

Real-world applications with demonstrated results:

Ransomware Detection

Using machine learning to identify ransomware behavior patterns:

• Behavioral analysis techniques
• Feature engineering from endpoint data
• Model training and validation
• Operationalizing detection at scale

Botnet Detection

Applying ML to network data for botnet identification:

• Network traffic analysis
• Statistical anomaly detection
• Command and control pattern recognition
• Automated threat intelligence integration

Key Takeaways

Beyond the Marketing

Understanding what ML can and cannot do in security:

• Realistic expectations vs. vendor claims
• When to use ML vs. traditional approaches
• Common pitfalls and how to avoid them

Operational Implementation

Making ML work in production environments:

• Data requirements and quality
• Model lifecycle management
• Integration with existing security tools
• Continuous improvement and feedback loops

The Security Data Scientist

What security practitioners need to know:

• Essential ML concepts for security work
• Tools and platforms available
• Building vs. buying ML capabilities
• Career paths in security data science

Presentation Materials

Download Slides

---

Presented at BSides Brisbane 2019