Table of Content
Part 1: Introduction to Machine Learning and Python Libraries (1.5 hours)
• Overview of Machine Learning and its common use cases
• Understanding where to use/not use Machine Learning
• Introduction to Python libraries: Keras, TensorFlow, scikit-learn
• Mathematics and intuition behind Machine Learning algorithms
• Supervised learning: linear regression, logistic regression, neural networks, and classifiers
• Unsupervised learning: clustering algorithms like k-means
• Semi-supervised learning
• Introduction to data preprocessing with a demonstration
• Feature engineering: dimensionality reduction and adding new features
• Handling different data types
Part 2: Defensive Security Applications using Machine Learning (2 hours)
• Web access firewalls: Using Machine Learning for enhanced security
• Intrusion detection systems: Leveraging ML to detect and prevent attacks
• Malware detection engines: Identifying and mitigating malicious software
• Hands-on exercises: Building defensive security applications using ML libraries
• Evaluation of ML models using different parameters
• Discussion on the hackability of these applications
8-Hour Training Session Outline: Machine Learning for Security Professionals
Part 3: Offensive Security Applications using Machine Learning (1.5 hours)
• Machine learning for phishing: Detecting and combating phishing attacks
• Machine learning for fuzzing: Improving the effectiveness of fuzzing techniques
• Hands-on exercises: Implementing offensive security applications with ML
• Evaluation and analysis of the built models
• Discussion on the hackability of these applications
Part 4: Flaws in ML/DL Algorithms and Vulnerabilities (2 hours)
• Introduction to vulnerabilities in Machine Learning
• Adversarial learning attacks: Understanding the existence & mathematical intuition behind flaw
• Hands-on practice: Fooling state-of-the-art image classifiers through adversarial attacks
• Analyzing the mechanisms behind successful attacks & Mitigation strategies
• Model stealing attacks: How and why this attack works
• Hands-on example: Bypassing ML-based 99.99% accurate Spam Filters & Mitigation techniques
• Model skewing and data poisoning attacks: Exploring their mechanisms and implications
• Hands-on example: Bypassing ML-based 99.99% accurate Spam Filters
• Discussion on lesser-addressed vulnerabilities and their real-world impact
• Capture The Flag (CTF) challenge focusing on one of the discussed vulnerabilities
Venue & Time
Hall Name: Hall 4
Time: 8 Hour
Workshop Goal
Our training provides an intuitive introduction to machine learning for security professionals with no prior knowledge of mathematics or ML. In the ML4SEC section attendees will gain hands-on experience building ML-powered defensive and offensive security tools using popular libraries like Tensorflow, Keras, Pytorch, and sklearn. We’ll cover the entire ML pipeline, from pre-processing data to building, training, evaluating, and predicting with ML models. In the SEC4ML section we’ll address vulnerabilities in state-of-the-art machine learning methodologies, including adversarial learning, model stealing, data poisoning, and model inference. Participants will work with vulnerable ML applications to gain a thorough understanding of these vulnerabilities and learn possible mitigation strategies. Our training provides practical knowledge that security professionals can apply in their work.
About Speakers
Sagar Bhure is a highly accomplished Security Researcher with a proven track record of excellence in his research on security. He is a filed patent holder with the US for his innovative work on ML and Security and has published several papers on the subject in top-tier journals. Sagar is also the founder of the BSides Hyderabad security community, where he actively collaborates with industry professionals to enhance security awareness and education. He currently leads various projects at OWASP, including the prestigious “ML Security Top 10” an OWASP flagship project. Sagar has spoken at several industry-leading international conferences, including BlackHat, OWASP, and APISecure. He is regarded as a respected thought leader in the cybersecurity community, frequently invited to speak at conferences and workshops on topics related to offensive and defensive security. Sagar’s engaging presentations have helped to educate security professionals with cutting-edge research and tools to strengthen their security toolkits. LinkedIn: https://www.linkedin.com/in/sagarbhure/ Website: sagarbhure.com