Machine Learning for Security Professionals: Building and Hacking ML Systems

Part 1: Introduction to Machine Learning and Python Libraries (1.5 hours)

• Overview of Machine Learning and its common use cases
• Understanding where to use/not use Machine Learning
• Introduction to Python libraries: Keras, TensorFlow, scikit-learn
• Mathematics and intuition behind Machine Learning algorithms
• Supervised learning: linear regression, logistic regression, neural networks, and classifiers
• Unsupervised learning: clustering algorithms like k-means
• Semi-supervised learning
• Introduction to data preprocessing with a demonstration
• Feature engineering: dimensionality reduction and adding new features
• Handling different data types

Part 2: Defensive Security Applications using Machine Learning (2 hours)

• Web access firewalls: Using Machine Learning for enhanced security
• Intrusion detection systems: Leveraging ML to detect and prevent attacks
• Malware detection engines: Identifying and mitigating malicious software
• Hands-on exercises: Building defensive security applications using ML libraries
• Evaluation of ML models using different parameters
• Discussion on the hackability of these applications
8-Hour Training Session Outline: Machine Learning for Security Professionals

Part 3: Offensive Security Applications using Machine Learning (1.5 hours)

• Machine learning for phishing: Detecting and combating phishing attacks
• Machine learning for fuzzing: Improving the effectiveness of fuzzing techniques
• Hands-on exercises: Implementing offensive security applications with ML
• Evaluation and analysis of the built models
• Discussion on the hackability of these applications

Part 4: Flaws in ML/DL Algorithms and Vulnerabilities (2 hours)

• Introduction to vulnerabilities in Machine Learning
• Adversarial learning attacks: Understanding the existence & mathematical intuition behind flaw
• Hands-on practice: Fooling state-of-the-art image classifiers through adversarial attacks
• Analyzing the mechanisms behind successful attacks & Mitigation strategies
• Model stealing attacks: How and why this attack works
• Hands-on example: Bypassing ML-based 99.99% accurate Spam Filters & Mitigation techniques
• Model skewing and data poisoning attacks: Exploring their mechanisms and implications
• Hands-on example: Bypassing ML-based 99.99% accurate Spam Filters
• Discussion on lesser-addressed vulnerabilities and their real-world impact
• Capture The Flag (CTF) challenge focusing on one of the discussed vulnerabilities