Yesterday I posted a new article on the CrowdStrike blog with some follow-up thoughts to the Machine Learning webcast. The post covers another concrete example on how combining weak indicators can generally yield stronger ones. (If you are familiar with ML, this won’t make you raise an eyebrow.) It also covers various areas of application in the security space. Specifically, for cloud-based security, there is an opportunity to go beyond the small data sets that e.g. AV can leverage and look beyond the first few seconds of execution on a single machine.
One question that I got after the webcast was what toolchain I used. Long story short, I processed the final data in IPython using scikit-learn. For the figures, I used matplotlib with seaborn. For feature extraction, we’ve used both Python and Pig. Any questions or feedback, tweet me @SvenKrasser.