Daily Tech Digest - July 28, 2022

The Beautiful Lies of Machine Learning in Security

The biggest challenge in ML is availability of relevant, usable data to solve your problem. For supervised ML, you need a large, correctly labeled dataset. To build a model that identifies cat photos, for example, you train the model on many photos of cats labeled "cat" and many photos of things that aren't cats labeled "not cat." If you don’t have enough photos or they're poorly labeled, your model won't work well. In security, a well-known supervised ML use case is signatureless malware detection. Many endpoint protection platform (EPP) vendors use ML to label huge quantities of malicious samples and benign samples, training a model on "what malware looks like." These models can correctly identify evasive mutating malware and other trickery where a file is altered enough to dodge a signature but remains malicious. ML doesn't match the signature. It predicts malice using another feature set and can often catch malware that signature-based methods miss. However, because ML models are probabilistic, there's a trade-off. ML can catch malware that signatures miss, but it may also miss malware that signatures catch. 


6 Machine Learning Algorithms to Know About When Learning Data Science

Decision trees are models that resemble a tree like structure containing decisions and possible outcomes. They consist of a root node, which forms the start of our tree, decision nodes which are used to split the data based on a condition, and leaf nodes which form the terminal points of the tree and the final outcome. Once a decision tree has been formed, we can use it to predict values when new data is presented to it. ... Random Forest is a supervised ensemble machine learning algorithm that aggregates the results from multiple decision trees, and can be applied to classification and regression based problems. Using the results from multiple decision trees is a simple concept and allows us to reduce the problem of overfitting and underfitting experienced with a single decision tree. To create a Random Forest we first need to randomly select a subset of samples and features from the main dataset, a process known as “Bootstraping”. This data is then used to build a decision tree. Carrying out bootstrapping avoids issues of the decision trees being highly correlated and improves model performance.


Data science isn’t particularly sexy, but it’s more important than ever

Not only is data cleansing an essential part of data science, it’s actually where data scientists spend as much as 80% of their time. It has ever been thus. As Mike Driscoll described in 2009, such “data munging” is a “painful process of cleaning, parsing and proofing one’s data.” Super sexy! Now add to that drudgery the very real likelihood that enterprises, as excited as they are to jump into data science, many lack “a suitable infrastructure in place to start getting value out of AI,” as Jonny Brooks has articulated: The data scientist likely came in to write smart machine learning algorithms to drive insight but can’t do this because their first job is to sort out the data infrastructure and/or create analytic reports. In contrast, the company only wanted a chart that they could present in their board meeting each day. The company then gets frustrated because they don’t see value being driven quickly enough and all of this leads to the data scientist being unhappy in their role. As I have written before: “Data scientists join a company to change the world through data, but quit when they realize they’re merely taking out the data garbage.”


Top 7 Skills Required to Become a Data Scientist

Having a deep understanding of machine learning and artificial intelligence is a must to have to implement tools and techniques in different logic, decision trees, etc. Having these skill sets will enable any data scientist to work and solve complex problems specifically that are designed for predictions or for deciding future goals. Those who possess these skills will surely stand out as proficient professionals. With the help of machine learning and AI concepts, an individual can work on different algorithms and data-driven models, and simultaneously can work on handling large data sets such as cleaning data by removing redundancies. ... The base of establishing your career as a data science professional will require you to have the ability to handle complexity. One must ensure to have the capability to identify and develop both creative and effective solutions as and when required. You might face challenges in finding out ways to develop any solution that possibly needs to have clarity in concepts of data science by breaking down the problems into multiple parts to align them in a structured way.


The Psychology Of Courage: 7 Traits Of Courageous Leaders

Like so many complex psychological human characteristics, courage can be difficult to nail down. On the surface, courage seems like one of those “I know it when I see it” concepts. In my twenty years spent facilitating and coaching innovation, creativity, strategy and leadership programs, and in partnership with Dr. Glenn Geher of the Psychology Department of the State University of New York at New Paltz, I’ve identified behavioral attributes that often correlate with a person’s access to their courage. Each attribute has influential effects on organizational culture at all levels. Fostering these attributes in your own life (at work and beyond) and within your team can help you lead toward the courageous future you’re striving to achieve. ... Courage requires taking intentional risks. And the bigger the risk, the more courage it takes (and the bigger the outcome can be). Those who understand the importance of facing fear and being vulnerable, who accept that falling and getting up again is part of the journey, tend to have quicker access to their courage.


There is a path to replace TCP in the datacenter

"The problem with TCP is that it doesn't let us take advantage of the power of datacenter networks, the kind that make it possible to send really short messages back and forth between machines at these fine time scales," John Ousterhout, Professor of Computer Science at Stanford, told The Register. "With TCP you can't do that, the protocol was designed in so many ways that make it hard to do that." It's not like the realization of TCP's limitations is anything new. There has been progress to bust through some of the biggest problems, including in congestion control to solve the problem of machines sending to the same target at the same time, causing a backup through the network. But these are incremental tweaks to something that is inherently not suitable, especially for the largest datacenter applications (think Google and others). "Every design decision in TCP is wrong for the datacenter and the problem is, there's no one thing you can do to make it better, it has to change in almost every way, including the API, the very interface people use to send and receive data. It all has to change," he opined.


Typemock Simplifies .NET, C++ Unit Testing

When testing legacy code, you need to test small parts of the logic one by one, such as the behavior of a single function, method or class. To do that the logic must be isolated from the legacy code, he explained. As Jennifer Riggins explained in a previous post, unit testing differs from integration testing, which focuses on the interaction between these units or components, and catches errors at the unit level earlier, so the cost of fixing them is dramatically reduced. ... Typemock uses special code that can intersect with the flow of the software, and instead of calling the real code, it doesn’t matter whether it’s a real method or a virtual method, it can intercept it, and you can fake different things in the code, he said. Typemock has been around since 2004 when Lopian launched the company with Roy Osherove, a well-known figure in test-driven development. They first released Typemock Isolator in 2006, a tool for unit testing SharePoint, WCF and other .NET projects. Isolator provides an API helps users write simple and human-readable tests that are completely isolated from the production code.


Why Web 3.0 Will Change the Current State of the Attention Economy Drastically

The attention economy requires improvements, and Web 3.0 is capable of making them happen. In the foreseeable future, it will drastically change the interplay between consumers, advertisers and social media platforms. Web 3.0 will give power to the people. It may sound pompous, but it's true. How is that possible? Firstly, Web 3.0 will grant users ownership of their data, so you'll be able to treat your data like it's your property. Secondly, it will enable you to be paid for the work you are doing when making posts and giving likes on social media. Both options provide you with the opportunity to monetize the attention that you give and receive. The agreeable thing about Web 3.0 is that it's all about honest ownership. If a piece of art can be an NFT with easily traceable ownership, your data can be too. If you own your data, you can monetize or offer it on your terms, knowing who is going to use it and how. For instance, there is Permission, a tokenized Web 3.0 advertising platform that connects brands with consumers, with the latter getting crypto rewards for their data and engagement. 


Serverless-first: implementing serverless architecture from the transformation outset

While a serverless-first mindset provides a range of benefits, some businesses may be hesitant to make the transition due to concerns around cloud provider security, vendor lock-in, sunk costs from other strategies and ongoing issues with debugging and development environments. However, even among the most serverless-adverse, this mindset can provide benefits to a select part of an organisation. Take for example a bank’s operations. While the maintenance of a traditional network infrastructure is crucial for uptime of the underlying database, with a serverless approach they have the freedom to implement an agile mindset with consumer-facing apps and technologies as demand grows. Agile and serverless strategies typically go hand-in-hand, and both can encourage quick development, modification and adaptation. In relation to concerns around vendor lock-in, some organisations may look towards a cloud-agnostic strategy. However, writing software for multiple clouds removes the ability to use features offered by one specific cloud, meaning any competitive advantage of using a specific vendor is then lost. 


CISO in the Age of Convergence: Protecting OT and IT Networks

Pan Kamal, head of products at BluBracket, a provider of code security solutions, says one of the first steps an organization can take is to create an IT-OT convergence task force that maps out the asset inventory and then determine where IT security policy needs to be applied within the OT domain. “Review industry-specific cybersecurity regulations and prioritize implementation of mandatory security controls where called for,” Kamal adds. “I also recommend investing in a converged dashboard -- either off the shelf or create a custom dashboard that can identify vulnerabilities and threats and prioritize risk by criticality.” Then, organizations must examine the network architecture to see if secure connections with one-way communications -- via data diodes for example -- can eliminate the possibility of an intruder coming in from the corporate network and pivoting to the OT network Another key element is conducting a review of security policies related to both the equipment and the software supply chain, which can help identify secrets in code present in git repositories and help remediate them prior to the software ever being deployed.



Quote for the day:

"Inspired leaders move a business beyond problems into opportunities." -- Dr. Abraham Zaleznik

No comments:

Post a Comment