José Selvi. NCC Group

In this talk we will see how a penetration tester began using Machine Learning techniques to solve certain problems he faced. We will cover two examples of defensive situation such as false positive reduction in Intrusion Detection Systems by using a One-Class classifier, and a random forest approach to detect hostnames used my malware, in particular, generated by a DGA. For each of these examples, we will cover the path from the first approach we took to the final solution, describing all the mistakes and lessons learned.