EP50 The Epic Battle: Machine Learning vs Millions of Malicious Documents

Guest:

• Elie Bursztein, security, anti-abuse and privacy researcher @ Google

Topics:

• This episode draws on a talk available in the podcast materials. Could you summarize the gist of your talk for the audience?
• What makes the malicious document problem a good candidate for machine learning (ML)? Could you have used rules?
• “Millions of documents in milliseconds,” not sure how to even parse it - what is involved in making it work?
• Can you explain to the listeners the motivation for reanalyzing old samples, what ground truth means in ML/detection engineering, and how you are using this technique?
• How fast do the attackers evolve and does this throw ML logic off?
• Do our efforts at cat-and-mouse with attackers make the mice harder for other people to catch?  Does massive-scale ML detections accelerate the attacker's evolution?

Resources:

• The RSA talk “Malicious Documents Emerging Trends: A Gmail Perspective”
• “EP40 2021: Phishing is Solved?” episode
• Elie’s talks on his site