Security & Machine Learning — Part 3
Optimizing the model for better results and turning corners
I’ve been writing about how we held a series of meetups on machine learning at the Seattle AWS Architects & Engineers Meetup. In this three-part series, I first went over some machine learning concepts. In the second post, I wrote more specifically about getting started with AWS DeepRacer, the AWS autonomous model car that lets you test and learn about ML.
I thought that would be my final post on the topic. My objective was not to become an expert in machine learning as I am fully aware that people dedicate their lives to this subject who have far superior knowledge than me. However, I wanted to know enough to understand its place in the cybersecurity landscape to make effective decisions about its use.
I planned to use any simple model and get the car around the track and submit it to our meetup league. However, there was one slight problem. I was not about to go super slow. As I told my co-hosts @kolbyallen and @drakeloud I don’t want to be a turtle! Perhaps this comes from my previous experience in sports which I often apply to security. I am not hyper-competitive, but I strive to do my best. I was also intrigued by turning corners fast.
As I explained during the meetup, I used to race horses as a kid. We did the kind of races where you run your horse around objects — barrel racing, pole bending, figure 8 race, key race, and flag race. I explained how, when racing horses, you weren’t always going at full speed. My favorite was the key race. You ran your horse into a small chute with a big circle created on the dirt with some chalky substance. You had to go as fast as you could into that circle, turn around, and come back across the finish line. If your horse stepped on or went outside the line you were disqualified.
One time I heard my mom explaining how the horse doesn’t run full speed the whole time. You get the horse to turn on its haunches (hind legs) to do a 180-degree turn and come back. At the point the horse is turning, it isn’t running at all. My horse was good at this spin. We weren’t the best duo ever, but we did get many trophies at the county fair and a few ribbons at state. Our best race was the figure 8 race where you run up to one pole, turn, make a figure 8 around another stake, and come back. When a rider rounds barrels, the horse leans on its side to hug the barrel close as it turns. The speed of the turns is essential to remain competitive in these races.
So being energized by this type of thing and annoyed that I couldn’t get my car around the track in time for the meetup because I refused to reduce the speed, I continued fiddling with the car. I switched over to the current race track for October, which is much more challenging than the one we were using, and became a bit obsessed trying to figure it out. I messed with creating an algorithm that would stay on the track but round the corners as fast as possible. I also tried to figure out how to get the car to minimize steering on the straight-aways.
I can’t say that I have fully mastered my model by any means, but I got into the top 10% on the leader board. I’m sure I’m not there anymore. I got the car around the track at high speed. The main problem I have is consistency. I wondered if running on other tracks would help get the vehicle to recognize what I wanted it to do faster. I tried a couple of other windy tracks, and the car was out of control flying off the corners, so I definitely would have to work on this longer — but alas, this is not my day job, and I have penetration test reports due! I must get back to real work.
While messing with different options, I noticed that when I definitely could influence the car with a smarter algorithm. Even with reinforcement learning, you try to steer the vehicle in the right direction (pun intended!) I wonder if throwing tons of data (and money) at the problem would help me obtain consistency. But couldn’t I just write a better algorithm to hug the center line and go fast on the corners? I would need more time to test this out. I’m not sure exactly how it’s all working under the hood. I fiddled with the hyperparameters a bit but noticed more improvements based on how I tweaked my reward function.
From my experience so far, machine learning still seems to require some analysis to generate optimal performance and probably a lot of data — more time and money than I have to spend right now. I’m still intrigued by further optimization of my model but have so many other things to do. As you can probably tell by my Twitter feed @teriradichel and blog posts, I jump topics a lot. Maybe I’ll get back to it later. I wanted to include a picture of my barrel racing my horse, Chester, but my mom couldn’t find any of me on a running horse. But here’s an old photo of me as a little kid with the first horse I raced — Gypsy. Back in the day…
If you want to learn more about machine learning, you can check out my last post about the AWS DeepRacer. For cybersecurity specific applications, you may want to get the book I mentioned in prior posts, Machine Learning and Security: Protecting Systems with Data and Algorithms. It has a lot of cybersecurity specific applications of machine learning and trial code. It’s got excellent ratings and has a lot of useful information!
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2021
Want to learn more about Cloud Security?
Check out: Cybersecurity for Executives in the Age of Cloud.
Cloud Penetration Testing and Security Assessments
Cloud Security Training
Virtual training available for a minimum of 10 students at a single organization. Curriculum: 2nd Sight Lab cloud Security Training
Have a Cybersecurity or Cloud Security Question?
2020 Cybersecurity and Cloud Security Podcasts
DOM XSS Attacks and Prevention ~ IANS November 2020 Webinar
2020 Cybersecurity and Cloud Security Conference Presentations
Prior Podcasts and Presentations
Azure for Auditors ~ Presented to Seattle ISACA and IIA
OWASP AppSec Day 2019 — Melbourne, Australia
Bienvenue au congrès ISACA Québec 2019 — Keynote — Quebec, Canada (October 7–9)
White Papers and Research Reports