Data science in cybersecurity is rapidly growing. At Capsule8, we in data science work in tandem with the security research team to collaborate on state of the art detection models against the latest threats.
Now in machine learning, we all know that feature engineering is the secret sauce. The advantage for us here, given the strength of our security research team , is that there is no dearth of interesting features for our models. One particular set of attacks for which Capsule8 released an open source detector the very next day (read our blog on this for more) became our target— Spectre and Meltdown. What if we can come up with a machine learning model that can use the features from the current deterministic detector, thereby providing better detection? Will the accuracy increase significantly ? Can it keep the false positives at an acceptable level ? Is it production worthy ?
So many questions! Well the short answer to all — Yes.
Background
In early 2018, details began to emerge surrounding a vulnerability in the Intel microprocessor. And not just one version of the chip. The weakness exists in all Intel chips built since the eighties. The root cause is a core design flaw in the chip itself, and nearly every computer on the planet has the vulnerability.