• Start Time:
    11:15AM
  • End Time:
    12:15PM
  • Day:
    Day 2

Talk:

  • Machine Learning techniques and explainability methods for code analysis (Maura Pintor from PLURIBUS)

Machine learning has been successfully used for increasingly complex and critical tasks, achieving high performance and efficiency that would not be possible for human operators. Unfortunately, recent studies have shown that, despite its power, this technology tends to learn spurious correlations from data, making it weak and susceptible to manipulation. Explainability techniques are often used to identify the most relevant features contributing to the decision. In this talk, I will discuss the advantages of using explainability techniques and building on their results to highlight problems in the model design and training.

 

  • Security Analysis of cloud infrastructure (Agathe Blaise from THALES)

In recent years, there has been an explosion of attacks directed at microservice-based platforms – a trend that follows closely the massive shift of the digital industries towards these environments. Two main  types of approaches exist to provide a security assessment of deployed applications and services in such environments. The first one focuses on the mechanisms for analysis and validation of container images and orchestration deployment descriptions via static analysis and stress test procedures. The second one aims to provide methodologies to ensure the right behavior of microservices while in execution and eventually to detect anomalies in their behavior.

 

  • ML and Generative AI to address complexities surrounding supply chain vulnerabilities (Elisa Costante from FORESCOUT TECHNOLOGIES INC.):

Software supply chain vulnerabilities refer to security flaws within components that are integrated into various other software components and applications. These vulnerabilities pose significant challenges when it comes to identification and understanding their full scope upon disclosure. Particularly, in the context of lengthy supply chains, such as when a TCP/IP stack is utilized within an operating system, which is then incorporated into a Network Management Card, ultimately used in an Uninterruptible Power Supply (UPS), pinpointing affected products can be a time-consuming endeavor, often yielding only partial solutions. As a consequence, certain vendors may remain unaware of whether their products are impacted for an extended period following the initial disclosure of the vulnerability. In this presentation, I will delve into the complexities surrounding supply chain vulnerabilities and explore potential solutions leveraging Machine Learning (ML) and Generative AI to address some of these challenges.

 

  • LAZARUS – Enhancing Software Security (Adriana Freitas from APWG):

Discover how LAZARUS revolutionizes software security through advanced machine learning. Learn about its innovative cybersecurity approach throughout the software development lifecycle, including targeted security checks and valuable intelligence collection. Join us to witness LAZARUS bringing security to every step of software development SDLC.

Associated Speakers:

Elisa Costante

Vice President of Research

Forescout Technologies Inc.

Associated Talks:

11:15AM - Day 2

View Session 2: Code and Runtime Security Analysis with ML

View Full Info

Agathe Blaise

Researcher

THALES SIX

Associated Talks:

11:15AM - Day 2

View Session 2: Code and Runtime Security Analysis with ML

View Full Info

Adriana Freitas

Director Responsible for Research Project

APWG

Associated Talks:

11:15AM - Day 2

View Session 2: Code and Runtime Security Analysis with ML

View Full Info

Maura Pintor

Collaborator

PLURIBUS

Associated Talks:

11:15AM - Day 2

View Session 2: Code and Runtime Security Analysis with ML

View Full Info