Clustering and Classification for Cyber Crime


Slides (pdf)    

Machine learning, a kind of artificial intelligence can be applied to computer investigations. This talk will address two concepts. First, clustering, which is used to group similar things according to a set of criteria chosen ahead of time. Second, clustering, which uses a set of training data to 'learn' how to make such groupings. The trained computer can then be applied to new things which are classified appropriately. After you teach it what is "malware" versus what is "not malware", the computer could make such decisions for you. This talk will explain these technologies, where they excel, how they're helping eDiscovery right now, and the problems we're working to bring them into cyber crime investigations.


Home     Publications     Presentations     Utilities     Tools     Blog