Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Machine Learning without the Hype

Avatar for Philipp Krenn Philipp Krenn
June 26, 2018
Programming
4
760

Machine Learning without the Hype

Machine learning is both a highly overloaded and hyped topic. This talk covers one specific area in this space — anomaly detection of time-series data. It sounds very narrow, but is widely applicable in IT security and operations.

In particular we take a look at:
* What is artificial intelligence, machine learning, and deep learning mean in general?
* When is a rule-based approach the right solution and when do you need machine learning?
* What does machine learning mean for time-series data?
* What is the difference between supervised and unsupervised learning in this area?
* What could an example with an actual dataset look like?
Avatar for Philipp Krenn

Philipp Krenn

June 26, 2018
Tweet

More Decks by Philipp Krenn

See All by Philipp Krenn
Full-Text Search Explained
Avatar for Philipp Krenn xeraa
11
2.2k
360° Monitoring of Your Microservices
Avatar for Philipp Krenn xeraa
7
3.4k
Scale Your Metrics with Elasticsearch
Avatar for Philipp Krenn xeraa
4
140
YAML Considered Harmful
Avatar for Philipp Krenn xeraa
0
2.1k
Scale Your Elasticsearch Cluster
Avatar for Philipp Krenn xeraa
1
300
Hands-On ModSecurity and Logging
Avatar for Philipp Krenn xeraa
2
180
Centralized Logging Patterns
Avatar for Philipp Krenn xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
Avatar for Philipp Krenn xeraa
1
470
Make Your Data FABulous
Avatar for Philipp Krenn xeraa
3
870

Other Decks in Programming

See All in Programming
AWS Summit Hong Kong 2025: Reinventing Programming - How AI Transforms Our Enterprise Coding Approach
Avatar for Ernest Chiang dwchiang
0
150
JAWS DAYS 2025 re_Cheers: WEB
Avatar for komakichi komakichi
0
130
Serving TUIs over SSH with Go
Avatar for Carlos Alexandro Becker caarlos0
0
820
インプロセスQAにおいて大事にしていること / In-process QA Meetup
Avatar for MEDLEY, INC. medley
0
190
バリデーションライブラリ徹底比較
Avatar for Yuta Tanaka nayuta999999
1
180
ビカム・ア・コパイロット
Avatar for Kento.Yamada ymd65536
1
180
AI時代のリアーキテクチャ戦略 / Re-architecture Strategy in the AI Era
Avatar for dachi023 dachi023
0
170
Duke on CRaC with Jakarta EE
Avatar for ivargrimstad ivargrimstad
1
470
テスト分析入門/Test Analysis Tutorial
Avatar for Hiroki Iseri goyoki
6
1.6k
Designing Your Organization's Test Pyramid ( #scrumniigata )
Avatar for teyamagu teyamagu
PRO
5
1.8k
2025年のz-index設計を考える
Avatar for TAK tak_dcxi
13
5k
Cloudflare Workersで進めるリモートMCP活用
Avatar for syumai syumai
12
1.8k

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
Avatar for Aki / @LoveIdahoBurger aki_iinuma
122
52k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
180
53k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
Avatar for Dan Newman danielanewman
227
22k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
32
5.8k
A better future with KSS
Avatar for Kyle Neath kneath
239
17k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
251
21k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
GraphQLの誤解/rethinking-graphql
Avatar for sonatard sonatard
71
11k
Side Projects
Avatar for Sacha Greif sachag
453
42k

Transcript

  1. Machine Learning ̴̴̴̴̴ohne Hype ̴̴̴̴Philipp Krenn̴̴@xeraa

  2. ̴̴̴̴̴Developer

  3. None

  4. Machine Learning is going viral...

  5. None
  6. None

  7. ❝Using #DeepLearning when all you needed was a few if

    statements. #MachineLearning #DataScience❞ —https://twitter.com/randal_olson/status/927157485240311808
  8. None
  9. None
  10. None

  11. Agenda Machine Learning Domain Dataset

  12. Machine Learning

  13. Artificial Intelligence Machine Learning Deep Learning !

  14. https://blogs.nvidia.com/blog/2016/07/29/whats-difference-artificial-intelligence-machine-learning-deep-learning-ai/

  15. General AI Human characteristics

  16. AI Winter

  17. Narrow AI Specific tasks

  18. None

  19. Facebook alt="Image may contain: ocean, sky, bridge, cloud, outdoor, water

    and nature"
  20. None
  21. None

  22. PS: A lot of Chatbots are not AI

  23. None
  24. None

  25. ❝Alice: I love stateless protocols! Bob: There has to be

    something bad about them. Alice: Bad about what?❞ —https://twitter.com/znjp/status/933405548678021120

  26. Machine Learning Algorithms parse data → learn from it →

    make a determination or prediction "Trained" machine

  27. ❝Learn from experience E with respect to some class of

    tasks T and performance measure P, if its performance at tasks in T, as measured by P, improves with experience E.❞

  28. ❝"Machine Learning is an emerging tech!" Logistic regression 1958 Hidden

    Markov Model 1960 Support Vector Machine 1963 k-nearest neighbors 1967 Artificial Neural Networks 1975 Expectation Maximization 1977 Decision tree 1986 Q-learning 1989 Random forest 1995❞ —https://twitter.com/farbodsaraf/status/977916871000412160

  29. https://twitter.com/ algorithmia/status/ 1009486664933052416

  30. ❝But saying "powered by AI" is like saying you’re "powered

    by the internet" or "powered by computer code". By itself, it means nothing.❞ —https://twitter.com/jensenharris/status/999119292086960128

  31. Learning Regression Ranking Clustering

  32. https://twitter.com/ShawnWildermuth/status/932724124237123584

  33. None

  34. For children and machines Watch your language

  35. Statistics 101: Linear Regression

  36. ❝We are leveraging machine learning.❞

  37. https://twitter.com/LesGuessing/status/997146590442799105

  38. Supervised Learning Input features and output labels are defined

  39. Unsupervised Learning Unlabeled dataset Discover hidden relationships

  40. https://xkcd.com/882/

  41. None
  42. None

  43. Reinforcement Learning Feedback loop to optimize some parameter

  44. Deep Learning Neural network producing a probability vector Lots of

    training and parallelization

  45. https://www.youtube.com/watch?v=bxe2T-V8XRs

  46. Access to a unique data set is inherently valuable

  47. None

  48. ❝"What's the difference between AI and ML?" "It's AI when

    you're raising money, it's ML when you're trying to hire people."❞ —https://twitter.com/WAWilsonIV/status/925599712849174528

  49. Domain

  50. Patterns Trend (stationary) Cyclical Seasonal Irregular

  51. Anomaly Point Anomalies Contextual Anomalies Collective Anomalies

  52. Breakouts Mean Shift Ramp Up

  53. Anomaly Detection with Machine Learning Supervised Learning Unsupervised Learning

  54. Examples IT operations: Spiking 500s Security analytics: Unusual DNS activity

    Business analytics: Rare log message

  55. Visual Inspection Complex, fast moving data Humans not made to

    stare at graphs Easy to miss

  56. Where is the Anomaly?

  57. Static Rules Definition False positives & negatives Tuning and adjustment

  58. Which threshold?

  59. ̴̴̴̴̴̴̴̴̴̴̴̴Machine learning

  60. ❝OH: "Do you run any CPU intensive application on your

    laptop? Like, machine learning, or Slack?" ! ❞ —https://twitter.com/jpetazzo/status/932464823530430464

  61. Frameworks TensorFlow Keras SciKit ...

  62. How to build ML pipelines? ETL Data storage Optimization algorithms

  63. ❝I see you expected clean data. That's cute.❞

  64. None

  65. Model Baseline: What is normal?

  66. None
  67. None

  68. Unsupervised

  69. Evolves "Online" model learns continuously and ages out data

  70. Single Time Series Example: Unusual traffic?

  71. Multiple Time Series Multiple metrics or single metric split up

    Each series modeled independently Example: Unusual activity by country?
  72. None

  73. Dataset

  74. nginx access log { "source": "/home/ec2-user/data/production-4/prod4elasticlog/_logs/access-logs541.log", "beat": { "hostname": "ip-172-31-5-206",

    "name": "ip-172-31-5-206", "version": "5.4.0" }, "@timestamp": "2017-03-08T11:44:51.562Z", "read_timestamp": "2017-06-20T08:49:58.538Z", "fileset": { "name": "access", "module": "nginx" },

  75. "nginx": { "access": { "body_sent": { "bytes": "3262" }, "url":

    "/assets/blt1afcb054f02e257c/logo-activision.svg", "geoip": { "continent_name": "Asia", "country_iso_code": "IN", "location": { "lat": 20, "lon": 77 } },

  76. "response_code": "200", "user_agent": { "device": "Other", "os_name": "Other", "os": "Other",

    "name": "Other" }, "http_version": "1.1", "method": "GET", "remote_ip": "192.19.197.26" } }, "prospector": { "type": "log" } }
  77. None
  78. None
  79. None
  80. None
  81. None
  82. None

  83. Most of the internet went down

  84. PS: When everything is on , nobody cares about your

    downloads
  85. None

  86. Counterfactual Reasoning Which host / IP / ... is involved

    in the anomaly
  87. None
  88. None
  89. None

  90. Combine Multiple Models

  91. None

  92. Correlation ≠ causation

  93. https://xkcd.com/552/

  94. https://xkcd.com/925/

  95. Common problems Correlated features will mess up any model

  96. Common problems Throw out most features if they are just

    noise

  97. More features Future predictions

  98. None

  99. More features Clustering

  100. Conclusion

  101. Agenda Machine Learning Domain Dataset

  102. Rules of Machine Learning: Best Practices for ML Engineering http://martin.zinkevich.org/rules_of_ml/

    rules_of_ml.pdf

  103. 43 rules Rule #1: Don’t be afraid to launch a

    product without machine learning Rule #14: Starting with an interpretable model makes debugging easier Rule #16: Plan to launch and iterate

  104. Machine Learning ̴̴̴̴̴ohne Hype ̴̴̴̴Philipp Krenn̴̴@xeraa