Build Better Defenses
October 29–30, 2017: Training
October 30–November 1, 2017: Tutorials & Conference
New York, NY

Predicting exploitability with Amazon Machine Learning

Michael Roytman (Kenna Security)
2:10pm–2:50pm Tuesday, October 31, 2017
Security analytics
Location: Sutton North

Who is this presentation for?

  • CISOs, VM leads, data scientists, and SOC analysts

Prerequisite knowledge

  • Familiarity with exploit and vulnerability basic concepts

What you'll learn

  • Learn how to predict when an attacker will write an exploit weeks before, using only publicly available data


Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable.

Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem.

Photo of Michael Roytman

Michael Roytman

Kenna Security

Michael Roytman is the chief data scientist at Kenna Security, where his work focuses on cybersecurity data science and Bayesian algorithms. Michael is also a technical advisor in the humanitarian space, having worked with Doctors Without Borders, the World Health Organization, and the UN. He has spoken at some of the top security conferences in the world, including RSA, SOURCE, BSides, Metricon, and SIRAcon, and has been published in the Advanced Computing Association journal USENIX. Michael is the author of three patents. He holds an MS in operations research from Georgia Tech. His home in Chicago is a mess of broken-down espresso machines.