Applying deep learning to Airbnb search

October 9, 2019October 4, 2019 ~ adriancolyer ~ 16 Comments

Applying deep learning to Airbnb search Haldar et al., KDD'19 Last time out we looked at Booking.com’s lessons learned from introducing machine learning to their product stack. Today’s paper takes a look at what happened in Airbnb when they moved from standard machine learning approaches to deep learning. It’s written in a very approachable style … Continue reading Applying deep learning to Airbnb search

150 successful machine learning models: 6 lessons learned at Booking.com

October 7, 2019October 4, 2019 ~ adriancolyer ~ 18 Comments

150 successful machine learning models: 6 lessons learned at Booking.com Bernadi et al., KDD'19 Here’s a paper that will reward careful study for many organisations. We’ve previously looked at the deep penetration of machine learning models in the product stacks of leading companies, and also some of the pre-requisites for being successful with it. Today’s … Continue reading 150 successful machine learning models: 6 lessons learned at Booking.com

Detecting and characterizing lateral phishing at scale

October 4, 2019September 29, 2019 ~ adriancolyer ~ 3 Comments

Detecting and characterizing lateral phishing at scale Ho et al., USENIX Security Symposium 2019 This is an investigation into the phenomenon of lateral phishing attacks. A lateral phishing attack is one where a compromised account within an organisation is used to send out further phishing emails (typically to other employees within the same organisation). So … Continue reading Detecting and characterizing lateral phishing at scale

In-toto: providing farm-to-table guarantees for bits and bytes

October 2, 2019September 29, 2019 ~ adriancolyer ~ 9 Comments

in-toto: providing farm-to-table guarantees for bits and bytes Torres-Arias et al., USENIX Security Symposium 2019 Small world with high risks did a great job of highlighting the absurd risks we’re currently carrying in many software supply chains. There are glimmers of hope though. This paper describes in-toto, and end-to-end system for ensuring the integrity of … Continue reading In-toto: providing farm-to-table guarantees for bits and bytes

Small world with high risks: a study of security threats in the npm ecosystem

September 30, 2019September 29, 2019 ~ adriancolyer ~ 12 Comments

Small world with high risks: a study of security threats in the npm ecosystem Zimmermann et al., USENIX Security Symposium 2019 This is a fascinating study of the npm ecosystem, looking at the graph of maintainers and packages and its evolution over time. It’s packed with some great data, and also helps us quantify something … Continue reading Small world with high risks: a study of security threats in the npm ecosystem

Wireless attacks on aircraft instrument landing systems

September 27, 2019September 22, 2019 ~ adriancolyer ~ 19 Comments

Wireless attacks on aircraft instrument landing systems Sathaye et al., USENIX Security Symposium 2019 It’s been a while since we last looked at security attacks against connected real-world entities (e.g., industrial machinery, light-bulbs, and cars). Today’s paper is a good reminder of just how important it is becoming to consider cyber threat models in what … Continue reading Wireless attacks on aircraft instrument landing systems

50 ways to leak your data: an exploration of apps’ circumvention of the Android permissions system

September 25, 2019September 22, 2019 ~ adriancolyer ~ 14 Comments

50 ways to leak your data: an exploration of apps’ circumvention of the Android permissions system Reardon et al., USENIX Security Symposium 2019 The problem is all inside your app, she said to me / The answer is easy if you take it logically / I’d like to help data in its struggle to be … Continue reading 50 ways to leak your data: an exploration of apps’ circumvention of the Android permissions system

The secret-sharer: evaluating and testing unintended memorization in neural networks

September 23, 2019September 22, 2019 ~ adriancolyer ~ 2 Comments

The secret sharer: evaluating and testing unintended memorization in neural networks Carlini et al., USENIX Security Symposium 2019 This is a really important paper for anyone working with language or generative models, and just in general for anyone interested in understanding some of the broader implications and possible unintended consequences of deep learning. There’s also … Continue reading The secret-sharer: evaluating and testing unintended memorization in neural networks

Even more amazing papers at VLDB 2019 (that I didn’t have space to cover yet)

September 20, 2019September 15, 2019 ~ adriancolyer ~ 1 Comment

We’ve been covering papers from VLDB 2019 for the last three weeks, and next week it will be time to mix things up again. There were so many interesting papers at the conference this year though that I haven’t been able to cover nearly as many as I would like. So today’s post is a … Continue reading Even more amazing papers at VLDB 2019 (that I didn’t have space to cover yet)

Updating graph databases with Cypher

September 18, 2019September 15, 2019 ~ adriancolyer ~ 4 Comments

Updating graph databases with Cypher Green et al., VLDB'19 This is the story of a great collaboration between academia, industry, and users of the Cypher graph querying language as created by Neo4j. Beyond Neo4j, Cypher is also supported in SAP HANA Graph, RedisGraph, Agnes Graph, and Memgraph. Cypher for Apache Spark, and Cypher over Gremlin … Continue reading Updating graph databases with Cypher