Extracting Machine Learning Features to Detect Malicious HTTPS Traffic; Maintaining Accountability in a Criminal Justice System that Uses Machine Learning

Klein, Adam, School of Engineering and Applied Science, University of Virginia
Seabrook, Bryn, EN-Engineering and Society, University of Virginia
Veeraraghavan, Malathi, EN-Elec/Computer Engr Dept, University of Virginia

The technical portion of this portfolio discusses how machine learning can be used to detect encrypted malware communications. Encryption allows the public to securely send data across the Internet. However, encryption also allows actors with harmful intentions to coordinate cyberattacks in secrecy. This paper offers an approach that would allow for the detection of threats by inspecting metadata that is available prior to decrypting traffic. By manipulating this metadata, it is possible to compute many different features that could be indicative of malicious behavior. This paper describes how a software package can be developed to extract these features from the vast quantities of data that are produced each day on an enterprise-scale network, such as that at the University of Virginia. These results provide a new methodology to detect cyberattacks on enterprise networks.

The STS portion of this portfolio discusses how software that helps humans make decisions impacts a society’s ability to hold decision-makers accountable for their actions. Specifically, it answers the question of how law enforcement agencies and courts can be held accountable when they make decisions that are informed by an algorithmic black box. This question is investigated by first looking at how machine learning technologies have promoted discrimination in the criminal justice system. Establishing machine learning’s failure to create equitable outcomes demonstrates that mathematical processes do not necessarily yield less biased decisions. Case law is then used to determine how accountability has traditionally been viewed in the criminal justice system. This policy analysis is organized within the framework of actor-network theory. The paper builds a network to describe the relationships between actors such as the public, law enforcement agencies, and the social values of accountability and transparency. Technological actors, such as software and data sets, are then introduced into the network to establish how these new actors change the relationship between the public and the value of accountability. Based on these findings, a framework is proposed to help uphold accountability in systems that incorporate software into decision-making processes. This framework will serve as a guide for how a society can ethically incorporate more intelligent software into key areas of life. This guide is essential to both STS and engineering, as it will provide principles for the safe development and use of machine learning technologies in many parts of society.

BS (Bachelor of Science)
actor-network theory, machine learning, criminal justice, cybersecurity

School of Engineering and Applied Science
Bachelor of Science in Computer Science
Technical Advisor: Malathi Veeraraghavan
STS Advisor: Bryn Seabrook
Technical Team Members: NA

Issued Date: