Orange is the new Hack - Introduction to Machine Learning with Orange

Analyzing a large number of security alerts can be repetitive and tedious. To help cope with the growing complexity of systems, analysts can use machine learning algorithms and other data analysis concepts. By doing prediction, machine learning algorithms can help prioritize and even reduce the amount of manual work needed. Data analysis can also help gain a better understanding of our data.

The workshop will introduce participants to the world of machine learning using the software Orange. A security-related scenario will be used for the hand-on exercises. For this scenario, a large dataset of vulnerabilities from web applications reported by a static analysis tool will be used. The dataset of vulnerabilities was enriched with key metadata that will help the algorithms. Some metadata will need transformation. Based on issues that were classified, it will be possible to predict which unclassified issues are likely to be actual vulnerabilities.

The participants will be able to apply the same principles to the dataset in other contexts such as malware classification, system alert classification, vulnerability management, etc.


This workshop will cover the following topics:

  • Data visualization
  • Classification
  • Making predictions
  • Comparing features and models


  • Bring your own laptop
  • Operating system compatible for Orange (Windows/Mac/Linux)


Philippe Arteau Security researcher, GoSecure

Philippe is a security researcher working for GoSecure. His research is focused on Web application security. His past work experience includes pentesting, secure code review and software development. He is the author of the widely-used Java static analysis tool Find Security Bugs. He created a static analysis tool for .NET called Roslyn Security Guard. He built many plugins for Burp and ZAP proxy tools: Retire.js, Reissue Request Scripter, CSP Auditor and a few others. He presented at several conferences including Black Hat Arsenal, ATLSecCon, NorthSec, Hackfest (QC) and JavaOne.