Automated Prevention of Ransomware with Machine Learning and GPOs (RSA Conference 2017)
This talk will highlight a signature-less method to detect malicious behavior before the delivery of the ransomware payload can infect the machine. The ML-driven detection method is coupled with the automated generation of a Group Policy Object and in this way we demonstrate an automated way to take action and create a policy based on observed IOC’s detected in a zero-day exploit pattern.
Rob Soto, Joseph Zadeh
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Security Researcher at Splunk User Behavioral Analytics. He has spoken at ISSA, ISC2, OWASP, DEFCON, Black Hat, Hackmiami and Bsides, and has also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Soto was the winner of the 2012 Black Hat Las Vegas CTF competition and is the Founder and Lead Developer of the Kommand && KonTroll competitive hacking tournament series.
Joseph Zadeh is a Data Scientist on the Splunk User Behavior Analytics team. He has been active in the security space since the first time he attended a hacker con (Defcon 8) and since then he has been passionate about security research in different forums at the grassroots level. He received a B.S. from the University California, Riverside and an M.S. and Ph.D. from Purdue University in mathematics. He has presented or co-presented at various security conferences, including DEFCON, BSides, Torcon and Blackhat to name a few. Zadeh loves to work on behavior-based prediction problems and artificial intelligence such as covert channel detection probabilistic identity resolution, machine learning-driven risk profiling and fraud detection.
Detailed Presentation :
(Source: RSA USA 2017)