This gives a glimpse of how 'Machine Learning & Analytics' can be used for Threat Detection. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.
This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications here . You can check out the complete presentation here
Dissecting Detection Systems
- Signature Based
- Anomaly Engines
- Analytics Workbench
- Learning Systems
Why Do We Need Analytics ?
- Cyber Security Refresh Rate
- Custom Payloads From Attackers
- Servers Not The Target
- Speed With Volume
- Heuristic Learning
- Virus Detection , OS Rootkit
- Anomaly Engines
- DDoS Detection, Protocol Obfuscation, Malformed Data Streams, Application Breach
- Spot / Baseline / Profiles
- Unordered action - new rule, new device, long dead user, database user event
- Time Series Analytics
- DDoS, Flow Outliners, Protocol Breach, Zombies
- SPAM, Botnets, Authentication Anomalies
- Unassisted Learning
- SPAM, DNS Detection, L2 Attacks
When is Machine Learning Working ?
- Credible / Clean training data
- Positive and timely feedback
- Picking the right features
- Consistent feature variations
- Consistent data pattern
Where Does Machine Learning Work ?
- DNS Based Detection
- DDoS/ Traffic Anomaly
- SPAM Mail Filters
- Application Modeling
- Threat Intelligence
Machine Learning Is Fading
- Variance Challenge
- The "state dataset" problem
- Mass labelling
- Complex selection challenges
How To Get Started With Machine Learning ?
- Programming in R /Python
- Data platforms - Splunk, DNIF
- Infrastructures - Generic Hadoop, Hortonworks
Did you enjoy reading this? This was presented at SACON. Great security minds from the world come together to present and conduct workshops on Threat Detection, Threat Hunting, IoT Security, Incident Response, Cyber Range Drills & more at SACON - International Security Architecture Conference. Check out this year's session plan here .
You can also tweet to us by tagging @CISOPlatform or #SACON and let us know what workshops you think should be added to help today's security builders ?