Machine Learning & Analytics For Threat Detection

This gives a glimpse of how 'Machine Learning & Analytics' can be used for Threat Detection. This document is not explicit, it assumes you have prior knowledge of the subject, therefore only pointers have been mentioned.

This was presented at SACON and speakers explain subjects in detail during sessions for deeper understanding. Next sessions are in order, you can pre-register/register for special deals and/or notifications here . You can check out the complete presentation here


Dissecting Detection Systems

  • Signature Based
  • Anomaly Engines
  • Analytics Workbench
  • Learning Systems

Why Do We Need Analytics ?

  • Cyber Security Refresh Rate
  • Custom Payloads From Attackers
  • Servers Not The Target
  • Speed With Volume

Learning Systems

  • Heuristic Learning

    • Virus Detection , OS Rootkit
  • Anomaly Engines

    • DDoS Detection, Protocol Obfuscation, Malformed Data Streams, Application Breach
  • Spot / Baseline / Profiles

    • Unordered action - new rule, new device, long dead user, database user event
  • Time Series Analytics

    • DDoS, Flow Outliners, Protocol Breach, Zombies
  • Classifiers

    • SPAM, Botnets, Authentication Anomalies
  • Unassisted Learning

    • SPAM, DNS Detection, L2 Attacks

When is Machine Learning Working ?

  • Credible / Clean training data
  • Positive and timely feedback
  • Picking the right features
  • Consistent feature variations
  • Consistent data pattern

Where Does Machine Learning Work ?

  • DNS Based Detection
  • DDoS/ Traffic Anomaly
  • SPAM Mail Filters
  • Authentications
  • Application Modeling
  • Threat Intelligence

Machine Learning Is Fading

  • Variance Challenge
  • The "state dataset" problem
  • Mass labelling
  • Complex selection challenges

How To Get Started With Machine Learning ?

  • Programming in R /Python
  • Data platforms - Splunk, DNIF
  • Infrastructures - Generic Hadoop, Hortonworks

Did you enjoy reading this? This was presented at SACON. Great security minds from the world come together to present and conduct workshops on Threat Detection, Threat Hunting, IoT Security, Incident Response, Cyber Range Drills & more at SACON - International Security Architecture Conference. Check out this year's session plan here .

You can also tweet to us by tagging @CISOPlatform or #SACON and let us know what workshops you think should be added to help today's security builders ?


E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform