Early Detection of Malicious Patterns in Event-Streaming Data
Offered By: nullcon via YouTube
Course Description
Overview
Explore advanced techniques for detecting malicious patterns in event-streaming data in this 50-minute conference talk from nullcon Goa 2019. Delve into the challenges of identifying adversarial activity using behavioral indicators rather than static indicators of compromise. Learn about tools for hunting known complex behavioral patterns and discover a deep learning approach for automatically uncovering behavioral patterns from event logs. Gain insights from Hyrum Anderson, Chief Scientist at Endgame, as he discusses the importance of early detection, the use of machine learning on sequence data, and model design considerations including features, embedding, recurrent networks, and conviction patterns. Examine the effectiveness of these methods through analysis of false positives and negatives, and understand the broader implications for information security and situational awareness.
Syllabus
Intro
CONTEXT
EQL BY EXAMPLE
SEQUENCES: ORDER MATTERS
THE DREAM: SEMI-AUTOMATIC
MACHINE LEARNING ON SEQUENCE DATA
MODEL DESIGN: FEATURES
MODEL DESIGN: EMBEDDING
MODEL DESIGN: RECURRENT
MODEL DESIGN: CONVICTION
PATTERN EARLINESS?
UPDATED MODEL SUMMARY
LEARNED PATTERNS?
FALSE NEGATIVE
FALSE POSITIVE
STEP BACK: WHAT HAVE WE DONE?
Taught by
nullcon
Related Courses
AWS Certified Machine Learning - Specialty (LA)A Cloud Guru Google Cloud AI Services Deep Dive
A Cloud Guru Introduction to Machine Learning
A Cloud Guru Deep Learning and Python Programming for AI with Microsoft Azure
Cloudswyft via FutureLearn Advanced Artificial Intelligence on Microsoft Azure: Deep Learning, Reinforcement Learning and Applied AI
Cloudswyft via FutureLearn