Applying Machine Learning to User Behavior Anomaly Analysis

Explore advanced machine learning techniques for user behavior anomaly detection in this conference talk from the Hack In The Box Security Conference. Delve into various methods and ideas for building security analytics solutions that understand user behavior trends and identify abnormal activity using state-of-the-art neural networks. Learn about empowering feature selection with clustering algorithms, implementing behavioral whitelisting, tuning scoring engines, predicting user actions with recurrent neural networks, and generating synthetic datasets. Gain insights into peer group analysis and other innovative approaches to enhance cybersecurity in enterprise systems and business applications.

Intro
OUTLINE
USER BEHAVIOR ANALYTICS
MACHINE LEARNING
DATA SOURCES
DATA FORMATS
DATA NORMALIZATION: BEFORE
DATA NORMALIZATION: AFTER
ERP SECURITY LOGGING
THREAT MODEL Use Cases
ANOMALY TYPES
ANOMALIES VS. THREATS
STATIC ANOMALY DETECTION
CONTEXT BUILDING
CONTEXT THRESHOLD
CONTEXT MATCHING
ANOMALY ANALYSIS
TEMPORAL ANOMALY DETECTION
FEATURE ENGINEERING
FEATURE SELECTION
FEATURE ENCODING
MODEL IMPLEMENTATION
MODEL MEMORY
MODEL DESIGN Architecture
MODEL PARAMETERS
SEQUENCE LENGTH
KNOWLEDGE BASE SORTING
ADAPTIVE THRESHOLD
CONCLUSIONS