Who's in Control: Human or Machine? - Behavioral Detection in Cybersecurity

Explore the evolving landscape of web API protection in this OWASP Foundation conference talk. Delve into advanced attack methods and defense strategies, focusing on behavioral detection techniques. Learn about the challenges posed by sophisticated attackers who bypass traditional device and IP intelligence methods. Discover how user behavior analysis and behavioral biometrics can be leveraged to detect suspicious activity. Examine various behavioral signals, including mouse movements, key presses, and touch events, and understand how machine learning algorithms can be applied to process this information effectively. Gain insights into the pros and cons of behavioral detection and its practical applications in cybersecurity.

Intro
Types of attack
What drives attack sophistication
Evolution of attack and detection methods
Behavioral detection: User Behavior Analysis
Behavioral detection: Behavioral biometric detection
Behavioral Detection Use Cases
User Behavioral Analysis Examines the context of the interactions
Behavioral biometrics available depends on the client
Behavioral biometrics - Mouse Motion Timing
Behavioral biometrics - Mouse Velocity
Behavioral biometrics - Mouse Acceleration
Behavioral biometrics - Touch interactions Machine
Behavioral biometrics - Key Press Metrics
Behavioral biometrics - Spoofing • Many different ways to falsify inputs
Why use behavioral detection? Pros