DN18 | Applied Machine Learning in Cybersecurity: Detect malicious DGA Domains | Philipp Drieger | Splunk
1 like182 views
The document discusses applied machine learning in cybersecurity to detect malicious domain generating algorithms (DGAs). It presents an end-to-end real world example using machine learning to operationalize detection of DGAs in a big data environment. Key takeaways are that the presentation will discuss detecting unknown unknowns with machine learning, challenges in detecting DGAs through static matching or regular expressions, and accelerating data science workflows to reduce time from research to production.
DN18 | Applied Machine Learning in Cybersecurity: Detect malicious DGA Domains | Philipp Drieger | Splunk
- 1. © 2018 SPLUNK INC.© 2018 SPLUNK INC. Applied Machine Learning in Cybersecurity: Detect malicious DGA Domains Data Natives Conference, Berlin 23. November 2018 Philipp Drieger | Staff Machine Learning Architect
- 2. © 2018 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2018 Splunk Inc. All rights reserved. Forward-Looking Statements THIS SLIDE IS REQUIRED FOR ALL 3 PARTY PRESENTATIONS.
- 3. © 2018 SPLUNK INC. Operationalize machine learning systems with human in the loop in a big data environment End to end real world example of applied machine learning in cybersecurity Accelerate your data science workflows and shrink your research to production time Your 3 Key Takeaways
- 4. © 2018 SPLUNK INC. Problem Statement Section subtitle goes here
- 5. © 2018 SPLUNK INC. Domain Generating Algorithms ▶ Used by malware, e.g. ransomware or botnets for C&C. Challenges: ▶ Static matching runs against potentially infinite blacklist entries O(∞) ▶ Regex can narrow down this list, but still hard to compute and find rules (and define exceptions for rules) ▶ Detect unknown unknowns? Why DGAs matter? Because personal life and society is directly impacted! Example IoCs for Wannacry (https://cert.europa.eu/static/SecurityAdvisories/2017/CERT- EU-SA2017-012.pdf)
- 6. © 2018 SPLUNK INC. DGA App for Splunk Free Download: https://splunkbase.splunk.com/app/3559/
- 7. © 2018 SPLUNK INC.
- 8. © 2018 SPLUNK INC.
- 9. © 2018 SPLUNK INC.
- 10. © 2018 SPLUNK INC.
- 11. © 2018 SPLUNK INC.
- 12. © 2018 SPLUNK INC.
- 13. © 2018 SPLUNK INC.
- 14. © 2018 SPLUNK INC.
- 15. © 2018 SPLUNK INC.
- 16. © 2018 SPLUNK INC.
- 17. © 2018 SPLUNK INC. Thanks! Q&A