SlideShare a Scribd company logo

Threat Detection using Analytics & Machine Learning

Priyanka Aash, profile picture
Priyanka Aash

This document discusses using analytics and machine learning for threat detection. It covers different types of detection systems like signature-based, anomaly-based and learning systems. It explains why analytics are needed given challenges like the speed of attacks. Various machine learning techniques are described, including heuristics, anomaly detection, time series analysis and classifiers. Examples of when machine learning works well include DNS-based detection and traffic anomalies. Common failures are also discussed, such as the stale dataset problem and variance challenges.

Technology
Related topics:
Threat Intelligence Threat Detection
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Detecting Threats with Analytics and Machine Learning (ML) Shomiron DAS GUPTA (GCIA) Founder, CEO NETMONASTERY Inc. #SACON
Agenda ■ Dissecting detection systems ■ Why do we need “analytics” ■ Learning systems ■ Anomaly / Heuristics / Dictionaries ■ Machine Learning Use Cases ■ Why ML works / fails #SACON
Dissecting Detection Systems ■ Signature based ■ Anomaly engines ■ Analytics workbench ■ Learning systems #SACON
Why do we need “Analytics”
The Real Need for Analytics ■ Cyber security refresh rate ■ Custom payloads from attackers ■ Servers not the target ■ Speed with volume #SACON
Learning Systems ■ Heuristic learning ■ Anomaly engines ■ Spot / Baseline / Profilers ■ Time series analytics ■ Classifiers ■ Unassisted learning #SACON
Heuristics ■ Virus detection, OS Rootkits v1 v2 v3 v4 Day 14Day 6Day 1 Day 42 #SACON
Anomaly ■ DDoS Detection, Protocol Obfuscation, Malformed Data Streams, Application Breach Fixed Anomaly Model Structure Could be traffic behavior, protocol behavior, application behavior. Realtime Data #SACON
Spot / Baseline / Profilers ■ Unordered Action - new rule, new device, long dead user, database user event #SACON LEARN PHASE EVAL PHASE Build Model Transcode model with feature aggregation performed on realtime data flows Data Data Evaluation Identification of outliers based on pre approved model
Time Series Analytics ■ DDoS, Flow Outliers, protocol breach, zombies #SACON THRESHOLDING DYNAMIC THRESHOLDING Fixed limits are set to detect breach in activity Moving window analysis of time series data
Classifiers ■ SPAM, Botnets, Authentication Anomalies #SACON Clustering Process - Suitable feature selection (PCA) - Training set (static / dynamic) - Cleaning training data - Regression to find mean - Operations - Feedback and Re-tuning
Unassisted Learning ■ SPAM, DNS Detection, L2 Attacks #SACON Alert Feedback AnalystSelf Adjusting Loop Data Profiler Model
When is ML working ■ Credible / Clean training data ■ Positive and timely feedback ■ Picking the right features ■ Consistent feature variation ■ Consistent data pattern #SACON
Where does ML work ■ DNS based detection ■ DDoS / Traffic anomaly ■ SPAM Mail filters ■ Authentication ■ Application modelling ■ Threat Intelligence #SACON
ML is failing ■ Variance challenge ■ The “stale dataset” problem ■ Mass labelling ■ Complex selection challenges #SACON
■ Programming in R / Python ■ Data platforms - Splunk, DNIF ■ Infrastructures - Generic Hadoop, Hortonworks https://dnif.it Get started with 100Gb free every month forever Getting Started with ML #SACON
Shomiron DAS GUPTA shomiron@netmonastery.com +91 9820336050 Thank You! #SACON

More Related Content

PPTX
CyberSecurity Portfolio Management
Priyanka Aash
 
PDF
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
PPTX
Secure coding guidelines
Sathyanarayana Panduranga
 
PPTX
Threat modelling(system + enterprise)
abhimanyubhogwan
 
PPTX
Web Application Penetration Testing Introduction
gbud7
 
PPTX
Secure coding practices
Mohammed Danish Amber
 
PPTX
Application Threat Modeling
Rochester Security Summit
 
PDF
OWASP Top 10 A4 – Insecure Direct Object Reference
Narudom Roongsiriwong, CISSP
 
CyberSecurity Portfolio Management
Priyanka Aash
 
OWASP Secure Coding Practices - Quick Reference Guide
Ludovic Petit
 
Secure coding guidelines
Sathyanarayana Panduranga
 
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Web Application Penetration Testing Introduction
gbud7
 
Secure coding practices
Mohammed Danish Amber
 
Application Threat Modeling
Rochester Security Summit
 
OWASP Top 10 A4 – Insecure Direct Object Reference
Narudom Roongsiriwong, CISSP
 

What's hot (20)

PDF
Detection and Response Roles
Florian Roth
 
PPTX
From the Frontline of RASP Adoption
Goran Begic
 
PPT
Application Security
florinc
 
PPTX
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
ODP
OWASP Secure Coding
bilcorry
 
PDF
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
PPT
Web Application Security
Abdul Wahid
 
PPTX
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
PPT
Mobile application security and threat modeling
Shantanu Mitra
 
PPTX
Secure coding practices
Scott Hurrey
 
PPTX
DevSecCon Talk: An experiment in agile Threat Modelling
zeroXten
 
PDF
Application Threat Modeling
Priyanka Aash
 
PPTX
Security testing
Rihab Chebbah
 
PPTX
Threat modeling the security of the enterprise
Rafal Los
 
PDF
Introduction to Security Testing
vodQA
 
PDF
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP
 
ODP
Introduction to OWASP & Web Application Security
OWASPKerala
 
PDF
Securing the Internet from Cyber Criminals
Narudom Roongsiriwong, CISSP
 
PPT
Penetration Testing Basics
Rick Wanner
 
PDF
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Detection and Response Roles
Florian Roth
 
From the Frontline of RASP Adoption
Goran Begic
 
Application Security
florinc
 
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
OWASP Secure Coding
bilcorry
 
Secure Code Review 101
Narudom Roongsiriwong, CISSP
 
Web Application Security
Abdul Wahid
 
Security hole #5 application security science or quality assurance
Tjylen Veselyj
 
Mobile application security and threat modeling
Shantanu Mitra
 
Secure coding practices
Scott Hurrey
 
DevSecCon Talk: An experiment in agile Threat Modelling
zeroXten
 
Application Threat Modeling
Priyanka Aash
 
Security testing
Rihab Chebbah
 
Threat modeling the security of the enterprise
Rafal Los
 
Introduction to Security Testing
vodQA
 
OWASP Top 10 Proactive Control 2016 (C5-C10)
Narudom Roongsiriwong, CISSP
 
Introduction to OWASP & Web Application Security
OWASPKerala
 
Securing the Internet from Cyber Criminals
Narudom Roongsiriwong, CISSP
 
Penetration Testing Basics
Rick Wanner
 
5 Important Secure Coding Practices
Thomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Ad

Similar to Threat Detection using Analytics & Machine Learning (20)

PDF
SACON17 - Detecting Threats with Analytics and Machine Learning
Shomiron Das Gupta
 
PDF
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
PDF
Navy security contest-bigdataforsecurity
stelligence
 
PDF
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
PDF
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
PPTX
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
PPTX
20190123 LSEC CTI - Machine Learning in Infosec
Dominique Dessy
 
PPTX
BsidesLVPresso2016_JZeditsv6
Rod Soto
 
PPTX
Anomaly Detection in Time-Series Data using the Elastic Stack by Henry Pak
Data Con LA
 
PPTX
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
PDF
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
PPTX
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
 
PDF
AI & Machine Learning - Etienne Greeff - SecureData
Harry Gunns
 
PPTX
Pushing Machine Learning Down the Security Stack to Make It More Effective fo...
Jonathan Sander
 
PDF
SACON16 - SOC Architecture
Shomiron Das Gupta
 
PDF
Network security monitoring elastic webinar - 16 june 2021
Mouaz Alnouri
 
PDF
Automated Time Series Analysis using Deep Learning, Ray and Analytics Zoo
Jason Dai
 
PDF
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Alex Pinto
 
PDF
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat Security Conference
 
PPTX
Machine Learning and Social Good
Splunk
 
SACON17 - Detecting Threats with Analytics and Machine Learning
Shomiron Das Gupta
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
Navy security contest-bigdataforsecurity
stelligence
 
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
20190123 LSEC CTI - Machine Learning in Infosec
Dominique Dessy
 
BsidesLVPresso2016_JZeditsv6
Rod Soto
 
Anomaly Detection in Time-Series Data using the Elastic Stack by Henry Pak
Data Con LA
 
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 
Autonomous Security: Using Big Data, Machine Learning and AI to Fix Today's S...
Avinash Ramineni
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Rod Soto
 
AI & Machine Learning - Etienne Greeff - SecureData
Harry Gunns
 
Pushing Machine Learning Down the Security Stack to Make It More Effective fo...
Jonathan Sander
 
SACON16 - SOC Architecture
Shomiron Das Gupta
 
Network security monitoring elastic webinar - 16 june 2021
Mouaz Alnouri
 
Automated Time Series Analysis using Deep Learning, Ray and Analytics Zoo
Jason Dai
 
Applying Machine Learning to Network Security Monitoring - BayThreat 2013
Alex Pinto
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
BlueHat Security Conference
 
Machine Learning and Social Good
Splunk
 
Ad

More from Priyanka Aash (20)

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
Priyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Teaching material agriculture food technology
LiaRayya
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Approach and Philosophy of On baking technology
30anthuong17
 

Threat Detection using Analytics & Machine Learning

  • 1. Detecting Threats with Analytics and Machine Learning (ML) Shomiron DAS GUPTA (GCIA) Founder, CEO NETMONASTERY Inc. #SACON
  • 2. Agenda ■ Dissecting detection systems ■ Why do we need “analytics” ■ Learning systems ■ Anomaly / Heuristics / Dictionaries ■ Machine Learning Use Cases ■ Why ML works / fails #SACON
  • 3. Dissecting Detection Systems ■ Signature based ■ Anomaly engines ■ Analytics workbench ■ Learning systems #SACON
  • 4. Why do we need “Analytics”
  • 5. The Real Need for Analytics ■ Cyber security refresh rate ■ Custom payloads from attackers ■ Servers not the target ■ Speed with volume #SACON
  • 6. Learning Systems ■ Heuristic learning ■ Anomaly engines ■ Spot / Baseline / Profilers ■ Time series analytics ■ Classifiers ■ Unassisted learning #SACON
  • 7. Heuristics ■ Virus detection, OS Rootkits v1 v2 v3 v4 Day 14Day 6Day 1 Day 42 #SACON
  • 8. Anomaly ■ DDoS Detection, Protocol Obfuscation, Malformed Data Streams, Application Breach Fixed Anomaly Model Structure Could be traffic behavior, protocol behavior, application behavior. Realtime Data #SACON
  • 9. Spot / Baseline / Profilers ■ Unordered Action - new rule, new device, long dead user, database user event #SACON LEARN PHASE EVAL PHASE Build Model Transcode model with feature aggregation performed on realtime data flows Data Data Evaluation Identification of outliers based on pre approved model
  • 10. Time Series Analytics ■ DDoS, Flow Outliers, protocol breach, zombies #SACON THRESHOLDING DYNAMIC THRESHOLDING Fixed limits are set to detect breach in activity Moving window analysis of time series data
  • 11. Classifiers ■ SPAM, Botnets, Authentication Anomalies #SACON Clustering Process - Suitable feature selection (PCA) - Training set (static / dynamic) - Cleaning training data - Regression to find mean - Operations - Feedback and Re-tuning
  • 12. Unassisted Learning ■ SPAM, DNS Detection, L2 Attacks #SACON Alert Feedback AnalystSelf Adjusting Loop Data Profiler Model
  • 13. When is ML working ■ Credible / Clean training data ■ Positive and timely feedback ■ Picking the right features ■ Consistent feature variation ■ Consistent data pattern #SACON
  • 14. Where does ML work ■ DNS based detection ■ DDoS / Traffic anomaly ■ SPAM Mail filters ■ Authentication ■ Application modelling ■ Threat Intelligence #SACON
  • 15. ML is failing ■ Variance challenge ■ The “stale dataset” problem ■ Mass labelling ■ Complex selection challenges #SACON
  • 16. ■ Programming in R / Python ■ Data platforms - Splunk, DNIF ■ Infrastructures - Generic Hadoop, Hortonworks https://dnif.it Get started with 100Gb free every month forever Getting Started with ML #SACON
  • 17. Shomiron DAS GUPTA shomiron@netmonastery.com +91 9820336050 Thank You! #SACON