Northeast Ohio ISSA March 2018

 Registration Closed
Chapter Meetings
2018-03-08 11:30 AM - 01:00 PM
Creekside Restaurant & Bar (Map Below) - 8803 Brecksville Rd, Brecksville, OH 44141, USA

Behavioral Intrusion Detection at Scale:  Case Studies in Machine Learning

Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure.  Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security.  From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely.  At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface.  This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.                                

In our presentation we outline a solution to this problem called the “The Lambda Defense”.  The Lambda Defense is a tool for modeling any problem in which one is trying to automate the detection of attacks, over a complex threat surface (particular in the context of big data).  We will highlight how we have applied this pattern to two important security use cases:  Exploit Detection and Webshell Mitigation.  The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits.  This malicious behavior can be captured as a prediction problem very easily, with the framework of the Lambda Defense.   The second use case we highlight is the detection of webshells.  This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns.   We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets, and code that are meant to be standalone examples:


Powered by iCagenda