Advances in Machine Learning
at Microsoft Threat Protection
5/29/2019
Christian Seifert, Principal Researcher
Security Research Superheroes
Security Research
Experts
Machine Learning
Systems
+
Security Research
Superheroes
S
=
PRE-BREACH
POST-BREACH
Moderate
Alert on all
possible
breaches
Same as pre-
breach +
cross-service +
bad actor
behaviors
www, files, “fileless”
Block at
first sight
Low
Intelligent Security Graph
File feeds
URL, domain, and IP feeds
Files
2.1M
105B
Files, processes, IPs,
URLs, behaviors
Office 365 ATP
File detonation
Azure ATP
Windows Store
Bing
Bing
80K
URL/IPs
35K
10B
Files, processes,
behaviors, IPs, URLs
File
labels
5M
URL
labels
770K
File
Detonations
1.5M
Process Labels
2.9B
Fast learners
Deep learning
Anomaly detection
Embeddings
Active learning
Homomorphic
encryption
AI diversity