Data mining and machine learning in cybersecurity

所需积分/C币:9 2017-05-25 11:45:26 1.11MB PDF
收藏 收藏
举报

机器学习在信息安全领域的应用
Security data explosion Useful data Windows Event Web server logs Network logs logs, Linux syslog Data center Fabric security token Cloud service logs service RSAConference2016 RSAConference2016 Challenges with Standard Security Detection Systems Weak independent alert streams My Escalation Backlog×+ https://escalation-report-uri.cloudapp.net/escalation-backloglfsampledata*= This escalation backlog includes tickets generated more than 8 hours ago. please prioritize and triage the backlog to confirm the activity Created Severity Task Assigned To Category ::::: 2/27/2016 Sever data health 3/1/2016 Event count outliers 3/1/2016 Failed logins 3/1/2016 Failed Logins 3/2/2016 Event Count outliers 3/2/2016 Firewall Change 5 RSAConference2016 Burden of triage 2596 △ Active alerts 3865 8402 to triage 1941 DuESCALATION BACKLOG(Active escalations older then 24 hours) The escalation bandog indudes tickets that were generated more then 4 hours ago. Your wordpad should never have security escalations that go unresolved for more then 48 hours Create Date Seventy Bug ID Assigned To Category 4220131205:15FM SeNer Data Health Issues 44201370412A Event Count Outliers 45201370504A Event Count outliers 46201370442A Event count outliers 49201350633AM Sener Data Health Issues 4102013111754 Failed Logins-Intemal Accounts 410201310.1452A Failed Logins Intemal Accounts 410201354042FM Failed Logins Intemal Accounts 6 RSAConference2016 Interpretability of alerts 日 2015-11-17-by l-disa-Method-Triage-triage xls [Compatibil Automated Account Security Alerts Home Insert Page Layout Formulas Data Review Vi Load Test Te Bac % Anomaly are found or 11/17/2015 2 Account by1-disa c4b8179-4a6b-413b-a6114269896da5e4 5 CreateOsVersion 6 GetMaxUpdate Domain 20 Account name Report 10 GetTenantcertificate 11 GetTenantgenerations link 22 13 GetTransportPublicKeyCertificate RSAConference2016 Lack of feedback loop 8 RSAConference2016 How Machine Learning can help Reduce triage of burden by COMBINING INDEPENDENT ALERT STREAMS PRIORITIZING ALERTS and providing informed scoring Account name Overall Triage Status Each alert combines multiple points Triage-P1 a Is the sequence of apl calls unusual Triage-P1 for this account? Triage-P1 Not-For-Ticketing Is the ip address unusual? Not-For-Ticketing Does the time of access look normal? Not-For-Ticketing Not-For-Ticketing For our DevOps anomaly detection, we Not-For-Ticketing Not-For-Ticketing combine over 8 different weaker streams RSAConference2016 How Machine Learning can help Incorporating analyst/user feedback PROVIDING INTERPRETABLE RESULTS TO IMPROVE THE SYSTEM SIGNAL From:排j When we get an alert we re informed Sent exactly why the ml system feels it is Subject: [ACTION REQUIRED] Please confirm your anomalous. not a black box recent account activit We detected the following activity Unusual Logins Unusual Failed Unusual Unusual Overall UserAgent Eval Location Login Activit Score and输剩frm测 1 0 37 324 197106 Was this you? 0 0 0 64 134460 0 521308 Yes, this was me No, somethings 3 0 0 33648 not right 0 0 0 3048 129 94 10 RSAConference2016

...展开详情
试读 37P Data mining and machine learning in cybersecurity
立即下载 低至0.43元/次 身份认证VIP会员低至7折
    抢沙发
    一个资源只可评论一次,评论内容不能少于5个字
    img
    rubblsh

    关注 私信 TA的资源

    上传资源赚积分,得勋章
    最新推荐
    Data mining and machine learning in cybersecurity 9积分/C币 立即下载
    1/37
    Data mining and machine learning in cybersecurity第1页
    Data mining and machine learning in cybersecurity第2页
    Data mining and machine learning in cybersecurity第3页
    Data mining and machine learning in cybersecurity第4页
    Data mining and machine learning in cybersecurity第5页
    Data mining and machine learning in cybersecurity第6页
    Data mining and machine learning in cybersecurity第7页
    Data mining and machine learning in cybersecurity第8页
    Data mining and machine learning in cybersecurity第9页
    Data mining and machine learning in cybersecurity第10页
    Data mining and machine learning in cybersecurity第11页
    Data mining and machine learning in cybersecurity第12页

    试读已结束,剩余25页未读...

    9积分/C币 立即下载 >