SlideShare uma empresa Scribd logo
1 de 23
Baixar para ler offline
Deep Learning In Security:
An Empirical Example in User & Entity Behavior Analytics (UEBA)
Jisheng Wang, Min-Yi Shen
2© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
 Jisheng Wang, Chief Scientist in Niara
• Over 12-year experiences of applying machine learning and big data technology to security
• Ph.D from Penn State – ML in security with 100GB data
• Technical Leader in Cisco – Security Intelligence Operations (SIO) with 10B/day
• Lead the overall big data analytics innovation and development in Niara
 Niara
• Recognized leader by Gartner in user and entity behavior analytics (UEBA)
• Re-invent enterprise security analytics for attack detection and incident response
ME, US
3© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
USER & ENTITY BEHAVIOR ANALYTICS
UEBA SECURITY
why this matters
UEBA SOLUTION
how to detect attacks before damage is done
BEYOND DEEP LEARNING
how to build a comprehensive solution
YOU
ARE
HERE
4© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
PROBLEM THE SECURITY GAP
PREVENTION & DETECTION (US $B)
SECURITY SPEND
# BREACHES
DATA BREACHES
5© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
PROBLEM CAUSE OF THE GAP
ATTACKERS
ARE QUICKLY INNOVATING &
ADAPTING
BATTLEFIELD
WITH IOT AND CLOUD, SECURITY
IS BORDERLESS
6© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
PROBLEM ADDRESSING THE CAUSE
ATTACKERS
ARE QUICKLY INNOVATING &
ADAPTING
DEEP LEARNING
SOLUTIONS MUST BE
RESPONSIVE TO CHANGES
7© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
PROBLEM ADDRESSING THE CAUSE
BATTLEFIELD
WITH IOT AND CLOUD, SECURITY
IS BORDERLESS
INSIDER BEHAVIOR
LOOK AT BEHAVIOR CHANGE OF
INSIDE USERS AND MACHINES
8© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
USER & ENTITY BEHAVIOR ANALYTICS (UEBA)
MACHINE LEARNING DRIVEN
BEHAVIOR ANALYTICS IS
A NEW WAY TO COMBAT ATTACKERS
1
2
3
Machine driven, not only human driven
Detect compromised users, not only attackers
Post-infection detection, not only prevention
9© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
REAL WORLD NEWS WORTHY EXAMPLES
COMPROMISED
40 million credit cards were stolen
from Target’s severs
STOLEN CREDENTIALS
NEGLIGENT
DDoS attack from 10M+ hacked home
devices took down major websites
ALL USED THE SAME PASSWORD
MALICIOUS
Edward Snowden stole more than 1.7 million
classified documents
INTENDED TO LEAK INFORMATION
10© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
USER & ENTITY BEHAVIOR ANALYTICS
UEBA SECURITY
why this matters
UEBA SOLUTION
how to detect attacks before damage is done
BEYOND DEEP LEARNING
how to build a comprehensive solution
YOU
ARE
HERE
11© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
REAL WORLD ATTACKS CAUGHT BY NIARA
SCANNING ATTACK
scan servers in the data center to find
out vulnerable targets
DETECTED WITH AD LOGS
EXFILTRATION OF DATA
upload a large file to cloud server hosted in
new country never accessed before
DETECTED WITH WEB PROXY LOGS
DATA DOWNLOAD
download data from internal document
repository which is not typical for the host
DETECTED WITH NETWORK TRAFFIC
12© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEHAVIOR ENCODING – USER
User 1 User 2
13© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEHAVIOR ENCODING – USER VS MACHINE
User Machine
14© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEHAVIOR ANOMALY USER | EXFILTRATION
User – Before Compromise User – Post Compromise
15© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEHAVIOR ANOMALY MACHINE | DATA DOWNLOAD
Dropcam – Before Compromise Dropcam – Post Compromise
16© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEHAVIOR DETECTION ARCHITECTURE
Stream Data
Pre-processing
Behavior
Encoding
Input
Data
User
Activities
Labeled
User
Behavior
Repository
Apache Spark
Behavior Anomaly
Detection
CNN Training
Behavior
Classifier
Tensorflow
17© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
CNN – COMPUTATION GRAPH
Behavior
Image
(24x60x9
)
8x20
Convolution
User
Labels
Feature
Maps
(24x60x40)
Feature
Maps
(12x30x40)
Feature
Maps
(12x30x80)
Feature
Maps
(6x15x80)
Output
Layer
1024
Nodes
2x2
Pooling
4x10
Convolution
2x2
Pooling
Fully
Connected
Fully
Connected
with Dropout
Feature Extraction Classification
18© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
CNN – PROGRESSION OF TRAINING ERROR
TrainingError
# of minibatches (100 profiles/batch)
19© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
USER & ENTITY BEHAVIOR ANALYTICS
UEBA SECURITY
what is UEBA
UEBA SOLUTION
infrastructure needed to deep learning
BEYOND DEEP LEARNING
how to build a comprehensive solution
YOU
ARE
HERE
20© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEYOND DEEP LEARNING ENSEMBLE LEARNING
Behavioral
Analytics
Internal Resource Access
Finance servers
Authentication
AD logins
Remote Access
VPN logins
External Activity
C&C, personal email
SaaS Activity
Office 365, Box
Cloud IaaS
AWS, Azure
Physical Access
badge logs
Exfiltration
DLP, Email
Ensemble
approach using a
mix of different
models over
various types of
behaviors from the
same entity
21© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
BEYOND DEEP LEARNING REINFORCEMENT LEARNING
Models
Alerts
User
Feedback
Interactive Learning
Local
Context
Input
Data
Self Learning
Initial Parameters
22© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential
USER & ENTITY BEHAVIOR ANALYTICS
UEBA SECURITY
what is UEBA
UEBA SOLUTION
infrastructure needed to deep learning
BEYOND DEEP LEARNING
how to build a comprehensive solution
Thank You

Mais conteúdo relacionado

Mais procurados

AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty
 

Mais procurados (20)

AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
 
Sqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch WebinarSqrrl 2.0 Launch Webinar
Sqrrl 2.0 Launch Webinar
 
How To Drive Value with Security Data
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
 
Leveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your HuntsLeveraging Threat Intelligence to Guide Your Hunts
Leveraging Threat Intelligence to Guide Your Hunts
 
The Art and Science of Alert Triage
The Art and Science of Alert TriageThe Art and Science of Alert Triage
The Art and Science of Alert Triage
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Delivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Visualization in the Age of Big Data
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
 
Cloud - Security - Big Data
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Understanding the "Intelligence" in AI
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
 
April 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with SqrrlApril 2015 Webinar: Cyber Hunting with Sqrrl
April 2015 Webinar: Cyber Hunting with Sqrrl
 
Security Insights at Scale
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
 
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
Big Data Analytics to Enhance Security คุณอนพัทย์ พิพัฒน์กิติบดี Technical Ma...
 
Machine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting StartedMachine Learning for Incident Detection: Getting Started
Machine Learning for Incident Detection: Getting Started
 
Sqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric SecuritySqrrl May Webinar: Data-Centric Security
Sqrrl May Webinar: Data-Centric Security
 
Threat Hunting for Command and Control Activity
Threat Hunting for Command and Control ActivityThreat Hunting for Command and Control Activity
Threat Hunting for Command and Control Activity
 
Transitioning Government Technology
Transitioning Government TechnologyTransitioning Government Technology
Transitioning Government Technology
 

Destaque

Destaque (20)

Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)
Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)
Li Deng at AI Frontiers: Three Generations of Spoken Dialogue Systems (Bots)
 
Adam Coates at AI Frontiers: AI for 100 Million People with Deep Learning
Adam Coates at AI Frontiers: AI for 100 Million People with Deep LearningAdam Coates at AI Frontiers: AI for 100 Million People with Deep Learning
Adam Coates at AI Frontiers: AI for 100 Million People with Deep Learning
 
Naghi Prasad at AI Frontiers: Building AI systems to automate enterprise proc...
Naghi Prasad at AI Frontiers: Building AI systems to automate enterprise proc...Naghi Prasad at AI Frontiers: Building AI systems to automate enterprise proc...
Naghi Prasad at AI Frontiers: Building AI systems to automate enterprise proc...
 
Soumith Chintala at AI Frontiers: A Dynamic View of the Deep Learning World
Soumith Chintala at AI Frontiers: A Dynamic View of the Deep Learning WorldSoumith Chintala at AI Frontiers: A Dynamic View of the Deep Learning World
Soumith Chintala at AI Frontiers: A Dynamic View of the Deep Learning World
 
Rajat Monga at AI Frontiers: Deep Learning with TensorFlow
Rajat Monga at AI Frontiers: Deep Learning with TensorFlowRajat Monga at AI Frontiers: Deep Learning with TensorFlow
Rajat Monga at AI Frontiers: Deep Learning with TensorFlow
 
Saket Saurabh at AI Frontiers: Data Operations or: How I Learned to Stop Data...
Saket Saurabh at AI Frontiers: Data Operations or: How I Learned to Stop Data...Saket Saurabh at AI Frontiers: Data Operations or: How I Learned to Stop Data...
Saket Saurabh at AI Frontiers: Data Operations or: How I Learned to Stop Data...
 
James Manyika at AI Frontiers: A Future That Works: Automation, Employment, a...
James Manyika at AI Frontiers: A Future That Works: Automation, Employment, a...James Manyika at AI Frontiers: A Future That Works: Automation, Employment, a...
James Manyika at AI Frontiers: A Future That Works: Automation, Employment, a...
 
Junli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving RevolutionJunli Gu at AI Frontiers: Autonomous Driving Revolution
Junli Gu at AI Frontiers: Autonomous Driving Revolution
 
Kevin Shaw at AI Frontiers: AI on the Edge: Bringing Intelligence to Small De...
Kevin Shaw at AI Frontiers: AI on the Edge: Bringing Intelligence to Small De...Kevin Shaw at AI Frontiers: AI on the Edge: Bringing Intelligence to Small De...
Kevin Shaw at AI Frontiers: AI on the Edge: Bringing Intelligence to Small De...
 
Charles Fan at AI Frontiers: The New Era of AI Plus
Charles Fan at AI Frontiers: The New Era of AI PlusCharles Fan at AI Frontiers: The New Era of AI Plus
Charles Fan at AI Frontiers: The New Era of AI Plus
 
Scaling Deep Learning with MXNet
Scaling Deep Learning with MXNetScaling Deep Learning with MXNet
Scaling Deep Learning with MXNet
 
Intelligent Chatbot on WeChat
Intelligent Chatbot on WeChatIntelligent Chatbot on WeChat
Intelligent Chatbot on WeChat
 
Andres Rodriguez at AI Frontiers: Catalyzing Deep Learning's Impact in the En...
Andres Rodriguez at AI Frontiers: Catalyzing Deep Learning's Impact in the En...Andres Rodriguez at AI Frontiers: Catalyzing Deep Learning's Impact in the En...
Andres Rodriguez at AI Frontiers: Catalyzing Deep Learning's Impact in the En...
 
Liu Ren at AI Frontiers: Sensor-aware Augmented Reality
Liu Ren at AI Frontiers: Sensor-aware Augmented RealityLiu Ren at AI Frontiers: Sensor-aware Augmented Reality
Liu Ren at AI Frontiers: Sensor-aware Augmented Reality
 
Nikko Ström at AI Frontiers: Deep Learning in Alexa
Nikko Ström at AI Frontiers: Deep Learning in AlexaNikko Ström at AI Frontiers: Deep Learning in Alexa
Nikko Ström at AI Frontiers: Deep Learning in Alexa
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
 
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning ResearchJeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
Jeff Dean at AI Frontiers: Trends and Developments in Deep Learning Research
 
Yangqing Jia at AI Frontiers: Towards Better DL Frameworks
Yangqing Jia at AI Frontiers: Towards Better DL FrameworksYangqing Jia at AI Frontiers: Towards Better DL Frameworks
Yangqing Jia at AI Frontiers: Towards Better DL Frameworks
 
Hai Tao at AI Frontiers: Deep Learning For Embedded Vision System
Hai Tao at AI Frontiers: Deep Learning For Embedded Vision SystemHai Tao at AI Frontiers: Deep Learning For Embedded Vision System
Hai Tao at AI Frontiers: Deep Learning For Embedded Vision System
 
Lukasz Kaiser at AI Frontiers: How Deep Learning Quietly Revolutionized NLP
Lukasz Kaiser at AI Frontiers: How Deep Learning Quietly Revolutionized NLPLukasz Kaiser at AI Frontiers: How Deep Learning Quietly Revolutionized NLP
Lukasz Kaiser at AI Frontiers: How Deep Learning Quietly Revolutionized NLP
 

Semelhante a Jisheng Wang at AI Frontiers: Deep Learning in Security

Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Keith Kraus
 

Semelhante a Jisheng Wang at AI Frontiers: Deep Learning in Security (20)

Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Seguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable DataSeguridad en Capas: Smart & Actionable Data
Seguridad en Capas: Smart & Actionable Data
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
 
Ciena - the journey to the adaptive network
Ciena - the journey to the adaptive networkCiena - the journey to the adaptive network
Ciena - the journey to the adaptive network
 
Recovering Your Customers From Ransomware Without Paying Ransom
Recovering Your Customers From Ransomware Without Paying RansomRecovering Your Customers From Ransomware Without Paying Ransom
Recovering Your Customers From Ransomware Without Paying Ransom
 
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
Streaming Cyber Security into Graph: Accelerating Data into DataStax Graph an...
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
 
Analytical Driven Security - Chip Copper
Analytical Driven Security - Chip CopperAnalytical Driven Security - Chip Copper
Analytical Driven Security - Chip Copper
 
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORMDEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
DEFENDING AGAINST THREATS TARGETING THE MAC PLATFORM
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA Splunk for Enterprise Security featuring UBA
Splunk for Enterprise Security featuring UBA
 
2016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v12016 09-19 - stephan jou - machine learning meetup v1
2016 09-19 - stephan jou - machine learning meetup v1
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
SplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral AnalyticsSplunkSummit 2015 - Splunk User Behavioral Analytics
SplunkSummit 2015 - Splunk User Behavioral Analytics
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account security
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 

Mais de AI Frontiers

Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
AI Frontiers
 

Mais de AI Frontiers (20)

Divya Jain at AI Frontiers : Video Summarization
Divya Jain at AI Frontiers : Video SummarizationDivya Jain at AI Frontiers : Video Summarization
Divya Jain at AI Frontiers : Video Summarization
 
Training at AI Frontiers 2018 - LaiOffer Data Session: How Spark Speedup AI
Training at AI Frontiers 2018 - LaiOffer Data Session: How Spark Speedup AI Training at AI Frontiers 2018 - LaiOffer Data Session: How Spark Speedup AI
Training at AI Frontiers 2018 - LaiOffer Data Session: How Spark Speedup AI
 
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 1: Heuristi...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 1: Heuristi...Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 1: Heuristi...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 1: Heuristi...
 
Training at AI Frontiers 2018 - Ni Lao: Weakly Supervised Natural Language Un...
Training at AI Frontiers 2018 - Ni Lao: Weakly Supervised Natural Language Un...Training at AI Frontiers 2018 - Ni Lao: Weakly Supervised Natural Language Un...
Training at AI Frontiers 2018 - Ni Lao: Weakly Supervised Natural Language Un...
 
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-lecture 2: Incremen...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-lecture 2: Incremen...Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-lecture 2: Incremen...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-lecture 2: Incremen...
 
Training at AI Frontiers 2018 - Udacity: Enhancing NLP with Deep Neural Networks
Training at AI Frontiers 2018 - Udacity: Enhancing NLP with Deep Neural NetworksTraining at AI Frontiers 2018 - Udacity: Enhancing NLP with Deep Neural Networks
Training at AI Frontiers 2018 - Udacity: Enhancing NLP with Deep Neural Networks
 
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 3: Any-Angl...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 3: Any-Angl...Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 3: Any-Angl...
Training at AI Frontiers 2018 - LaiOffer Self-Driving-Car-Lecture 3: Any-Angl...
 
Training at AI Frontiers 2018 - Lukasz Kaiser: Sequence to Sequence Learning ...
Training at AI Frontiers 2018 - Lukasz Kaiser: Sequence to Sequence Learning ...Training at AI Frontiers 2018 - Lukasz Kaiser: Sequence to Sequence Learning ...
Training at AI Frontiers 2018 - Lukasz Kaiser: Sequence to Sequence Learning ...
 
Percy Liang at AI Frontiers : Pushing the Limits of Machine Learning
Percy Liang at AI Frontiers : Pushing the Limits of Machine LearningPercy Liang at AI Frontiers : Pushing the Limits of Machine Learning
Percy Liang at AI Frontiers : Pushing the Limits of Machine Learning
 
Ilya Sutskever at AI Frontiers : Progress towards the OpenAI mission
Ilya Sutskever at AI Frontiers : Progress towards the OpenAI missionIlya Sutskever at AI Frontiers : Progress towards the OpenAI mission
Ilya Sutskever at AI Frontiers : Progress towards the OpenAI mission
 
Mark Moore at AI Frontiers : Uber Elevate
Mark Moore at AI Frontiers : Uber ElevateMark Moore at AI Frontiers : Uber Elevate
Mark Moore at AI Frontiers : Uber Elevate
 
Mario Munich at AI Frontiers : Consumer robotics: embedding affordable AI in ...
Mario Munich at AI Frontiers : Consumer robotics: embedding affordable AI in ...Mario Munich at AI Frontiers : Consumer robotics: embedding affordable AI in ...
Mario Munich at AI Frontiers : Consumer robotics: embedding affordable AI in ...
 
Arnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the SkyArnaud Thiercelin at AI Frontiers : AI in the Sky
Arnaud Thiercelin at AI Frontiers : AI in the Sky
 
Anima Anandkumar at AI Frontiers : Modern ML : Deep, distributed, Multi-dimen...
Anima Anandkumar at AI Frontiers : Modern ML : Deep, distributed, Multi-dimen...Anima Anandkumar at AI Frontiers : Modern ML : Deep, distributed, Multi-dimen...
Anima Anandkumar at AI Frontiers : Modern ML : Deep, distributed, Multi-dimen...
 
Wei Xu at AI Frontiers : Language Learning in an Interactive and Embodied Set...
Wei Xu at AI Frontiers : Language Learning in an Interactive and Embodied Set...Wei Xu at AI Frontiers : Language Learning in an Interactive and Embodied Set...
Wei Xu at AI Frontiers : Language Learning in an Interactive and Embodied Set...
 
Sumit Gupta at AI Frontiers : AI for Enterprise
Sumit Gupta at AI Frontiers : AI for EnterpriseSumit Gupta at AI Frontiers : AI for Enterprise
Sumit Gupta at AI Frontiers : AI for Enterprise
 
Yuandong Tian at AI Frontiers : Planning in Reinforcement Learning
Yuandong Tian at AI Frontiers : Planning in Reinforcement LearningYuandong Tian at AI Frontiers : Planning in Reinforcement Learning
Yuandong Tian at AI Frontiers : Planning in Reinforcement Learning
 
Alex Ermolaev at AI Frontiers : Major Applications of AI in Healthcare
Alex Ermolaev at AI Frontiers : Major Applications of AI in HealthcareAlex Ermolaev at AI Frontiers : Major Applications of AI in Healthcare
Alex Ermolaev at AI Frontiers : Major Applications of AI in Healthcare
 
Long Lin at AI Frontiers : AI in Gaming
Long Lin at AI Frontiers : AI in GamingLong Lin at AI Frontiers : AI in Gaming
Long Lin at AI Frontiers : AI in Gaming
 
Melissa Goldman at AI Frontiers : AI & Finance
Melissa Goldman at AI Frontiers : AI & FinanceMelissa Goldman at AI Frontiers : AI & Finance
Melissa Goldman at AI Frontiers : AI & Finance
 

Último

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 

Jisheng Wang at AI Frontiers: Deep Learning in Security

  • 1. Deep Learning In Security: An Empirical Example in User & Entity Behavior Analytics (UEBA) Jisheng Wang, Min-Yi Shen
  • 2. 2© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential  Jisheng Wang, Chief Scientist in Niara • Over 12-year experiences of applying machine learning and big data technology to security • Ph.D from Penn State – ML in security with 100GB data • Technical Leader in Cisco – Security Intelligence Operations (SIO) with 10B/day • Lead the overall big data analytics innovation and development in Niara  Niara • Recognized leader by Gartner in user and entity behavior analytics (UEBA) • Re-invent enterprise security analytics for attack detection and incident response ME, US
  • 3. 3© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential USER & ENTITY BEHAVIOR ANALYTICS UEBA SECURITY why this matters UEBA SOLUTION how to detect attacks before damage is done BEYOND DEEP LEARNING how to build a comprehensive solution YOU ARE HERE
  • 4. 4© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential PROBLEM THE SECURITY GAP PREVENTION & DETECTION (US $B) SECURITY SPEND # BREACHES DATA BREACHES
  • 5. 5© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential PROBLEM CAUSE OF THE GAP ATTACKERS ARE QUICKLY INNOVATING & ADAPTING BATTLEFIELD WITH IOT AND CLOUD, SECURITY IS BORDERLESS
  • 6. 6© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential PROBLEM ADDRESSING THE CAUSE ATTACKERS ARE QUICKLY INNOVATING & ADAPTING DEEP LEARNING SOLUTIONS MUST BE RESPONSIVE TO CHANGES
  • 7. 7© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential PROBLEM ADDRESSING THE CAUSE BATTLEFIELD WITH IOT AND CLOUD, SECURITY IS BORDERLESS INSIDER BEHAVIOR LOOK AT BEHAVIOR CHANGE OF INSIDE USERS AND MACHINES
  • 8. 8© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential USER & ENTITY BEHAVIOR ANALYTICS (UEBA) MACHINE LEARNING DRIVEN BEHAVIOR ANALYTICS IS A NEW WAY TO COMBAT ATTACKERS 1 2 3 Machine driven, not only human driven Detect compromised users, not only attackers Post-infection detection, not only prevention
  • 9. 9© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential REAL WORLD NEWS WORTHY EXAMPLES COMPROMISED 40 million credit cards were stolen from Target’s severs STOLEN CREDENTIALS NEGLIGENT DDoS attack from 10M+ hacked home devices took down major websites ALL USED THE SAME PASSWORD MALICIOUS Edward Snowden stole more than 1.7 million classified documents INTENDED TO LEAK INFORMATION
  • 10. 10© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential USER & ENTITY BEHAVIOR ANALYTICS UEBA SECURITY why this matters UEBA SOLUTION how to detect attacks before damage is done BEYOND DEEP LEARNING how to build a comprehensive solution YOU ARE HERE
  • 11. 11© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential REAL WORLD ATTACKS CAUGHT BY NIARA SCANNING ATTACK scan servers in the data center to find out vulnerable targets DETECTED WITH AD LOGS EXFILTRATION OF DATA upload a large file to cloud server hosted in new country never accessed before DETECTED WITH WEB PROXY LOGS DATA DOWNLOAD download data from internal document repository which is not typical for the host DETECTED WITH NETWORK TRAFFIC
  • 12. 12© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEHAVIOR ENCODING – USER User 1 User 2
  • 13. 13© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEHAVIOR ENCODING – USER VS MACHINE User Machine
  • 14. 14© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEHAVIOR ANOMALY USER | EXFILTRATION User – Before Compromise User – Post Compromise
  • 15. 15© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEHAVIOR ANOMALY MACHINE | DATA DOWNLOAD Dropcam – Before Compromise Dropcam – Post Compromise
  • 16. 16© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEHAVIOR DETECTION ARCHITECTURE Stream Data Pre-processing Behavior Encoding Input Data User Activities Labeled User Behavior Repository Apache Spark Behavior Anomaly Detection CNN Training Behavior Classifier Tensorflow
  • 17. 17© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential CNN – COMPUTATION GRAPH Behavior Image (24x60x9 ) 8x20 Convolution User Labels Feature Maps (24x60x40) Feature Maps (12x30x40) Feature Maps (12x30x80) Feature Maps (6x15x80) Output Layer 1024 Nodes 2x2 Pooling 4x10 Convolution 2x2 Pooling Fully Connected Fully Connected with Dropout Feature Extraction Classification
  • 18. 18© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential CNN – PROGRESSION OF TRAINING ERROR TrainingError # of minibatches (100 profiles/batch)
  • 19. 19© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential USER & ENTITY BEHAVIOR ANALYTICS UEBA SECURITY what is UEBA UEBA SOLUTION infrastructure needed to deep learning BEYOND DEEP LEARNING how to build a comprehensive solution YOU ARE HERE
  • 20. 20© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEYOND DEEP LEARNING ENSEMBLE LEARNING Behavioral Analytics Internal Resource Access Finance servers Authentication AD logins Remote Access VPN logins External Activity C&C, personal email SaaS Activity Office 365, Box Cloud IaaS AWS, Azure Physical Access badge logs Exfiltration DLP, Email Ensemble approach using a mix of different models over various types of behaviors from the same entity
  • 21. 21© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential BEYOND DEEP LEARNING REINFORCEMENT LEARNING Models Alerts User Feedback Interactive Learning Local Context Input Data Self Learning Initial Parameters
  • 22. 22© 2016 Niara Inc. All Rights reserved. Proprietary and Confidential USER & ENTITY BEHAVIOR ANALYTICS UEBA SECURITY what is UEBA UEBA SOLUTION infrastructure needed to deep learning BEYOND DEEP LEARNING how to build a comprehensive solution