O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

User Behavior Analytics Using Machine Learning

33 visualizações

Publicada em

In this presentation we talk about:
- Introduction to user behavior analytics.
- Classifying malicious IP using machine learning.
- User behavior analytics using machine learning.

You can watch the complete demonstration video here: https://youtu.be/HfpjLR6ZwIU?t=3550

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

User Behavior Analytics Using Machine Learning

  1. 1. USER BEHAVIOUR ANALYTICS USING MACHINE LEARNING. DNIFKONNECT DNIF.IT
  2. 2. OBJECTIVES DNIFKONNECT 1. INTRODUCTION TO MACHINE LEARNING 2. APPLICATION OF ML IN CYBERSECURITY 3. MACHINE LEARNING AT DNIF 4. USER BEHAVIOUR ANALYTICS USING MACHINE LEARNING 5. DEMO
  3. 3. INTRODUCTION TO ML DNIFKONNECT ● “Field of study that gives computers the ability to learn without being explicitly programmed.”- Arthur Samuel
  4. 4. CLASSIFICATION OF ML DNIFKONNECT UNSUPERVISED SUPERVISED
  5. 5. Supervised Learning Models(Example) DNIFKONNECT IP Address 404 Return Codes 501 Return Codes Hits per minute Unique URLs Label 192.0.0.1 5 12 12 5 GOOD 192.0.0.2 220 126 2000 115 BAD 192.0.0.3 6 11 25 2 GOOD 192.0.0.4 120 150 1200 80 ??????? PREDICT FOR UNSEEN DATA TRAIN ON LABELED DATA
  6. 6. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE : DETECTING BAD IP NO GIVEN LABEL IP Address 404 Return Codes 501 Return Codes Hits per minute Unique URLs 192.0.0.1 5 12 12 5 ??? 192.0.0.2 220 126 2000 115 ??? 192.0.0.3 6 11 25 2 ???
  7. 7. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE : DETECTING BAD IP
  8. 8. MACHINE LEARNING IN CYBERSECURITYDNIFKONNECT
  9. 9. MYTH BUSTER ALERT DNIFKONNECT ● Machine Learning is NOT a silver bullet that caters to anything and everything under the sun. ● The model is only as good as the underlying data. ● Instead of replacing humans (SOC in our case), it only helps them make better decisions in shorter time. (For ex. By reducing false positives).
  10. 10. MACHINE LEARNING AT DNIF DNIFKONNECT ● At DNIF, we aim at leveraging state of the art Machine Learning techniques to give meaningful insights to our customer’s SOC Teams. ● We mainly use unsupervised models like clustering and anomaly detection. ● Currently we serve the following use cases : ○ USER ENTITY BEHAVIOUR ANALYTICS (UEBA) ○ BAD IP DETECTION MODEL ○ DGA DETECTION
  11. 11. USER ENTITY BEHAVIOUR ANALYTICS (UEBA) DNIFKONNECT ● UEBA module at DNIF is used for generating risk scores for the users in the environment based on his behaviour. ● This risk score is generated based on how anomalous his behaviour is, from his usual (or baseline) behaviour. ● The higher the user score, the higher the probability of the user being malicious.
  12. 12. STAGES OF UEBA DNIFKONNECT
  13. 13. WHAT IS SUBSYSTEM? DNIFKONNECT
  14. 14. STAGES OF UEBA DNIFKONNECT
  15. 15. SCORING LOGIC DNIFKONNECT
  16. 16. SCORING LOGIC DNIFKONNECT
  17. 17. CHECK THRESHOLD ALGORITHM DNIFKONNECT
  18. 18. STAGES OF UEBA DNIFKONNECT
  19. 19. RETRAINING LOGIC DNIFKONNECT
  20. 20. DIAGNOSTICS OF UEBA DNIFKONNECT 1. SHOW BASELINE 2. SHOW HISTORY 3. COMPARE WITH BASELINE 4. SHOW RAW LOGS

×