Behavioral Intrusion Detection at Scale: Case Studies in Machine Learning
Speaker
Joseph Zadeh
JASK
Host
CSAIL Security Seminar
Behavioral Intrusion Detection at Scale: Case Studies in Machine Learning
Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure. Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security. From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely. At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface. This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.
In our presentation we outline a solution to this problem called the “The Lambda Defense”. The Lambda Defense is a tool for modeling any problem in which one is trying to automate the detection of attacks, over a complex threat surface (particular in the context of big data). We will highlight how we have applied this pattern to two important security use cases: Exploit Detection and Webshell Mitigation. The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits. This malicious behavior can be captured as a prediction problem very easily, with the framework of the Lambda Defense. The second use case we highlight is the detection of webshells. This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns. We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets, and code that are meant to be standalone examples: https://github.com/jzadeh
Joseph Zadeh is the Director of Data Science at JASK. Zadeh has an M.S. in Mathematics, Computational Finance and a PhD in Mathematics from Purdue University. Zadeh comes to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as Senior Data Scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his research background to artificial intelligence and cybersecurity, delivering presentations, such as Multi-Contextual Threat Detection via Machine Learning at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Zadeh was part of the data science consulting team on Cyber Security analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first Cyber Security R&D team.
Intrusion detection at scale is one of the most challenging problems a modern enterprise will face while maintaining a global IT infrastructure. Building defensive systems that help automate some of the pain points, in this space, has been a goal since the early days of enterprise security. From an artificial intelligence standpoint, the problem of designing a model to predict adversarial behavior is part of a class of problems that is impossible to automate completely. At the core of the problem lies an underlying no-go principle: threat actors change tactics to evolve with the technological threat surface. This means that to build pattern recognition systems, for cyber defense, we have to design a solution that is capable of learning behaviors of the attackers and to programmatically evolve that learning over time.
In our presentation we outline a solution to this problem called the “The Lambda Defense”. The Lambda Defense is a tool for modeling any problem in which one is trying to automate the detection of attacks, over a complex threat surface (particular in the context of big data). We will highlight how we have applied this pattern to two important security use cases: Exploit Detection and Webshell Mitigation. The first use case is important for current trends because we have seen the delivery of both ransomware and banking Trojans, targeting fortune 500 customers using exploit kits. This malicious behavior can be captured as a prediction problem very easily, with the framework of the Lambda Defense. The second use case we highlight is the detection of webshells. This is important for the finding more stealthily and advanced actors that engage in long term attack campaigns. We will describe the way we have approached the mitigation of these two types of attacks, along with sharing some related open source data sets, and code that are meant to be standalone examples: https://github.com/jzadeh
Joseph Zadeh is the Director of Data Science at JASK. Zadeh has an M.S. in Mathematics, Computational Finance and a PhD in Mathematics from Purdue University. Zadeh comes to JASK as one of the foremost experts on AI and security operations. Prior to JASK, he served as Senior Data Scientist at Splunk through the aquisition of Caspida, where he developed behavior-based analytics for intrusion detection. He applied his research background to artificial intelligence and cybersecurity, delivering presentations, such as Multi-Contextual Threat Detection via Machine Learning at Bsides Las Vegas, Defcon, Blackhat and RSA. Previously, Zadeh was part of the data science consulting team on Cyber Security analytics at Greenplum/Pivotal, as well as part of Kaiser Permanente’s first Cyber Security R&D team.