FloCon 2020 has ended
Back To Schedule
Thursday, January 9 • 10:30am - 11:00am
ML Detection of Cyber Attack Signatures and Behaviors from Known and New Threat Actors

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Artificial Intelligence (AI) will be the main driver of the Fourth Industrial Revolution, concluded the 2019 World Economic Forum in Davos, Switzerland. The authors of this talk believe that AI and machine learning (ML) will also revolutionize enterprise risk and security management. We successfully built AI/ML pilots across many sub-domains of this important field, from cyber attack analysis and enterprise risk management to fraud and financial crimes analysis. Using cyber attack analysis as an example, we set out to improve the effectiveness of our cyber intrusion prevention system (IPS). Besides blocking and ignoring actions, a typical IPS system also sends out numerous alerts that require the attention of a cyber analyst for triaging. We built a data ingestion and wrangling pipeline, selected the optimal machine learning model based on a performance leader-board, and customized an attack recommendation engine. This allowed our cyber analysts to quickly analyze alerts and immediately focus on relevant attack signature patterns and high priority events. In our study, using data from a two-month period, we were able to improve the attack blocking rate of the IPS system by 7.2%, thereby markedly improved the effectiveness of our existing security tool. Additionally, our ML initiative also helped our cyber analysts by providing behavior analytics on adversaries, and provided enterprise-specific threat intelligence on both known and new threat actors. We hope to share with the broader cyber-ML community the methods and results of our effort, along with some attacker tactics, techniques, and procedures (TTP) discussions. More importantly, we hope to share the many lessons learned along the way. The two most important are “Quality over Quantity”, and “Data before Algo”.

avatar for Will Li

Will Li

Senior Architect, Vanguard
Will Li is a senior technical leader in risk and security space at Vanguard. His current focus is on promoting the adoption of analytics and machine learning across the many sub-domains of enterprise risk, security, and fraud management. Prior to that, Mr. Li has had a long and diverse... Read More →

Thursday January 9, 2020 10:30am - 11:00am EST
Regency Ballroom Hyatt Regency Savannah 2 W. Bay Street Savannah GA 31401