User Behavior Analytics Using Machine Learning

Information about User Behavior Analytics Using Machine Learning

Published on May 17, 2019

Author: DNIFHQ

Source: slideshare.net

Content

1. USER BEHAVIOUR ANALYTICS USING MACHINE LEARNING. DNIFKONNECT DNIF.IT

2. OBJECTIVES DNIFKONNECT 1. INTRODUCTION TO MACHINE LEARNING 2. APPLICATION OF ML IN CYBERSECURITY 3. MACHINE LEARNING AT DNIF 4. USER BEHAVIOUR ANALYTICS USING MACHINE LEARNING 5. DEMO

3. INTRODUCTION TO ML DNIFKONNECT ● “Field of study that gives computers the ability to learn without being explicitly programmed.”- Arthur Samuel

4. CLASSIFICATION OF ML DNIFKONNECT UNSUPERVISED SUPERVISED

5. Supervised Learning Models(Example) DNIFKONNECT IP Address 404 Return Codes 501 Return Codes Hits per minute Unique URLs Label 192.0.0.1 5 12 12 5 GOOD 192.0.0.2 220 126 2000 115 BAD 192.0.0.3 6 11 25 2 GOOD 192.0.0.4 120 150 1200 80 ??????? PREDICT FOR UNSEEN DATA TRAIN ON LABELED DATA

6. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE : DETECTING BAD IP NO GIVEN LABEL IP Address 404 Return Codes 501 Return Codes Hits per minute Unique URLs 192.0.0.1 5 12 12 5 ??? 192.0.0.2 220 126 2000 115 ??? 192.0.0.3 6 11 25 2 ???

7. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE : DETECTING BAD IP

8. MACHINE LEARNING IN CYBERSECURITYDNIFKONNECT

9. MYTH BUSTER ALERT DNIFKONNECT ● Machine Learning is NOT a silver bullet that caters to anything and everything under the sun. ● The model is only as good as the underlying data. ● Instead of replacing humans (SOC in our case), it only helps them make better decisions in shorter time. (For ex. By reducing false positives).

10. MACHINE LEARNING AT DNIF DNIFKONNECT ● At DNIF, we aim at leveraging state of the art Machine Learning techniques to give meaningful insights to our customer’s SOC Teams. ● We mainly use unsupervised models like clustering and anomaly detection. ● Currently we serve the following use cases : ○ USER ENTITY BEHAVIOUR ANALYTICS (UEBA) ○ BAD IP DETECTION MODEL ○ DGA DETECTION

11. USER ENTITY BEHAVIOUR ANALYTICS (UEBA) DNIFKONNECT ● UEBA module at DNIF is used for generating risk scores for the users in the environment based on his behaviour. ● This risk score is generated based on how anomalous his behaviour is, from his usual (or baseline) behaviour. ● The higher the user score, the higher the probability of the user being malicious.

12. STAGES OF UEBA DNIFKONNECT

13. WHAT IS SUBSYSTEM? DNIFKONNECT

14. STAGES OF UEBA DNIFKONNECT

15. SCORING LOGIC DNIFKONNECT

16. SCORING LOGIC DNIFKONNECT

17. CHECK THRESHOLD ALGORITHM DNIFKONNECT

18. STAGES OF UEBA DNIFKONNECT

19. RETRAINING LOGIC DNIFKONNECT

20. DIAGNOSTICS OF UEBA DNIFKONNECT 1. SHOW BASELINE 2. SHOW HISTORY 3. COMPARE WITH BASELINE 4. SHOW RAW LOGS

Related presentations


Other presentations created by DNIFHQ

Container Security Essentials
21. 08. 2019
0 views

Container Security Essentials