improved hunt seeding with specific anomaly scoring
play

Improved Hunt Seeding with Specific Anomaly Scoring Brenden Bishop - PowerPoint PPT Presentation

Apr 29, 2023 •166 likes •813 views

Introduction Finding Anomalies Example Conclusion References Improved Hunt Seeding with Specific Anomaly Scoring Brenden Bishop January 8, 2019 1/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring Introduction Finding

  1. Introduction Finding Anomalies Example Conclusion References Improved Hunt Seeding with Specific Anomaly Scoring Brenden Bishop January 8, 2019 1/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  2. Introduction Finding Anomalies Example Conclusion References 1 Introduction First things first Framing the problem 2 Finding Anomalies Density estimation Scoring 3 Example 4 Conclusion 2/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  3. Introduction Finding Anomalies Example Conclusion References First things first New presentation who dis? 3/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  4. Introduction Finding Anomalies Example Conclusion References First things first New presentation who dis? My formal training was in quantitative psychology and statistics at The Ohio State University, graduated 2017 3/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  5. Introduction Finding Anomalies Example Conclusion References First things first New presentation who dis? My formal training was in quantitative psychology and statistics at The Ohio State University, graduated 2017 Started at Columbus Collaboratory, working on a variety of projects, quite a bit of prototyping 3/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  6. Introduction Finding Anomalies Example Conclusion References First things first New presentation who dis? My formal training was in quantitative psychology and statistics at The Ohio State University, graduated 2017 Started at Columbus Collaboratory, working on a variety of projects, quite a bit of prototyping Love cyber projects because, by and large, one can actually measure all the stuff required to answer the question 3/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  7. Introduction Finding Anomalies Example Conclusion References First things first Hunting 4/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  8. Introduction Finding Anomalies Example Conclusion References First things first Hunting Hunting has become an integral component of mature cyber security operations 4/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  9. Introduction Finding Anomalies Example Conclusion References First things first Hunting Hunting has become an integral component of mature cyber security operations Network defenders spend a portion of their time hunting for vulnerabilities, misconfigurations, or previously unnoticed security events 4/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  10. Introduction Finding Anomalies Example Conclusion References First things first Hunting Hunting has become an integral component of mature cyber security operations Network defenders spend a portion of their time hunting for vulnerabilities, misconfigurations, or previously unnoticed security events The practice has evolved beyond grepping randomly through logs 4/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  11. Introduction Finding Anomalies Example Conclusion References First things first Hunting Hunting has become an integral component of mature cyber security operations Network defenders spend a portion of their time hunting for vulnerabilities, misconfigurations, or previously unnoticed security events The practice has evolved beyond grepping randomly through logs Hunts can now be seeded using ML/AI/Statistical models, leading to a directed search rather than a random walk 4/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  12. Introduction Finding Anomalies Example Conclusion References Framing the problem Sounds simple enough, but... 5/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  13. Introduction Finding Anomalies Example Conclusion References Framing the problem Sounds simple enough, but... 5/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  14. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  15. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 1 ”Find anything strange on the network” is not sufficiently specific 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  16. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 1 ”Find anything strange on the network” is not sufficiently specific (neither is “Find any lateral movement.”) 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  17. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 1 ”Find anything strange on the network” is not sufficiently specific (neither is “Find any lateral movement.”) Statistics requires problem identification, consideration of available variables, and understanding how observations arise 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  18. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 1 ”Find anything strange on the network” is not sufficiently specific (neither is “Find any lateral movement.”) Statistics requires problem identification, consideration of available variables, and understanding how observations arise 2 Cyber and statistics/data science folks can talk past one another 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  19. Introduction Finding Anomalies Example Conclusion References Framing the problem Challenges Frequent challenges when finding anomalies: 1 ”Find anything strange on the network” is not sufficiently specific (neither is “Find any lateral movement.”) Statistics requires problem identification, consideration of available variables, and understanding how observations arise 2 Cyber and statistics/data science folks can talk past one another 3 Unsupervised learning is prone to a high false alarm rate; Machine Learning/Artificial Intelligence/Automated-Inference are not immune 6/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  20. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  21. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 1 Scope problems appropriately (e.g. Find strange outbound connections to cloud storage.) 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  22. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 1 Scope problems appropriately (e.g. Find strange outbound connections to cloud storage.) 2 Cyber and statistics/AI/ML experts must iterate collaboratively; interdisciplinary teams are optimal for innovation 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  23. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 1 Scope problems appropriately (e.g. Find strange outbound connections to cloud storage.) 2 Cyber and statistics/AI/ML experts must iterate collaboratively; interdisciplinary teams are optimal for innovation 3 Turn big data into managable data, and, where possible, turn unsupervised problems into supervised. Collect data and validate models 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  24. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 1 Scope problems appropriately (e.g. Find strange outbound connections to cloud storage.) 2 Cyber and statistics/AI/ML experts must iterate collaboratively; interdisciplinary teams are optimal for innovation 3 Turn big data into managable data, and, where possible, turn unsupervised problems into supervised. Collect data and validate models (practice security as a science) 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  25. Introduction Finding Anomalies Example Conclusion References Framing the problem Addressing challenges 1 Scope problems appropriately (e.g. Find strange outbound connections to cloud storage.) 2 Cyber and statistics/AI/ML experts must iterate collaboratively; interdisciplinary teams are optimal for innovation 3 Turn big data into managable data, and, where possible, turn unsupervised problems into supervised. Collect data and validate models (practice security as a science) The remainder of the talk essentially focuses on item three 7/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  26. Introduction Finding Anomalies Example Conclusion References Good news everyone 8/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

  27. Introduction Finding Anomalies Example Conclusion References Good news everyone Cyber security data is particularly well suited to statistical inference 9/21 Brenden Bishop Improved Hunt Seeding withSpecific Anomaly Scoring

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to Scoring the ACIRI a Job Aid. 1 This job aid provides a brief review of the scoring

Welcome to Scoring the ACIRI a Job Aid. 1 This job aid provides a brief review of the scoring

Welcome to Scoring the ACIRI a Job Aid. 1 This job aid provides a brief review of the scoring procedure for the Adult-Child Interactive Reading Inventory. For detailed training on administering and scoring the assessment, please speak with

758 views • 40 slides
Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates

Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates

Atlantic Grains Council Soybean Seeding Trend Analysis February 2020 The Story ry of f Soybean Seeding Rates Introduction Chapter 1: Plant population Chapter 2: Yield Chapter 3: Previous crop Chapter 4: Seeding equipment

713 views • 27 slides
Exercise 8: Scoring Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the

Exercise 8: Scoring Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the

Exercise 8: Scoring Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the exercise: 1- Add scoring cards 2- Practice with AUXSCORE card 3- Plot simulation results 4- Convert results to ASCII 2 Exercise 8: Scoring

501 views • 4 slides
REVEGETATION REVEGETATION REVEGETATION REVEGETATION SEEDING SEEDING SEEDING SEEDING Or Or

REVEGETATION REVEGETATION REVEGETATION REVEGETATION SEEDING SEEDING SEEDING SEEDING Or Or

REVEGETATION REVEGETATION REVEGETATION REVEGETATION SEEDING SEEDING SEEDING SEEDING Or Or The Art of Greening Up Your Work The Art of Greening Up Your Work Bill Awmack P.Ag . Why Re Why Re - -Seed? Seed? Seed? Why Re Why Re Seed?

586 views • 46 slides
Improved wind dynamics for coastal forecasting Julian Hunt (University College London, Trinity

Improved wind dynamics for coastal forecasting Julian Hunt (University College London, Trinity

American Meteorological Society , Annual Conference , Phoenix Jan 2019 Improved wind dynamics for coastal forecasting Julian Hunt (University College London, Trinity College Cambridge) Saj Sajjadi (Former Visiting Research Fellow, Trinity

215 views • 18 slides
Automated Design and Scoring of Degenerate Primers From Multiple Taxon-Specific Primers Den

Automated Design and Scoring of Degenerate Primers From Multiple Taxon-Specific Primers Den

Automated Design and Scoring of Degenerate Primers From Multiple Taxon-Specific Primers Den Ivanov BIO 131, Spring 2017 The Problem Given a list of taxon-specific primers, how can I create an algorithm that can create one set of degenerate

199 views • 8 slides
Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research

Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research

Anomaly Detection on User-agents Peter van Bolhuis Overview Introduction Research Question User-agents Scoring host anomalies Verification Conclusion Anomaly Detection on User-agents 2 Introduction Methods

574 views • 16 slides
Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the exercise: 1- Add

Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the exercise: 1- Add

Exercise 8: Scoring FLUKA Beginners Course Exercise 8: Scoring Aim of the exercise: 1- Add scoring cards 2- Practice with AUXSCORE card 3- Plot simulation results 4- Convert results to ASCII 2 Exercise 8: Scoring Start from the

724 views • 4 slides
What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining

DataCamp Anomaly Detection in R ANOMALY DETECTION IN R What is an anomaly? Alastair Rushworth Data Scientist DataCamp Anomaly Detection in R Defining the term anomaly Anomaly: a data point or collection of data points that do not follow the

870 views • 21 slides
Mountain High Swim League Scoring Presentation 2018 Scoring Committee 1 MHSL Scoring Training

Mountain High Swim League Scoring Presentation 2018 Scoring Committee 1 MHSL Scoring Training

Mountain High Swim League Scoring Presentation 2018 Scoring Committee 1 MHSL Scoring Training 2018 Contact Info Strong Recommendation: use permanent e-mail addresses Meet your Division's Scoring Committee Representative

366 views • 22 slides
Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier)

Anomaly Detection of Trajectories Junier B. Oliva Anomaly Detection An anomaly (or outlier) in a dataset is an instance that is abnormal or unlikely based on the rest of the dataset If the instances in the dataset are labeled as

760 views • 19 slides
An Improved Patient-Specific Mortality Risk Prediction in ICU in a Random Forest Classification

An Improved Patient-Specific Mortality Risk Prediction in ICU in a Random Forest Classification

An Improved Patient-Specific Mortality Risk Prediction in ICU in a Random Forest Classification Framework Soumya GHOSE , Jhimli MITRA 1 , Sankalp KHANNA 1 and Jason DOWLING 1 1. The Australian e-Health and Research Centre, Commonwealth

182 views • 17 slides
USING PAST SEEDING TREATMENTS TO INFORM FUTURE SOURCING IN THE COLORADO PLATEAU ANDREA T.

USING PAST SEEDING TREATMENTS TO INFORM FUTURE SOURCING IN THE COLORADO PLATEAU ANDREA T.

USING PAST SEEDING TREATMENTS TO INFORM FUTURE SOURCING IN THE COLORADO PLATEAU ANDREA T. KRAMER, SHANNON STILL, NORA TALKINGTON, TROY WOOD NATIONAL NATIVE SEED CONFERENCE FEBRUARY 15, 2017 MANY THINGS INFLUENCE SEEDING OUTCOMES Management

385 views • 24 slides
Automatic Selection of Context Configurations for Improved Class-Specific Word Representations

Automatic Selection of Context Configurations for Improved Class-Specific Word Representations

Automatic Selection of Context Configurations for Improved Class-Specific Word Representations Ivan Vuli, Roy Schwartz , Ari Rappoport, Roi Reichart and Anna Korhonen CoNLL 2017; Vancouver; August 3, 2017 1 / 13 Background Distributional

807 views • 25 slides
Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra

Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra

Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra Crest Tahoe Winter Snowfall - 2015-2018 Lake Tahoe Basin Snow Water Equivalent by Water Year WY2017 WY2016 median WY2018 74% median WY2015

420 views • 23 slides
Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra

Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra

Tahoe-Truckee Cloud Seeding Project Water Year 2018 1 DRI Cloud seeding generator: on (Sierra Crest Tahoe Winter 2017-2018 (WY2018) Snow Water Equivalent by Month 74% Average WY2018(74%) - Nov (11%), (9%) - Dec (25%),

343 views • 17 slides
Workshop Wrap-Up Summary of workshop results to date Fundamental Miss. Cent. AHM NAWMP

Workshop Wrap-Up Summary of workshop results to date Fundamental Miss. Cent. AHM NAWMP

Workshop Wrap-Up Summary of workshop results to date Fundamental Miss. Cent. AHM NAWMP Edmonton NAWMP Objectives Flyway Flyway Group NSST Canada PC DU Inc. Maintain healthy waterfowl

316 views • 13 slides
Gold Mine Central City, Colorado The Bates-Hunter Gold Mine Aerial photograph of the Mine Air

Gold Mine Central City, Colorado The Bates-Hunter Gold Mine Aerial photograph of the Mine Air

The Bates-Hunter Gold Mine Central City, Colorado The Bates-Hunter Gold Mine Aerial photograph of the Mine Air photo of the Bates-Hunter Mine area. Contour interval 40 feet. Mineral rights (approximately located) outlined in red. The

359 views • 14 slides
The Campus Climate Project Earth Day Network Its not just a day, its a movement! Mission:

The Campus Climate Project Earth Day Network Its not just a day, its a movement! Mission:

The Campus Climate Project Earth Day Network Its not just a day, its a movement! Mission: To build the worlds largest environmental movement to drive transformative change for people and planet. creating a more just and thriving

404 views • 14 slides
MMA Capital Management Shareholder Presentation December 31, 2017 Nasdaq: MMAC

MMA Capital Management Shareholder Presentation December 31, 2017 Nasdaq: MMAC

MMA Capital Management Shareholder Presentation December 31, 2017 Nasdaq: MMAC www.MMACapitalManagement.com 3600 ODonnell Street, Suite 600, Baltimore, MD 21224 (443) 263-2900 Disclaimer This presentation contains forward-looking

315 views • 15 slides
CHALLENGES, SUCCESSES, HURDLES IN Approved for public release; distribution is unlimited

CHALLENGES, SUCCESSES, HURDLES IN Approved for public release; distribution is unlimited

CHALLENGES, SUCCESSES, HURDLES IN Approved for public release; distribution is unlimited 30 Thousand Foot View Where did we come from Our plan on become better How we

128 views • 12 slides
MOPS in Pakistan: Implementation and Hurdles Ali Choudhary, Sate Bank of Pakistan & CEP-

MOPS in Pakistan: Implementation and Hurdles Ali Choudhary, Sate Bank of Pakistan & CEP-

Outline MOPS:2014/15 vs. 2017/18 Survey Results Institutional Coordination Key Hurdles Next Steps MOPS in Pakistan: Implementation and Hurdles Ali Choudhary, Sate Bank of Pakistan & CEP- London School of Economics (LSE) Nichloas Bloom,

396 views • 24 slides
Roadblocks, Hurdles, and Glass Ceilings: The Female Executive Perspective Kendall Conroy

Roadblocks, Hurdles, and Glass Ceilings: The Female Executive Perspective Kendall Conroy

Roadblocks, Hurdles, and Glass Ceilings: The Female Executive Perspective Kendall Conroy Undergraduate Student, Renewable Materials and Sustainability Oregon State University Dr. Eric Hansen Society of Wood Science and Technology International

416 views • 19 slides
Overcoming Legal Hurdles to Leverage Telehealth Models and Advances in Reimbursement to Increase

Overcoming Legal Hurdles to Leverage Telehealth Models and Advances in Reimbursement to Increase

Overcoming Legal Hurdles to Leverage Telehealth Models and Advances in Reimbursement to Increase Revenue for Providers John R. Washlick, Esq. and Heather Alleva, Esq. January 16, 2019 Agenda Telehealth Overview Legal and Regulatory

455 views • 31 slides

More recommend