SlideShare ist ein Scribd-Unternehmen logo

Cybersecurity with AI - Ashrith Barthur

Sri Ambati
Sri Ambati

We present solutions on how to make the cyberspace secure through feature-rich, robust, yet lean machine learning-based algorithms that help organizations identify malicious actors, intruders and illegal system access by studying features that arise purely from system login behavior. - Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai - To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata

Daten & Analysen
1 von 20
Downloaden Sie, um offline zu lesen
CONFIDENTIAL Ashrith Barthur, Security Scientist July 19, 2016 CyberSecurity and AI - Looking for anomalies
Few Problems in Cybersecurity 1. Malicious external/internal threat (Phishing, Malicious Domains, etc.) 2. Large scale attacks (DDoS, Spam campaign, etc.) 3. Data loss (Data Ex-filtration) 4. User behavioural analytics (Inside threat, account take over) These are primary problems enterprises are interested in solving as it directly affects business.
How are these cybersecurity problems handled? 1. Rule Based systems 2. Large scale user of experts who understand systems well 3. Expert identification of conditions and their combinations which are true markers of malicious behaviour 4. Multiple security professionals who understand specific conditions and combination, and can identify malicious behaviour
Is this justified? YES. Why? 1. Cyber Security's focus is to identify every instance of malicious behaviour and not leave things to probability. 2. Risk associated with each security event is large. Thus, making identification of each event very important.
What is the problem with this approach? 1. It takes time as large amount of logs need to be analysed and threats must be identified as real/potential/false positive. 2. Requires experts, large number of professionals. 3. It is a manual process and requires investigation with associated events, multiple logs - considerably slow. 4. Even with a thorough investigation it is possible that a malicious event could be missed - anomalous.
Outlier? Anomalous? 1. Outliers are simply put events (when statistically modeled) have a low probability of occurrence. 2. Anomalies are events that have never been seen. 3. Identifying anomalous events is difficult.
How do you solve this problem? 1. Create a malicious behaviour context based on your domain knowledge 2. Using the context to statistically transform the anomalous behaviour as an outlier or at least as a unique occurrence. 3. See if the model fits your contextual assumptions.
Example 1. Studying successful Windows user login times for the entire enterprise does not yield interesting behaviour. 2. Studying these user logins in context is important. 3. Understanding that login patterns of general users, administrators and system account accounts are different. 4. Also, understanding that different kinds of logins, physical systems logins, network based, remote, unlocks, caches logins are different in behaviour. 5. Interactions between types of users and types of logins also yield unique behaviour. Each analytical context is associated with a certain expected behaviour. Any violation of this expected behaviour is flagged and studied.
The Problem? Even Now? 1. The biggest problem even now is that there is no ground truth for us to identify that a behaviour identified as unexpected, outside its context is truly anomalous. 2. Therefore we end up with the problem of unsupervised process 3. Anomalous behaviour detection in cyber security is unsupervised Only Data tells us the truth. We validate our analysis using feedback.
How do we solve this? 1. We still have experts who can identify if these identified behaviours are indeed malicious 2. The information we provide speeds up the analytics and investigation 3. The building of context and statistically identifying unexpected behaviour reduces the need to go through unnecessary data. 4. We use this feedback at multiple levels, a. improve features that go into the context b. modify context itself c. look at changes in thresholds d. use the feedback as a mechanism to turn the problem into a supervised problem.
Event Correlation and Behavioural Identification - A perfect segway to log correlation.
1. The idea of context is used where malicious behavioural identification is important. 2. Individual logs - system, network logs are not comprehensive enough to identify anomalous events on their own. 3. Therefore using log correlation to identify events and building a context around the event is important. 4. Individual events can never be considered in vacuum. 5. The logs primarily correlated by time and then by possibly connected events.
Example of Event/Log Correlation - An example of an event A user account with multiple failed logins, followed by a successful login. The successfully logged in machine connected to a database servers, requested a database dumb and this data was downloaded back to the machine. Identifying these events, and identifying that these events are happening in a series is is correlated events.
Let's break these events down. You have, 1. Multiple login attempts and 1 final successful login ( could be interpreted as a user trying his password wrongly - we all do that) 2. A connection to a database server (totally harmless) 3. A dump of the data on the machine (might be creating a new database and took a dump) 4. Moved the dump of data to the local machine (Totally fine if someone wants to work on the data locally)
The Analysis of correlated events 1. Here we have 4 different events which tell us a story only when there is correlation. 2. Correlation is important because behavioural anomalies described earlier are not statistical outliers. They are unseen data points. 3. These anomalies surface after observing the interactions between different events.
What have we gathered? 1. Defining the right context to identify anomalous malicious events. 2. Identification of correlated events for logs 3. Transformation of anomalous behaviour. 4. Verifying with experts
Thanks to the attendees, support staff, open source members of H2O, colleagues, and our clients for helping us help them by analysing new datasets and grow H2O.
The Team Mark Chan - Scientist, Engineer, Hacker, Ninja. Ivy Wang - UI, Problem, Details, Details, and Details Expert. Fonda Ingram - Comms, and Reqs Expert, The Wall (GoT).

Empfohlen

Building a Real-Time Security Application Using Log Data and Machine Learning...
Building a Real-Time Security Application Using Log Data and Machine Learning...Building a Real-Time Security Application Using Log Data and Machine Learning...
Building a Real-Time Security Application Using Log Data and Machine Learning...
Sri Ambati
 
Using Data Science for Cybersecurity
Using Data Science for CybersecurityUsing Data Science for Cybersecurity
Using Data Science for Cybersecurity
VMware Tanzu
 
Data Analytics in Real World
Data Analytics in Real WorldData Analytics in Real World
Data Analytics in Real World
geetachauhan
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
Yolanta Beresna
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
Stefaan Van daele
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
Sridhar Karnam
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
AI and Security
AI and SecurityAI and Security
AI and Security
Anurag Sahay
 

Empfohlen

Building a Real-Time Security Application Using Log Data and Machine Learning...
Building a Real-Time Security Application Using Log Data and Machine Learning...Building a Real-Time Security Application Using Log Data and Machine Learning...
Building a Real-Time Security Application Using Log Data and Machine Learning...
Sri Ambati
 
Using Data Science for Cybersecurity
Using Data Science for CybersecurityUsing Data Science for Cybersecurity
Using Data Science for Cybersecurity
VMware Tanzu
 
Data Analytics in Real World
Data Analytics in Real WorldData Analytics in Real World
Data Analytics in Real World
geetachauhan
 
User and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solutionUser and entity behavior analytics: building an effective solution
User and entity behavior analytics: building an effective solution
Yolanta Beresna
 
Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence Leverage Big Data for Security Intelligence
Leverage Big Data for Security Intelligence
Stefaan Van daele
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
Sridhar Karnam
 
DataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the DayDataWorks 2018: How Big Data and AI Saved the Day
DataWorks 2018: How Big Data and AI Saved the Day
Interset
 
AI and Security
AI and SecurityAI and Security
AI and Security
Anurag Sahay
 
Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)
Asif Iqbal
 
What the IoT should learn from the life sciences
What the IoT should learn from the life sciencesWhat the IoT should learn from the life sciences
What the IoT should learn from the life sciences
Boris Adryan
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
Forcepoint LLC
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
Robert Smith
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
Interset
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
scoopnewsgroup
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
Vaticle
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
Interset
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Data Science London - Meetup, 28/05/15
Data Science London - Meetup, 28/05/15Data Science London - Meetup, 28/05/15
Data Science London - Meetup, 28/05/15
Boris Adryan
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
Interset
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data Advantage
Sqrrl
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
Interset
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
Approaching Quality in Digital Era
Approaching Quality in Digital EraApproaching Quality in Digital Era
Approaching Quality in Digital Era
SoftServe
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
Forcepoint LLC
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
Interset
 
Visual Machine Learning - Tony Chu
Visual Machine Learning - Tony Chu Visual Machine Learning - Tony Chu
Visual Machine Learning - Tony Chu
Sri Ambati
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
Sri Ambati
 

Weitere ähnliche Inhalte

Was ist angesagt?

AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
ZoneFox
 

Was ist angesagt? (20)

Footprintig(Haching)
Footprintig(Haching)Footprintig(Haching)
Footprintig(Haching)
 
What the IoT should learn from the life sciences
What the IoT should learn from the life sciencesWhat the IoT should learn from the life sciences
What the IoT should learn from the life sciences
 
AI and ML in Cybersecurity
AI and ML in CybersecurityAI and ML in Cybersecurity
AI and ML in Cybersecurity
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security
 
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
IANS Forum Charlotte: Operationalizing Big Data Security [Tech Spotlight]
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
 
Practical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in CybersecurityPractical Applications of Machine Learning in Cybersecurity
Practical Applications of Machine Learning in Cybersecurity
 
Unified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge GraphUnified Information Governance, Powered by Knowledge Graph
Unified Information Governance, Powered by Knowledge Graph
 
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
IANS Forum Seattle Technology Spotlight: Looking for and Finding the Inside...
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Data Science London - Meetup, 28/05/15
Data Science London - Meetup, 28/05/15Data Science London - Meetup, 28/05/15
Data Science London - Meetup, 28/05/15
 
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider ThreatsWEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
WEBINAR: How To Use Artificial Intelligence To Prevent Insider Threats
 
The Linked Data Advantage
The Linked Data AdvantageThe Linked Data Advantage
The Linked Data Advantage
 
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
How to Operationalize Big Data Security Analytics - Technology Spotlight at I...
 
Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
 
Approaching Quality in Digital Era
Approaching Quality in Digital EraApproaching Quality in Digital Era
Approaching Quality in Digital Era
 
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...
 
AI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and SolutionsAI In Cybersecurity – Challenges and Solutions
AI In Cybersecurity – Challenges and Solutions
 
Sqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use CaseSqrrl Enterprise: Big Data Security Analytics Use Case
Sqrrl Enterprise: Big Data Security Analytics Use Case
 
IANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight SessionIANS Forum Dallas - Technology Spotlight Session
IANS Forum Dallas - Technology Spotlight Session
 

Andere mochten auch

Matrix transposition
Matrix transpositionMatrix transposition
Matrix transposition
동호 이
 
Sas visual-analytics-startup-guide
Sas visual-analytics-startup-guideSas visual-analytics-startup-guide
Sas visual-analytics-startup-guide
CMR WORLD TECH
 

Andere mochten auch (20)

Visual Machine Learning - Tony Chu
Visual Machine Learning - Tony Chu Visual Machine Learning - Tony Chu
Visual Machine Learning - Tony Chu
 
Cybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith BarthurCybersecurity with AI - Ashrith Barthur
Cybersecurity with AI - Ashrith Barthur
 
Caffe + H2O - By Cyprien noel
Caffe + H2O - By Cyprien noelCaffe + H2O - By Cyprien noel
Caffe + H2O - By Cyprien noel
 
Matrix transposition
Matrix transpositionMatrix transposition
Matrix transposition
 
Noiz Cyber Investigation 2011
Noiz Cyber Investigation 2011Noiz Cyber Investigation 2011
Noiz Cyber Investigation 2011
 
Power Grid Cybersecurity
Power Grid CybersecurityPower Grid Cybersecurity
Power Grid Cybersecurity
 
Artificial intelligence in cyber defense
Artificial intelligence in cyber defenseArtificial intelligence in cyber defense
Artificial intelligence in cyber defense
 
Sas visual-analytics-startup-guide
Sas visual-analytics-startup-guideSas visual-analytics-startup-guide
Sas visual-analytics-startup-guide
 
Sparkling Water 2.0 - Michal Malohlava
Sparkling Water 2.0 - Michal MalohlavaSparkling Water 2.0 - Michal Malohlava
Sparkling Water 2.0 - Michal Malohlava
 
Data Hiding Techniques
Data Hiding TechniquesData Hiding Techniques
Data Hiding Techniques
 
Cybercrime investigation
Cybercrime investigationCybercrime investigation
Cybercrime investigation
 
Deep Water - GPU Deep Learning for H2O - Arno Candel
Deep Water - GPU Deep Learning for H2O - Arno CandelDeep Water - GPU Deep Learning for H2O - Arno Candel
Deep Water - GPU Deep Learning for H2O - Arno Candel
 
H2O & Tensorflow - Fabrizio
H2O & Tensorflow - Fabrizio H2O & Tensorflow - Fabrizio
H2O & Tensorflow - Fabrizio
 
Deep Water - Bringing Tensorflow, Caffe, Mxnet to H2O
Deep Water - Bringing Tensorflow, Caffe, Mxnet to H2ODeep Water - Bringing Tensorflow, Caffe, Mxnet to H2O
Deep Water - Bringing Tensorflow, Caffe, Mxnet to H2O
 
Smart Grid Cyber Security
Smart Grid Cyber SecuritySmart Grid Cyber Security
Smart Grid Cyber Security
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Substation overview
Substation overviewSubstation overview
Substation overview
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 

Ähnlich wie Cybersecurity with AI - Ashrith Barthur

Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdfIncident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
SathishKumar960827
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Happiest Minds Technologies
 
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
abhichowdary16
 
Personam Solution - How it Works Brief
Personam Solution - How it Works BriefPersonam Solution - How it Works Brief
Personam Solution - How it Works Brief
Sunny Geo
 
Personam Solution - How it Works Brief
Personam Solution - How it Works BriefPersonam Solution - How it Works Brief
Personam Solution - How it Works Brief
Sunny Geo
 
Privacy Preserving Based Cloud Storage System
Privacy Preserving Based Cloud Storage SystemPrivacy Preserving Based Cloud Storage System
Privacy Preserving Based Cloud Storage System
Kumar Goud
 
The Target breach case Study Assignment.In 2013, Target was the .docx
The Target breach case Study Assignment.In 2013, Target was the .docxThe Target breach case Study Assignment.In 2013, Target was the .docx
The Target breach case Study Assignment.In 2013, Target was the .docx
sarah98765
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 

Ähnlich wie Cybersecurity with AI - Ashrith Barthur (20)

IRP on a Budget
IRP on a BudgetIRP on a Budget
IRP on a Budget
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdfIncident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
Incident handling and Response - YAHOO UNAUTHORIZED ACCESS (DATA BREACH).pdf
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
The Missing Approach for Threat Detection
The Missing Approach for Threat DetectionThe Missing Approach for Threat Detection
The Missing Approach for Threat Detection
 
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network SecurityWhitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
Whitepaper- User Behavior-Based Anomaly Detection for Cyber Network Security
 
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
11-Incident Response, Risk Management Sample Question and Answer-24-06-2023.ppt
 
Personam Solution - How it Works Brief
Personam Solution - How it Works BriefPersonam Solution - How it Works Brief
Personam Solution - How it Works Brief
 
Personam Solution - How it Works Brief
Personam Solution - How it Works BriefPersonam Solution - How it Works Brief
Personam Solution - How it Works Brief
 
Privacy Preserving Based Cloud Storage System
Privacy Preserving Based Cloud Storage SystemPrivacy Preserving Based Cloud Storage System
Privacy Preserving Based Cloud Storage System
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
IRJET - Fake News Detection: A Survey
IRJET - Fake News Detection: A SurveyIRJET - Fake News Detection: A Survey
IRJET - Fake News Detection: A Survey
 
IRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing SecurityIRJET- Honeywords: A New Approach for Enhancing Security
IRJET- Honeywords: A New Approach for Enhancing Security
 
Big Data and Information Security
Big Data and Information SecurityBig Data and Information Security
Big Data and Information Security
 
The Target breach case Study Assignment.In 2013, Target was the .docx
The Target breach case Study Assignment.In 2013, Target was the .docxThe Target breach case Study Assignment.In 2013, Target was the .docx
The Target breach case Study Assignment.In 2013, Target was the .docx
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
DLD_SYNOPSIS
DLD_SYNOPSISDLD_SYNOPSIS
DLD_SYNOPSIS
 
Unsupervised Learning for Credit Card Fraud Detection
Unsupervised Learning for Credit Card Fraud DetectionUnsupervised Learning for Credit Card Fraud Detection
Unsupervised Learning for Credit Card Fraud Detection
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 

Mehr von Sri Ambati

Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
Building LLM Solutions using Open Source and Closed Source Solutions in Coher...Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
Sri Ambati
 
Risk Management for LLMs
Risk Management for LLMsRisk Management for LLMs
Risk Management for LLMs
Sri Ambati
 
AI Foundations Course Module 1 - An AI Transformation Journey
AI Foundations Course Module 1 - An AI Transformation JourneyAI Foundations Course Module 1 - An AI Transformation Journey
AI Foundations Course Module 1 - An AI Transformation Journey
Sri Ambati
 

Mehr von Sri Ambati (20)

H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Generative AI Masterclass - Model Risk Management.pptx
Generative AI Masterclass - Model Risk Management.pptxGenerative AI Masterclass - Model Risk Management.pptx
Generative AI Masterclass - Model Risk Management.pptx
 
AI and the Future of Software Development: A Sneak Peek
AI and the Future of Software Development: A Sneak Peek AI and the Future of Software Development: A Sneak Peek
AI and the Future of Software Development: A Sneak Peek
 
LLMOps: Match report from the top of the 5th
LLMOps: Match report from the top of the 5thLLMOps: Match report from the top of the 5th
LLMOps: Match report from the top of the 5th
 
Building, Evaluating, and Optimizing your RAG App for Production
Building, Evaluating, and Optimizing your RAG App for ProductionBuilding, Evaluating, and Optimizing your RAG App for Production
Building, Evaluating, and Optimizing your RAG App for Production
 
Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
Building LLM Solutions using Open Source and Closed Source Solutions in Coher...Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
Building LLM Solutions using Open Source and Closed Source Solutions in Coher...
 
Risk Management for LLMs
Risk Management for LLMsRisk Management for LLMs
Risk Management for LLMs
 
Open-Source AI: Community is the Way
Open-Source AI: Community is the WayOpen-Source AI: Community is the Way
Open-Source AI: Community is the Way
 
Building Custom GenAI Apps at H2O
Building Custom GenAI Apps at H2OBuilding Custom GenAI Apps at H2O
Building Custom GenAI Apps at H2O
 
Applied Gen AI for the Finance Vertical
Applied Gen AI for the Finance Vertical Applied Gen AI for the Finance Vertical
Applied Gen AI for the Finance Vertical
 
Cutting Edge Tricks from LLM Papers
Cutting Edge Tricks from LLM PapersCutting Edge Tricks from LLM Papers
Cutting Edge Tricks from LLM Papers
 
Practitioner's Guide to LLMs: Exploring Use Cases and a Glimpse Beyond Curren...
Practitioner's Guide to LLMs: Exploring Use Cases and a Glimpse Beyond Curren...Practitioner's Guide to LLMs: Exploring Use Cases and a Glimpse Beyond Curren...
Practitioner's Guide to LLMs: Exploring Use Cases and a Glimpse Beyond Curren...
 
Open Source h2oGPT with Retrieval Augmented Generation (RAG), Web Search, and...
Open Source h2oGPT with Retrieval Augmented Generation (RAG), Web Search, and...Open Source h2oGPT with Retrieval Augmented Generation (RAG), Web Search, and...
Open Source h2oGPT with Retrieval Augmented Generation (RAG), Web Search, and...
 
KGM Mastering Classification and Regression with LLMs: Insights from Kaggle C...
KGM Mastering Classification and Regression with LLMs: Insights from Kaggle C...KGM Mastering Classification and Regression with LLMs: Insights from Kaggle C...
KGM Mastering Classification and Regression with LLMs: Insights from Kaggle C...
 
LLM Interpretability
LLM Interpretability LLM Interpretability
LLM Interpretability
 
Never Reply to an Email Again
Never Reply to an Email AgainNever Reply to an Email Again
Never Reply to an Email Again
 
Introducción al Aprendizaje Automatico con H2O-3 (1)
Introducción al Aprendizaje Automatico con H2O-3 (1)Introducción al Aprendizaje Automatico con H2O-3 (1)
Introducción al Aprendizaje Automatico con H2O-3 (1)
 
From Rapid Prototypes to an end-to-end Model Deployment: an AI Hedge Fund Use...
From Rapid Prototypes to an end-to-end Model Deployment: an AI Hedge Fund Use...From Rapid Prototypes to an end-to-end Model Deployment: an AI Hedge Fund Use...
From Rapid Prototypes to an end-to-end Model Deployment: an AI Hedge Fund Use...
 
AI Foundations Course Module 1 - Shifting to the Next Step in Your AI Transfo...
AI Foundations Course Module 1 - Shifting to the Next Step in Your AI Transfo...AI Foundations Course Module 1 - Shifting to the Next Step in Your AI Transfo...
AI Foundations Course Module 1 - Shifting to the Next Step in Your AI Transfo...
 
AI Foundations Course Module 1 - An AI Transformation Journey
AI Foundations Course Module 1 - An AI Transformation JourneyAI Foundations Course Module 1 - An AI Transformation Journey
AI Foundations Course Module 1 - An AI Transformation Journey
 

Kürzlich hochgeladen

VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
SUHANI PANDEY
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
shivangimorya083
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Riyadh +966572737505 get cytotec
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
Lars Albertsson
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
JohnnyPlasten
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
shambhavirathore45
 

Kürzlich hochgeladen (20)

VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
BabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptxBabyOno dropshipping via API with DroFx.pptx
BabyOno dropshipping via API with DroFx.pptx
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in KishangarhDelhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
Delhi 99530 vip 56974 Genuine Escort Service Call Girls in Kishangarh
 
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
Digital Advertising Lecture for Advanced Digital & Social Media Strategy at U...
 
Zuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptxZuja dropshipping via API with DroFx.pptx
Zuja dropshipping via API with DroFx.pptx
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
 
Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...Determinants of health, dimensions of health, positive health and spectrum of...
Determinants of health, dimensions of health, positive health and spectrum of...
 
VidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptxVidaXL dropshipping via API with DroFx.pptx
VidaXL dropshipping via API with DroFx.pptx
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 

Cybersecurity with AI - Ashrith Barthur

  • 1. CONFIDENTIAL Ashrith Barthur, Security Scientist July 19, 2016 CyberSecurity and AI - Looking for anomalies
  • 2. Few Problems in Cybersecurity 1. Malicious external/internal threat (Phishing, Malicious Domains, etc.) 2. Large scale attacks (DDoS, Spam campaign, etc.) 3. Data loss (Data Ex-filtration) 4. User behavioural analytics (Inside threat, account take over) These are primary problems enterprises are interested in solving as it directly affects business.
  • 3. How are these cybersecurity problems handled? 1. Rule Based systems 2. Large scale user of experts who understand systems well 3. Expert identification of conditions and their combinations which are true markers of malicious behaviour 4. Multiple security professionals who understand specific conditions and combination, and can identify malicious behaviour
  • 4. Is this justified? YES. Why? 1. Cyber Security's focus is to identify every instance of malicious behaviour and not leave things to probability. 2. Risk associated with each security event is large. Thus, making identification of each event very important.
  • 5. What is the problem with this approach? 1. It takes time as large amount of logs need to be analysed and threats must be identified as real/potential/false positive. 2. Requires experts, large number of professionals. 3. It is a manual process and requires investigation with associated events, multiple logs - considerably slow. 4. Even with a thorough investigation it is possible that a malicious event could be missed - anomalous.
  • 6. Outlier? Anomalous? 1. Outliers are simply put events (when statistically modeled) have a low probability of occurrence. 2. Anomalies are events that have never been seen. 3. Identifying anomalous events is difficult.
  • 7. How do you solve this problem? 1. Create a malicious behaviour context based on your domain knowledge 2. Using the context to statistically transform the anomalous behaviour as an outlier or at least as a unique occurrence. 3. See if the model fits your contextual assumptions.
  • 8. Example 1. Studying successful Windows user login times for the entire enterprise does not yield interesting behaviour. 2. Studying these user logins in context is important. 3. Understanding that login patterns of general users, administrators and system account accounts are different. 4. Also, understanding that different kinds of logins, physical systems logins, network based, remote, unlocks, caches logins are different in behaviour. 5. Interactions between types of users and types of logins also yield unique behaviour. Each analytical context is associated with a certain expected behaviour. Any violation of this expected behaviour is flagged and studied.
  • 9.
  • 10. The Problem? Even Now? 1. The biggest problem even now is that there is no ground truth for us to identify that a behaviour identified as unexpected, outside its context is truly anomalous. 2. Therefore we end up with the problem of unsupervised process 3. Anomalous behaviour detection in cyber security is unsupervised Only Data tells us the truth. We validate our analysis using feedback.
  • 11. How do we solve this? 1. We still have experts who can identify if these identified behaviours are indeed malicious 2. The information we provide speeds up the analytics and investigation 3. The building of context and statistically identifying unexpected behaviour reduces the need to go through unnecessary data. 4. We use this feedback at multiple levels, a. improve features that go into the context b. modify context itself c. look at changes in thresholds d. use the feedback as a mechanism to turn the problem into a supervised problem.
  • 12.
  • 13. Event Correlation and Behavioural Identification - A perfect segway to log correlation.
  • 14. 1. The idea of context is used where malicious behavioural identification is important. 2. Individual logs - system, network logs are not comprehensive enough to identify anomalous events on their own. 3. Therefore using log correlation to identify events and building a context around the event is important. 4. Individual events can never be considered in vacuum. 5. The logs primarily correlated by time and then by possibly connected events.
  • 15. Example of Event/Log Correlation - An example of an event A user account with multiple failed logins, followed by a successful login. The successfully logged in machine connected to a database servers, requested a database dumb and this data was downloaded back to the machine. Identifying these events, and identifying that these events are happening in a series is is correlated events.
  • 16. Let's break these events down. You have, 1. Multiple login attempts and 1 final successful login ( could be interpreted as a user trying his password wrongly - we all do that) 2. A connection to a database server (totally harmless) 3. A dump of the data on the machine (might be creating a new database and took a dump) 4. Moved the dump of data to the local machine (Totally fine if someone wants to work on the data locally)
  • 17. The Analysis of correlated events 1. Here we have 4 different events which tell us a story only when there is correlation. 2. Correlation is important because behavioural anomalies described earlier are not statistical outliers. They are unseen data points. 3. These anomalies surface after observing the interactions between different events.
  • 18. What have we gathered? 1. Defining the right context to identify anomalous malicious events. 2. Identification of correlated events for logs 3. Transformation of anomalous behaviour. 4. Verifying with experts
  • 19. Thanks to the attendees, support staff, open source members of H2O, colleagues, and our clients for helping us help them by analysing new datasets and grow H2O.
  • 20. The Team Mark Chan - Scientist, Engineer, Hacker, Ninja. Ivy Wang - UI, Problem, Details, Details, and Details Expert. Fonda Ingram - Comms, and Reqs Expert, The Wall (GoT).