Talk Abstract:
Adversarial activity can no longer be described purely in terms of static indicators of compromise, which are brittle to evolving adversaries. Instead,behavioral indicators, such as those taxonomically organized in the MITRE ATT&CK framework, offer detection durability. Technical challenges include the fact that many behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by benign nuisance events. Constructing queries and discovering these behaviors can be burdensome. This talk presents tools for hunting of known complex behavioral patterns, and a deep learning approach to automatically discover the behavioral patterns from event logs.
About Presenter:
Hyrum Anderson is the Chief Scientist at Endgame, where he leads research on detecting adversaries and their tools using machine learning. Prior to joining Endgame he conducted information security and situational awareness research as a researcher at FireEye, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal and image processing + machine learning) from the University of Washington and BS/MS degrees from BYU. Research interests include adversarial machine learning, large-scale malware classification, and early time-series classification.
#nullcon #InfoSec #Security
-----------------------------------------------------------------------------------------------------------
Follow nullcon on Facebook: / nullcon
Twitter: / nullcon
Website: nullcon.net
2 июл 2024
