Downloaded 20 times
Uploaded byDNIF
User Behavior Analytics Using Machine Learning
The document discusses user behavior analytics using machine learning, focusing on its application in cybersecurity at dnif. It emphasizes the use of unsupervised models for detecting anomalies and bad IP addresses, and highlights the User Entity Behavior Analytics (UEBA) module which assigns risk scores based on user behavior. The document also clarifies common misconceptions about machine learning, stressing its supportive role in decision-making rather than a complete replacement of human oversight.
More Related Content
Similar to User Behavior Analytics Using Machine Learning
User Behavior Analytics Using Machine Learning
- 1. USER BEHAVIOUR ANALYTICS USINGMACHINE LEARNING. DNIFKONNECT DNIF.IT
- 2. OBJECTIVES DNIFKONNECT 1. INTRODUCTION TOMACHINE LEARNING 2. APPLICATION OF ML IN CYBERSECURITY 3. MACHINE LEARNING AT DNIF 4. USER BEHAVIOUR ANALYTICS USING MACHINE LEARNING 5. DEMO
- 3. INTRODUCTION TO ML DNIFKONNECT ●“Field of study that gives computers the ability to learn without being explicitly programmed.”- Arthur Samuel
- 4.
- 5. Supervised Learning Models(Example) DNIFKONNECT IPAddress 404 Return Codes 501 Return Codes Hits per minute Unique URLs Label 192.0.0.1 5 12 12 5 GOOD 192.0.0.2 220 126 2000 115 BAD 192.0.0.3 6 11 25 2 GOOD 192.0.0.4 120 150 1200 80 ??????? PREDICT FOR UNSEEN DATA TRAIN ON LABELED DATA
- 6. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE: DETECTING BAD IP NO GIVEN LABEL IP Address 404 Return Codes 501 Return Codes Hits per minute Unique URLs 192.0.0.1 5 12 12 5 ??? 192.0.0.2 220 126 2000 115 ??? 192.0.0.3 6 11 25 2 ???
- 7. Unsupervised Learning Models(Example) DNIFKONNECT EXAMPLE: DETECTING BAD IP
- 8. MACHINE LEARNING INCYBERSECURITYDNIFKONNECT
- 9. MYTH BUSTER ALERT DNIFKONNECT ●Machine Learning is NOT a silver bullet that caters to anything and everything under the sun. ● The model is only as good as the underlying data. ● Instead of replacing humans (SOC in our case), it only helps them make better decisions in shorter time. (For ex. By reducing false positives).
- 10. MACHINE LEARNING ATDNIF DNIFKONNECT ● At DNIF, we aim at leveraging state of the art Machine Learning techniques to give meaningful insights to our customer’s SOC Teams. ● We mainly use unsupervised models like clustering and anomaly detection. ● Currently we serve the following use cases : ○ USER ENTITY BEHAVIOUR ANALYTICS (UEBA) ○ BAD IP DETECTION MODEL ○ DGA DETECTION
- 11. USER ENTITY BEHAVIOURANALYTICS (UEBA) DNIFKONNECT ● UEBA module at DNIF is used for generating risk scores for the users in the environment based on his behaviour. ● This risk score is generated based on how anomalous his behaviour is, from his usual (or baseline) behaviour. ● The higher the user score, the higher the probability of the user being malicious.
- 12.
- 13.
- 14.
- 15.
- 16.
- 17.
- 18.
- 19.
- 20. DIAGNOSTICS OF UEBA DNIFKONNECT 1.SHOW BASELINE 2. SHOW HISTORY 3. COMPARE WITH BASELINE 4. SHOW RAW LOGS