SlideShare una empresa de Scribd logo

Strata San Jose 2016 - Reduce False Positives in Security

Descargar como PPTX, PDF
Ram Shankar Siva Kumar
Ram Shankar Siva Kumar

How to reduce false positives in security systems through feedback and rules. You will learn about: 1) Implicit Feedback 2) Applying Rules above ML systems 3) Applying Rules as Features 4) Combining them using MLN

Ingeniería
1 de 46
Powerball Predictor Photo Credit: Sean McGrath Crystal ball tells me with 99% accuracy if a powerball prediction is a winner.
Powerball Predictor Photo Credit: Sean McGrath ● ~300 million samples. ● ~ 3 million false positives. ● 1 true positive.
Powerball Predictor Photo Credit: Sean McGrath The overwhelming majority of tickets are not winners. Failing to recognize this is falling victim to the base rate fallacy.
Security Crystal Ball Photo Credit: Sean McGrath The overwhelming majority of log entries and data points do not represent fraud and intrusions. Failing to recognize this is falling victim to the base rate fallacy.
Source: MXLabs
Base Rate Fallacy
Why False Positives?
Case Study: Outlier Detection Using an outlier detection system to identify fraudsters within the environment.
For a set of generating mechanisms find the unusual ones.
Example Time Series
Photo credit SuperCar-RoadTrip.fr under Creative Commons Attribution 2.0 Change in the data over time in unforeseen ways. Concept Drift
Solution: Feedback Loop
Explicit Feedback Loop Photo credit Alan Levine under Creative Commons Attribution 2.0
Explicit Feedback Loop Photo credit Alan Levine under Creative Commons Attribution 2.0 Implicit Feedback Loop
Fraud: Takeaways - Concept Drift is a shift in behavior. - Feedback combats concept drift. - Implicit Feedback > Explicit Feedback
IDS: Anatomy of Successful Detection
Context: Security Analyst
Red team Kill Chain
Blue team Kill Chain
False positives: Lose Ability to Triage
Fact: You cannot salvage a false positive with Contextual Info or Visualization
What is a Successful detection? Properties + Frameworks
Successful detection captures Adversary TTP from Sensor data ignoring Expected activity Source: @MSwannMSFT
Properties of a Successful Detection Adaptability Credible Interpretability Actionable
Basic Advanced LessUsefulMoreUseful Sophistication of Algorithms UsefulnessofAlerts SecurityDomainKnowledge Framework for a Successful detection
Basic Advanced LessUsefulMoreUseful Sophistication of Algorithms UsefulnessofAlerts SecurityDomainKnowledge Outlier
Basic Advanced LessUsefulMoreUseful Sophistication of Algorithms UsefulnessofAlerts SecurityDomainKnowledge Outlier Anomaly
Basic Advanced LessUsefulMoreUseful Sophistication of Algorithms UsefulnessofAlerts SecurityDomainKnowledge Outlier Anomaly Security Interesting Alerts Successful Detections incorporate Domain Knowledge Alerts
How to encode Domain Knowledge: Embrace Rules • Business Heuristics to filter out the “Security interesting anomalies” • Rules can take many forms: •TI feeds •IOCs, IOAs •TTPs • Rules are awesome • Credible, Interpretable, Adaptable (to some extent), Actionable! • Highest Precision • Highest Recall
Three ways to combine ML and Rules
Three Ways to combine Rules and ML 1.Above Machine Learning Systems a.Business Heuristics to filter alerts i. “For account _foo_, only raise sev 2 alerts until March 28th, 2016”,
Work by Dan Mace et. al, Microsoft
2. Below Machine Learning Systems a. Featurizations - “If IP address present in List of malicious IP dataset, flag 1” b. Utilizes Threat Intel feeds (Cymru, Virus total, FireEye)
3: Combining Rules and Machine Learning together using Markov Logic Networks Initial Ideas given by Vinod Nair, MSR
Intuition •Rules alone place a set of hard constraints on the set of possible worlds •Let’s make them soft constraints: When a world violates a formula, It becomes less probable, not impossible •Give each formula a weight (Higher weight ⇒ Stronger constraint) Source: Lectures by Pedro Domingos
Interactive logons from service accounts causes attack Similar service accounts tend to have similar logon behavior Example: Service Accounts Domain Knowledge
Example: Service Accounts Encode as First Order Logic
Example: Service Accounts 1.5 1.1 Example: Service Accounts Associate Each Rule With the Learned Weight
Example: Service Accounts 1.5 1.1 Attack( A) InteractiveLo gon(A) InteractiveLo gon(B) Attack( B) Example: Service Accounts Consider two service accounts: A,B
Example: Service Accounts 1.5 1.1 Attack( A) InteractiveLo gon(A) InteractiveLo gon(B) Attack( B)Similar(A, B) Similar(B, A) Similar(A, A) Similar(B, B)
Example: Service Accounts 1.5 1.1 Attack( A) InteractiveLo gon(A) InteractiveLo gon(B) Attack( B)Similar(A, B) Similar(B, A) Similar(A, A) Similar(B, B)
Example: Service Accounts 1.5 1.1 Attack( A) InteractiveLo gon(A) InteractiveLo gon(B) Attack( B)Similar(A, B) Similar(B, A) Similar(A, A) Similar(B, B)
•How to learn the structure? •Begin with hand-coded rules •Use Inductive Logic Programming, but need to infer arbitrary clause •How to learn the weights? •For generative learning, depend on pseudolikelihood •Checkout Alchemy -- http://alchemy.cs.washington.edu/
Call for Action - After the conference • One Week • Review •@CodyRioux - IPython Notebook •@Ram_ssk - Follow Up material • Think comprehensively about Rules • One Month •Ask your data scientists to literature review section •Implement the rules on TOP of ML systems • One quarter •Implement a feedback system to capture training data •Implement all TI feeds within an ML System •Play with Alchemy
Literature ● The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection (Alexsson, 1999) ● Enhancing Performance Prediction Robustness by Combining Analytical Modeling and Machine Learning (Didona et al., 2015) ● Richardson, Matthew, and Pedro Domingos. "Markov logic networks."Machine learning 62.1-2 (2006): 107-136.

Recomendados

Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Ram Shankar Siva Kumar
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingKatie Nickels
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
 

Recomendados

Subverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitSubverting Machine Learning Detections for fun and profit
Subverting Machine Learning Detections for fun and profitRam Shankar Siva Kumar
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Ram Shankar Siva Kumar
 
A review of machine learning based anomaly detection
A review of machine learning based anomaly detectionA review of machine learning based anomaly detection
A review of machine learning based anomaly detectionMohamed Elfadly
 
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Dynamic Population Discovery for Lateral Movement (Using Machine Learning)
Dynamic Population Discovery for Lateral Movement (Using Machine Learning)Rod Soto
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
Resistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingResistance Isn't Futile: A Practical Approach to Threat Modeling
Resistance Isn't Futile: A Practical Approach to Threat ModelingKatie Nickels
 
Cognitive Computing in Security with AI
Cognitive Computing in Security with AI Cognitive Computing in Security with AI
Cognitive Computing in Security with AI JoAnna Cheshire
 
AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...AI approach to malware similarity analysis: Maping the malware genome with a...
AI approach to malware similarity analysis: Maping the malware genome with a...Priyanka Aash
 
Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesMohammed Almeshekah
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Mohammed Almeshekah
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av softwarejunseok seo
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
Pptbb
PptbbPptbb
PptbbRohit Shukla
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
Intern Poster Presentation
Intern Poster PresentationIntern Poster Presentation
Intern Poster PresentationDaniel Lee
 
Spam email filtering
Spam email filteringSpam email filtering
Spam email filteringNational Institute
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksPriyanka Aash
 
DM for IDS
DM for IDSDM for IDS
DM for IDSNesma Mahmoud
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionGrijesh Chauhan
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingPriyanka Aash
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
 
Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Ram Shankar Siva Kumar
 
Transforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsTransforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsRam Shankar Siva Kumar
 

Más contenido relacionado

La actualidad más candente

Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesMohammed Almeshekah
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Mohammed Almeshekah
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av softwarejunseok seo
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionMITRE - ATT&CKcon
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)FFRI, Inc.
 
Intern Poster Presentation
Intern Poster PresentationIntern Poster Presentation
Intern Poster PresentationDaniel Lee
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecuritystelligence
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveChong-Kuan Chen
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksPriyanka Aash
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Infocyte
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionGrijesh Chauhan
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware DetectionKaspersky
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringAshwini Almad
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modellingInvisibits
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingPriyanka Aash
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseInfocyte
 

La actualidad más candente (20)

Planning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security DefensesPlanning and Integrating Deception into Computer Security Defenses
Planning and Integrating Deception into Computer Security Defenses
 
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses -- The...
 
Adversarial machine learning for av software
Adversarial machine learning for av softwareAdversarial machine learning for av software
Adversarial machine learning for av software
 
Transforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis QuestionTransforming Adversary Emulation Into a Data Analysis Question
Transforming Adversary Emulation Into a Data Analysis Question
 
Pptbb
PptbbPptbb
Pptbb
 
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
Introduction of Threat Analysis Methods(FFRI Monthly Research 2016.9)
 
Intern Poster Presentation
Intern Poster PresentationIntern Poster Presentation
Intern Poster Presentation
 
Spam email filtering
Spam email filteringSpam email filtering
Spam email filtering
 
Navy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurityNavy security contest-bigdataforsecurity
Navy security contest-bigdataforsecurity
 
Malware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning PerspectiveMalware Detection - A Machine Learning Perspective
Malware Detection - A Machine Learning Perspective
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined Networks
 
DM for IDS
DM for IDSDM for IDS
DM for IDS
 
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
Cybersecurity Incident Response Readiness: How to Find and Respond to Attacke...
 
Metamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and DetectionMetamorphic Malware Analysis and Detection
Metamorphic Malware Analysis and Detection
 
Machine Learning in Malware Detection
Machine Learning in Malware DetectionMachine Learning in Malware Detection
Machine Learning in Malware Detection
 
Machine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and ClusteringMachine Learning for Malware Classification and Clustering
Machine Learning for Malware Classification and Clustering
 
Attack modeling vs threat modelling
Attack modeling vs threat modellingAttack modeling vs threat modelling
Attack modeling vs threat modelling
 
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI LocksmithingDeepLocker - Concealing Targeted Attacks with AI Locksmithing
DeepLocker - Concealing Targeted Attacks with AI Locksmithing
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Threat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident ResponseThreat Hunting 101: Intro to Threat Detection and Incident Response
Threat Hunting 101: Intro to Threat Detection and Incident Response
 

Destacado

Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Ram Shankar Siva Kumar
 
Transforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsTransforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsRam Shankar Siva Kumar
 
Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Ram Shankar Siva Kumar
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Kim Herzig
 
Simple big data, in Python
Simple big data, in PythonSimple big data, in Python
Simple big data, in PythonGael Varoquaux
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Kevin Mao
 

Destacado (6)

Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...Operationalizing security data science for the cloud: Challenges, solutions, ...
Operationalizing security data science for the cloud: Challenges, solutions, ...
 
Transforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using GraphsTransforming incident Response to Intelligent Response using Graphs
Transforming incident Response to Intelligent Response using Graphs
 
Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense Infiltrate 2015 - Data Driven Offense
Infiltrate 2015 - Data Driven Offense
 
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
Empirically Detecting False Test Alarms Using Association Rules @ ICSE 2015
 
Simple big data, in Python
Simple big data, in PythonSimple big data, in Python
Simple big data, in Python
 
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
Achieving Real-time Ingestion and Analysis of Security Events through Kafka a...
 

Similar a Strata San Jose 2016 - Reduce False Positives in Security

Towards a Practice of Token Engineering
Towards a Practice of Token EngineeringTowards a Practice of Token Engineering
Towards a Practice of Token EngineeringTrent McConaghy
 
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)Amazon Web Services
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in CloudsTyrone Grandison
 
Declarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemTDeclarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemTLaura Chiticariu
 
The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.Jarrod Overson
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_securityComputer Science Club
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseNathan Case
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclavefluturads
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scaleOWASP
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial EmulationScott Sutherland
 
How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019Jarrod Overson
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationRaffael Marty
 
Adversarial Analytics - 2013 Strata & Hadoop World Talk
Adversarial Analytics - 2013 Strata & Hadoop World TalkAdversarial Analytics - 2013 Strata & Hadoop World Talk
Adversarial Analytics - 2013 Strata & Hadoop World TalkRobert Grossman
 
Incident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxIncident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxssuser2a8bb7
 
CQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspectiveCQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspectiveMaria Gomez
 
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...Frank Pfleger
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamenskamensm02
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs AlienVault
 

Similar a Strata San Jose 2016 - Reduce False Positives in Security (20)

Towards a Practice of Token Engineering
Towards a Practice of Token EngineeringTowards a Practice of Token Engineering
Towards a Practice of Token Engineering
 
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)
AWS re:Invent 2016: Getting to Ground Truth with Amazon Mechanical Turk (MAC201)
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in Clouds
 
Declarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemTDeclarative Multilingual Information Extraction with SystemT
Declarative Multilingual Information Extraction with SystemT
 
The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.The State of Credential Stuffing and the Future of Account Takeovers.
The State of Credential Stuffing and the Future of Account Takeovers.
 
20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security20101017 program analysis_for_security_livshits_lecture03_security
20101017 program analysis_for_security_livshits_lecture03_security
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
 
Fluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data ConclaveFluturas presentation @ Big Data Conclave
Fluturas presentation @ Big Data Conclave
 
[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale[OPD 2019] Threat modeling at scale
[OPD 2019] Threat modeling at scale
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
 
How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019How Credential Stuffing is Evolving - PasswordsCon 2019
How Credential Stuffing is Evolving - PasswordsCon 2019
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Creating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
 
Adversarial Analytics - 2013 Strata & Hadoop World Talk
Adversarial Analytics - 2013 Strata & Hadoop World TalkAdversarial Analytics - 2013 Strata & Hadoop World Talk
Adversarial Analytics - 2013 Strata & Hadoop World Talk
 
Incident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptxIncident_Response_for_Management_Presentation.pptx
Incident_Response_for_Management_Presentation.pptx
 
CQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspectiveCQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspective
 
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...
Distributed Business Tracing with Opentracing and Trasier by Frank Pfleger & ...
 
NH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 KamensNH Bankers 10 08 07 Kamens
NH Bankers 10 08 07 Kamens
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
 

Último

Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxStephen Sitton
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Communityprachaibot
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptJohnWilliam111370
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfBalamuruganV28
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Coursebim.edu.pl
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfDrew Moseley
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxsiddharthjain2303
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESkarthi keyan
 
Robotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdfRobotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdfsahilsajad201
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHSneha Padhiar
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfManish Kumar
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTSneha Padhiar
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating SystemRashmi Bhat
 
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodLevelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodManicka Mamallan Andavar
 
KCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosKCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosVictor Morales
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionSneha Padhiar
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewsandhya757531
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxRomil Mishra
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communicationpanditadesh123
 

Último (20)

Turn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptxTurn leadership mistakes into a better future.pptx
Turn leadership mistakes into a better future.pptx
 
Prach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism CommunityPrach: A Feature-Rich Platform Empowering the Autism Community
Prach: A Feature-Rich Platform Empowering the Autism Community
 
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.pptROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
ROBOETHICS-CCS345 ETHICS AND ARTIFICIAL INTELLIGENCE.ppt
 
CS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdfCS 3251 Programming in c all unit notes pdf
CS 3251 Programming in c all unit notes pdf
 
Katarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School CourseKatarzyna Lipka-Sidor - BIM School Course
Katarzyna Lipka-Sidor - BIM School Course
 
Immutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdfImmutable Image-Based Operating Systems - EW2024.pdf
Immutable Image-Based Operating Systems - EW2024.pdf
 
Energy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptxEnergy Awareness training ppt for manufacturing process.pptx
Energy Awareness training ppt for manufacturing process.pptx
 
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTESCME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
CME 397 - SURFACE ENGINEERING - UNIT 1 FULL NOTES
 
Robotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdfRobotics Group 10 (Control Schemes) cse.pdf
Robotics Group 10 (Control Schemes) cse.pdf
 
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACHTEST CASE GENERATION GENERATION BLOCK BOX APPROACH
TEST CASE GENERATION GENERATION BLOCK BOX APPROACH
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdfModule-1-(Building Acoustics) Noise Control (Unit-3). pdf
Module-1-(Building Acoustics) Noise Control (Unit-3). pdf
 
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTFUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
FUNCTIONAL AND NON FUNCTIONAL REQUIREMENT
 
Virtual memory management in Operating System
Virtual memory management in Operating SystemVirtual memory management in Operating System
Virtual memory management in Operating System
 
Levelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument methodLevelling - Rise and fall - Height of instrument method
Levelling - Rise and fall - Height of instrument method
 
KCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitosKCD Costa Rica 2024 - Nephio para parvulitos
KCD Costa Rica 2024 - Nephio para parvulitos
 
Cost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based questionCost estimation approach: FP to COCOMO scenario based question
Cost estimation approach: FP to COCOMO scenario based question
 
Artificial Intelligence in Power System overview
Artificial Intelligence in Power System overviewArtificial Intelligence in Power System overview
Artificial Intelligence in Power System overview
 
Mine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptxMine Environment II Lab_MI10448MI__________.pptx
Mine Environment II Lab_MI10448MI__________.pptx
 
multiple access in wireless communication
multiple access in wireless communicationmultiple access in wireless communication
multiple access in wireless communication
 

Strata San Jose 2016 - Reduce False Positives in Security