Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Machine learning & security. Detect atypical behaviour in logs

226 visualizaciones

Publicado el

Machine learning & security. Detect atypical behaviour in logs

Publicado en: Datos y análisis
  • Inicia sesión para ver los comentarios

  • Sé el primero en recomendar esto

Machine learning & security. Detect atypical behaviour in logs

  1. 1. Machine Learning & Security. Detect atypical behaviour in logs
  2. 2. The more experiments you make, the better
  3. 3. All these busters!
  4. 4. The data is correct, sir...
  5. 5. It must be here somewhere… I’ve seen it!
  6. 6. We have a great solution for you!
  7. 7. How it works? Magic?
  8. 8. How it works? Magic? 1. Clean out log file
  9. 9. How it works? Magic? 1. Clean out log file 2. Prepare data for clusterization
  10. 10. How it works? Magic? 1. Clean out log file 2. Prepare data for clusterization 3. Clusterize data
  11. 11. How it works? Magic? 1. Clean out log file 2. Prepare data for clusterization 3. Clusterize data 4. “Picture of Normality”
  12. 12. How it works? Magic? 1. Clean out log file 2. Prepare data for clusterization 3. Clusterize data 4. “Picture of Normality” 5. Doing some Machine Learning magic ;)
  13. 13. Now it’s clean and nice like baby’s ass!
  14. 14. You see words. I see numbers. AppInfo connection accepted DeviceName TCPPid IPAddr Port Device Controller Stopping SdlTCPConnection : AppInfo RISCMAccess DeviceTransientConnection AppInfo Closing Station connection Error Description transition defined input AppInfo StationInit EnblocCall calledParty 0.4567 0.4756 0.4070 0.4023 0.2546 0.5879 0.3546 0.5467 0.4568 0.6543 0.3684 : 0.2365 0.3456 0.3654 0.2468 0.6734 0.3756 0.5867 0.1465 0.7845 0.3765 0.2365 0.7986 0.3463 0.4768 0.3758 0.4976 0.3756
  15. 15. I don’t need that piece of junk! score() = effectiveness % of features junk
  16. 16. Total annihi… Clusterization! KNN algorithm(K Nearest Neighbors)
  17. 17. No train no gain. picture of normality
  18. 18. Freeze! You’re busted, buddy. I’m a cop. Detected anomalies
  19. 19. I’m watching you, loosers
  20. 20. Let me look at you closer, boy $ nc 202.41.76.251 80 nmap -A -T4 74.207.244.221 nikto -verbose -host google.com
  21. 21. When in doubt, use brute force BruteForcing
  22. 22. It’s not a DDoS, it’s an “Aggressive Scan”! DDoS attacks
  23. 23. Smart? Dumb? What do you prefer? for fuzz in range(255): packet=‘x80x00x00’+chr(fuzz)+’x01x00x00x00’ sock = socket.socket(socket.AF_INET, 1) sock.connect((IP, PORT)) sock.send(packet) FUZZING
  24. 24. Money talks. But all mine ever says is “Bye!” Suspicious financial transactions
  25. 25. What do you mean I owe you 10.000 $ ??? Toll fraud
  26. 26. C’mon, kid, I’ll show you smth bad
  27. 27. Thank You! THE END @white_buddah alexander@datawiz.io

×