This website www.ds4n6.io uses its own and third party cookies to collect information that helps to optimize your visit to their web pages. Cookies will not be used to collect personal information. You can either allow or reject their use. You can also change their settings at any time. You will find more information on our Cookie Policy page.

OK

DS4N6 Blog >> Threat Hunting with AI

Threat Hunting with AI

370x370_jess-garcia.jpg [17/05/21] May 17, 2021
Jess Garcia - One eSecurity
Twitter: j3ssgarcia - LinkedIn: garciajess

In my RSA Conference '21 presentation I discussed a Threat Hunting methodology that made use of Machine Learning to automate, to a certain extent, the detection of malicious activity via anomaly analysis.

In this blog post series we will go from the conceptual and procedural ideas on how to include IA in your Threat Hunting processes, by means of a combined TTP-based Hunting + Anomaly-based Hunting, along the lines presented in the talk, to the in-depth the implementation details, first from the DFIR point of view, then going down to the low levels details of the Machine Learning Autoencoders (Vanilla/LSTM) implementations.

I will also discuss the new find_anomalies() function, aimed at facilitating machine learning-based anomaly detection mechanisms in a reasonably transparent and straightforward way, as one more Forensicator power tool, very much aligned with the spirit of the ds4n6_lib library. Actually, this alignment is not strange, since the find_anomalies() function falls under D4ML, the Machine Learning extensions to the ds4n6_lib library.

Here is a list of the upcoming posts along with their tentative publication dates:

Hope you enjoy this content!

Stay Tuned and contact us if you have any comment or question!


Follow us: Twitter: @ds4n6_io - RSS News Feed - Youtube