Be the first to like this
Machine Learning Based Attack Vector Modeling for CyberSecurity:
Connections have behavioural patterns that are unique to protocols, loads, window sizes, bandwidth, and mainly the type of traffic. A CDN enterprise behaves completely differently than how a Cloud service company would behave and they both would be different from a corporation. This also means that attack vectors and attack landscapes are different in all these places. In this talk we speak about modeling different kinds of attacks and build a model that is able to identify these different kinds of attacks using ML.
The method we use is to identify different profiles based on many variables that specifically but robustly identify attacks of different kinds. The variables are specific to business, network profile, traffic. The variables are also high-level i.e. aggregate, and packet-level. This way the models are specifically picking up on constant variations in traffic, and create machine learning models to identify these attacks. Using the power of H2O these analyses are not just limited to a research and analysis of the traffic and concluding with a “OH, this was what it was.” moment but to actually deploy code, besides existing IDS and IPS, or deploying highly optimized, independent programs that can handle high thruputs at the rate of 1.2 Million decisions per second making it one of the fastest implementations of ML to identify, defend and protect critical infrastructure that are potentially under threat.