Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ZERO-RULES Alert Contextualizer and Correlator for Detecting Multi-Stage Cyber Attacks

BSidesLV via YouTube

Overview

Explore innovative approaches to detecting multi-stage cyber attacks in this 54-minute conference talk from BSidesLV. Delve into the challenges of connecting disjointed security events and learn how open-source AI models can be leveraged to create cohesive MITRE ATT&CK campaigns. Discover the use of large language models for classifying alerts with relevant ATT&CK techniques and graph models for clustering related events. Examine a tailored model that cross-correlates and chains these clusters to reveal full ATT&CK flows probabilistically. Review experiments across public and private datasets demonstrating the approach's effectiveness in correlating slow, stealthy attack chains that evade traditional detection. Gain insights into key findings, use cases, and limitations of this novel method. Explore the groundbreaking aspects of using subject matter expert language models for alert enrichment, transforming data into temporal knowledge graphs, and applying hierarchical clustering and Markov models for incident chaining. Understand how this approach shifts perspectives from narrow correlation rules to capturing diverse attack flows hidden in noise, paving the way for a new era of open, cutting-edge security analytics to combat cyber threats.

Syllabus

Ground Truth, Wed, Aug 7, 19:00 - Wed, Aug 7, CDT

Taught by

BSidesLV

Reviews

Start your review of ZERO-RULES Alert Contextualizer and Correlator for Detecting Multi-Stage Cyber Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.