Explore a comprehensive conference talk that demystifies AI and machine learning techniques for enhancing Security Operations Center (SOC) detection. Delve into the core concepts of AI and common machine learning methods, focusing on practical applications using existing data, basic machine learning principles, and Python. Discover how Credit Agricole's SOC team implements custom machine learning solutions, with a specific emphasis on preventing data leakage. Witness a live demonstration showcasing the team's enhanced detection process. Gain insights into topics such as behavioral analytics, isolation forests, deep learning with artificial neural networks and autoencoders, data representation, feature engineering, and result visualization. Learn about unsupervised machine learning evaluation, principal component analysis, and custom ML development. Acquire valuable takeaways and perspectives to improve your SOC's threat detection capabilities using AI and machine learning.
Demystifying AI and Machine Learning to Enhance SOC Detection
Overview
Syllabus
Intro
CONTEXT
MACHINE LEARNING IN SOC TEAM
OOTB BEHAVIORAL ANALYTICS
MACHINE LEARNING 101
ISOLATION FOREST
DEEP LEARNING: ANN
DEEP LEARNING: AUTOENCODERS
EXFILTRATION IS PART OF THE MATRIX
MACHINE LEARNING (AND DS) METHODOLOGY
LOG AND ASSOCIATED META DATA
DATA REPRESENTATION IS KEY
FEATURES ENGINEERING
NOTHING'S MATHE-MAGIC
RESULTS VISUALIZATION AKA DATAVIZ
UNSUPERVISED MACHINE LEARNING EVALUATION
MODEL EVALUATION: EMPIRICAL EVALUATION
PRINCIPAL COMPONENT ANALYSIS
CUSTOM ML DEVELOPMENT
TAKEAWAYS
PERSPECTIVES
Taught by
Black Hat
