GTC Silicon Valley-2019 ID:S9794:Detecting The Unknown: Using Unsupervised Behavior Models To Expose Malicious Network Activity
Aaron SantMiller(Booz Allen Hamilton)
We'll describe our work to achieve anomaly detection at network speed by combining probabilistic modeling, graph-based models, and more traditional machine learning techniques with the open source RAPIDS suite of software libraries. Traditional approaches to cybersecurity take a reactive approach, studying previous attacks to flag similar attacks in the future. This leaves systems vulnerable to day zero attacks in which adversaries use entirely new tactics to infiltrate a network. We'll explain how we address this issue by using multiple unsupervised models to alert cyber analysts about anomalous behavior, and then incorporate analysts' feedback to continuously update our models. We'll describe how our GPU-Powered platform, which combines machine learning with experts' cyber knowledge, increases the accuracy of alerts, improves model performance, and reduces time to detection for novel attacks.