Alfred, find the Attacker: A primer on AI and ML applications in the IT Security Domain
AI and ML recently appeared in many products and applications, but it is almost never explained how or why it is used.
This talk aims at enabling IT Security practitioners to question vendors on their approaches and providing them tools for hands-on experimentation.
As more and more products make use of Machine Learning techniques and Artificial Intelligence, it is often left as an exercise to the reader to find out how and what the product at hand exactly does.
To achieve this, an understanding of the various terms and concepts of the ML domain are needed. With this talk I want to give a quick glance over the main concepts and their applicability in the IT Security domain.
For a practical application, the talk also introduces the Machine Learning Testbench - a Python-Framework that enables rapid prototyping and testing of algorithms against data provided by a Splunk instance.
1. Introduction to key terms (ML, AI, Deep Learning, etc) - Basic terminology and concepts 2. Practical applications in daily use - Where can one make use of the techniques? - Multiple examples of real life applications, (UBA, NIDS, AV, etc) are given and explained 3. A sandbox to explore - How Splunk and the Machine Learning Testbench interact - Build your own test and see some results