当前位置:首页 > 报告详情

FACADE:基于对比学习的高精度内部威胁检测.pdf

上传人: 竿*** 编号:981885 2025-11-29 43页 1.91MB

1、#BHUSA BlackHatEventsFACADEHigh-Precision Insider Threat Detection Using Contrastive LearningAlex KantchelianGoogleElie BurszteinGoogle DeepMind with Casper Neo,Ryan Stevens,Sadegh Momeni,Birkett Huber,Yanis Pavlidis and many other Googlers#BHUSA BlackHatEvents SCAN MEPresentation slides:https:/ Bla

2、ckHatEvents10 billion+events processed annually to protect Google from insider threats#BHUSA BlackHatEventsInsider attacks threat modelIntentionalattack by a rogue employeeUnwillingattack by a deceived or coerced employeeAccidental harm by a well intentioned employee#BHUSA BlackHatEventsExample of i

3、nsider threatsIntentionalaccess of confidential documents without business justification through access permissions abuseUnwillingaccess made using an employee account compromised by a malware Accidentalshare confidential documents with external party without NDA in good faith#BHUSA BlackHatEventsWh

4、y detecting insider attacks is hardHeavily context dependentRisk depends on user roles and their relations to the resources accessedWide attack surfaceInsider attackers have broad access to the enterprise infrastructure via legitimate credentialsVery low incidence Insider threat incidence events are

5、 extremely low volume#BHUSA BlackHatEventsFACADE:A High-Precision Insider Threat DetectionUsing Deep Contextual Anomaly Detectionlow false alertsDeep learningmodelUser and resource awareHow likely is the acces?#BHUSA BlackHatEventsHighly accurate anomaly detection?Really?#BHUSA BlackHatEventsRed Tea

6、m attacks ranked in the top 0.01%of suspicious events and many red team attackers in the top-10 most suspicious users during the attack period,with 10+millions events ranked by FACADE during that timespan.#BHUSA BlackHatEventsAgendaScoring Arbitrary Time PeriodsFeaturization of Resources and UsersFA

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《FACADE: High-Precision Insider Threat Detection Using Contrastive Learning》的内容,以下是全文关键点的概括: 1. **FACADE系统**:一个基于深度学习的内部威胁检测系统,使用对比学习进行高精度异常检测。 2. **处理事件量**:每年处理超过10亿事件以保护Google免受内部威胁。 3. **内部威胁类型**:包括有意攻击、无意攻击和意外伤害。 4. **检测难度**:由于高度依赖上下文、风险与用户角色和资源访问关系紧密、攻击面广、发生率低,检测内部攻击困难。 5. **FACADE模型**:利用深度上下文异常检测,具有低误报率,用户和资源感知。 6. **训练模型**:通过无监督训练,使用正常和异常行为示例构建训练数据集。 7. **资源特征化**:处理大量异构资源,通过历史特征化方法将资源转换为密集表示。 8. **用户特征化**:使用低基数、稳定的属性进行直接分类特征化,以及使用高基数、不稳定的属性进行隐式社交网络特征化。 9. **评分方法**:采用点评分和活动集评分,通过聚类相似异常活动来提高评分的多样性。 10. **评估结果**:在模拟攻击中,FACADE检测出4名攻击者中的3名。 11. **可用性**:FACADE是开源的,代码可在GitHub上找到。
"FACADE如何精准识别内部威胁?" "深度学习在内部威胁检测中的应用?" "开源工具FACADE如何助力企业安全?"
客服
商务合作
小程序
服务号
折叠