使用自动编码器探索身份验证日志中的异常.pdf

1、2024 Databricks Inc.All rights reservedExploring Exploring Anomalies in Anomalies in Authentication Authentication Logs with Logs with AutoencodersAutoencodersHayden Beadles and Jericho Cain,Adobe Inc.Hayden Beadles and Jericho Cain,Adobe Inc.Last updated April 2024Last updated April 202412024 Datab

2、ricks Inc.All rights reservedCyber security events difficult to detect at scale with non-restrictive lookback windows.Too much data!30k Adobe Actors.1.5 million logins per day.How to extract the most probable events of interest.How to understand Adobe Employees Login behavior.Use ML to detect and un

3、derstand anomalies.Apply rules to anomalies for specific use cases.Return prioritized list of anomalies for human review.Explore blending data sources.Problem StatementProblem StatementThe PlanThe Plan2IntroductionIntroductionCan we use ML to detect cyber security events at Scale?Can we use ML to de

4、tect cyber security events at Scale?2024 Databricks Inc.All rights reserved3What Happens TodayWhat Happens TodayHow Most Authentication Software Monitors for AnomaliesHow Most Authentication Software Monitors for Anomalies1.5 million LoginsHeuristic ModelHeuristic ModelLast 20-50 loginsCan be increa

5、sed at cost of compute timeHard to capture complex behaviorLots of rules,hard to maintainLimited to a single data sourceAnomalies2024 Databricks Inc.All rights reserved4Can Machine Learning Help?Can Machine Learning Help?Use a model as a filter to eliminate most of the rules.Use a model as a filter

6、to eliminate most of the rules.1.5 million LoginsAnomaliesLess Complex Heuristic ModelFeature Engineering andMachine Learning2024 Databricks Inc.All rights reservedEstablish User BaselinesEstablish User BaselinesEncode ViolationsEncode ViolationsSend them to the modelSend them to the model5Machine L