Deep Learning in Security—An Empirical Example in User and Entity Behavior Analytics (UEBA)

Download Slides

Recently, deep learning has delivered groundbreaking advances in many industries. In this presentation, Dr. Wang will share empirical experiences of applying deep learning to solving some specific security problems with real-world customer attack detection examples. He will also discuss the challenges and guidelines for successfully deploying deep learning, or general machine learning, in broader security.
This session will feature two deep learning examples. The first example is a user-behavior anomaly detection solution using Convolutional Neural Network (CNN). Since CNN is most effective for image processing, Dr. Wang will introduce an innovative way to encode a user’s daily behavior into multi-channel images. He will also share the experimental comparison results of CNN hyperparameter tuning. The second example is a stateful user risk scoring system using Long Short Term Memory (LSTM). Most of the modern attacks happen in a multi-stage fashion, i.e., infection -> command & control -> lateral movement -> data infiltration -> data exfiltration. In this case, the company uses LSTM to monitor the temporal state transition of each user over these.“

Session hashtag: #SFds9