Applied Machine Learning in Cyber Security

The presentation discusses Applied Machine Learning (ML) in Cyber Security, focusing on practical implementation in threat detection and security operations centers (SOCs). The authors explain the history and core concepts of Artificial General Intelligence (AGI) and contrast it with ML and deep learning. They detail various ML approaches, including supervised and unsupervised learning. Specific use cases like SPAM detection using probability (Naive Bayes), anomalies in network traffic using clustering (K-Means), and detecting malicious URLs using Support Vector Machines (SVMs) are covered. The authors also explain deep learning concepts like Recurrent Neural Networks (RNNs) and Long Short-Term Memory (LSTM) for sequentially data processing tasks such as domain generation algorithm (DGA) detection. The talk emphasizes the importance of data preprocessing, feature engineering, and model evaluation techniques, and provides practical demonstrations and code examples for each model discussed. Integration of ML into common SOC tools like Elasticsearch and Splunk is also addressed.