Detection of Authentication Events Involving Stolen Enterprise Credentials


Posted on in Presentations

Malicious activities inside enterprise networks often use stolen credentials. For example, an attacker may authenticate to an enterprise’s services using stolen credentials during lateral movement. Speakers cast the detection of such authentication events as a classification problem and demonstrate our machine learning-based approach’s scalability and reliability on a Los Alamos National Labs data set.

Learning Objectives:
1: Learn that reliable near-time detection of stolen credentials is feasible.
2: See why data processing, feature engineering and parameter tuning are crucial.
3: Understand scalability requires continuous analytics, model building and online detection.

Participants
Mijung Kim

Participant

Research Engineer, Micro Focus

Pratyusa Manadhata

Participant

Principal Researcher, Micro Focus


Share With Your Community