Malicious activities inside enterprise networks often use stolen credentials. For example, an attacker may authenticate to an enterprise’s services using stolen credentials during lateral movement. Speakers cast the detection of such authentication events as a classification problem and demonstrate our machine learning-based approach’s scalability and reliability on a Los Alamos National Labs data set.
Learning Objectives: 1: Learn that reliable near-time detection of stolen credentials is feasible. 2: See why data processing, feature engineering and parameter tuning are crucial. 3: Understand scalability requires continuous analytics, model building and online detection.