Detection of Authentication Events Involving Stolen Enterprise Credentials

Malicious activities inside enterprise networks often use stolen credentials. For example, an attacker may authenticate to an enterprise’s services using stolen credentials during lateral movement. Speakers cast the detection of such authentication events as a classification problem and demonstrate our machine learning-based approach’s scalability and reliability on a Los Alamos National Labs data set.

Learning Objectives:
1: Learn that reliable near-time detection of stolen credentials is feasible.
2: See why data processing, feature engineering and parameter tuning are crucial.
3: Understand scalability requires continuous analytics, model building and online detection.



Pratyusa Manadhata Principal Researcher, Micro Focus

← View more Videos

This document was retrieved from on Tue, 21 Aug 2018 12:12:53 -0400.