Overview
This course aims to teach learners how to detect malicious patterns in event-streaming data by utilizing the MITRE ATT&CK framework and deep learning techniques. The course covers topics such as constructing queries, hunting known behavioral patterns, and automatically discovering complex behavioral patterns from event logs. The skills taught include contextual understanding, querying, machine learning on sequence data, feature and embedding model design, recurrent and convolutional models, and evaluating false negatives and false positives. The teaching method involves a combination of theoretical concepts and practical examples. This course is intended for individuals interested in cybersecurity, threat detection, and machine learning applied to security analytics.
Syllabus
Intro
CONTEXT
EQL BY EXAMPLE
SEQUENCES: ORDER MATTERS
THE DREAM: SEMI-AUTOMATIC
MACHINE LEARNING ON SEQUENCE DATA
MODEL DESIGN: FEATURES
MODEL DESIGN: EMBEDDING
MODEL DESIGN: RECURRENT
MODEL DESIGN: CONVICTION
PATTERN EARLINESS?
UPDATED MODEL SUMMARY
LEARNED PATTERNS?
FALSE NEGATIVE
FALSE POSITIVE
STEP BACK: WHAT HAVE WE DONE?
Taught by
nullcon