One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8347624 |
| Date de publication | 2023-06-21 10:00:00 (vue: 2023-06-21 10:06:44) |
| Titre | Vers un SOC plus résilient: la puissance de l'apprentissage automatique Toward a more resilient SOC: the power of machine learning |
| Texte | A way to manage too much data
To protect the business, security teams need to be able to detect and respond to threats fast. The problem is the average organization generates massive amounts of data every day. Information floods into the Security Operations Center (SOC) from network tools, security tools, cloud services, threat intelligence feeds, and other sources. Reviewing and analyzing all this data in a reasonable amount of time has become a task that is well beyond the scope of human efforts.
AI-powered tools are changing the way security teams operate. Machine learning (which is a subset of artificial intelligence, or “AI”)—and in particular, machine learning-powered predictive analytics—are enhancing threat detection and response in the SOC by providing an automated way to quickly analyze and prioritize alerts.
Machine learning in threat detection
So, what is machine learning (ML)? In simple terms, it is a machine\'s ability to automate a learning process so it can perform tasks or solve problems without specifically being told do so. Or, as AI pioneer Arthur Samuel put it, “. . . to learn without explicitly being programmed.”
ML algorithms are fed large amounts of data that they parse and learn from so they can make informed predictions on outcomes in new data. Their predictions improve with “training”–the more data an ML algorithm is fed, the more it learns, and thus the more accurate its baseline models become.
While ML is used for various real-world purposes, one of its primary use cases in threat detection is to automate identification of anomalous behavior. The ML model categories most commonly used for these detections are:
Supervised models learn by example, applying knowledge gained from existing labeled datasets and desired outcomes to new data. For example, a supervised ML model can learn to recognize malware. It does this by analyzing data associated with known malware traffic to learn how it deviates from what is considered normal. It can then apply this knowledge to recognize the same patterns in new data.
 Unsupervised models do not rely on labels but instead identify structure, relationships, and patterns in unlabeled datasets. They then use this knowledge to detect abnormalities or changes in behavior. For example: an unsupervised ML model can observe traffic on a network over a period of time, continuously learning (based on patterns in the data) what is “normal” behavior, and then investigating deviations, i.e., anomalous behavior.
Large language models (LLMs), such as ChatGPT, are a type of generative AI that use unsupervised learning. They train by ingesting massive amounts of unlabeled text data. Not only can LLMs analyze syntax to find connections and patterns between words, but they can also analyze semantics. This means they can understand context and interpret meaning in existing data in order to create new content.
Finally, reinforcement models, which more closely mimic human learning, are not given labeled inputs or outputs but instead learn and perfect strategies through trial and error. With ML, as with any data analysis tools, the accuracy of the output depends critically on the quality and breadth of the data set that is used as an input.
A valuable tool for the SOC
The SOC needs to be resilient in the face of an ever-changing threat landscape. Analysts have to be able to quickly understand which alerts to prioritize and which to ignore. Machine learning helps optimize security operations by making threat detection and response faster and more accurate. |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “training”–the —and the with 000 200 ability able abnormalities about accuracy accurate actors advanced adversary alert alerts algorithm algorithms alien all also among amount amounts analysis analyst analysts analytics analytics—are analyze analyzing anomalies anomalous any anywhere apply applying architecture are are: arthur artificial associated at&t augmented automate automated automating average bad based baseline basis become been behavior behavioral behaviors behind being between beyond both breadth business but campaigns can capabilities cases categories center changes changing chatgpt classify closely cloud clusters combining command commands commonly compromise confidence connections considered consuming content context continuously contribute control create critical critically curated daily data datasets day depends desired detect detection detections deviates deviations dictates different does domain efficient efforts enhance enhancing enrich error event ever every evolved example example: exchange existing explicitly extensible external extraction face facilitate false families fast faster fed feeds finally find floods focus frees from gained generate generates generation generative given gives has have help helps high higher how human identification identify ignore improve incident including indicators industries information informed infrastructure ingesting initiatives input inputs insider insights instead intelligence interpret introduced investigate investigating iocs its june knowledge known labeled labels labs landscape language large largest learn learning learns less llms long machine make making malware manage manual massive meaning means members methods mimic model models more most much multiple near need needs network new normal not now obfuscated observe one only open operate operations optimize order organization other otx outcomes output outputs over own parse particular patching patterns perfect perform period pioneer platform platform’s platforms positives power powered powershell predict predictions predictive prevalent primary prioritize problem problems process programmed protect provide providing purposes put quality quickly real reasonable recognize reduce refined regions register reinforced reinforcement related relationships rely repetitive resilient respond response responses reviewing routine same samuel scale scenes scope security semantics sensitive services set several sharing signature simple since soc soc: solve sources specifically strategic strategies structure submissions in subset such supervised suspected syntax targeted task tasks teams terms text than them then these threat threats through thus time today’s told too tool tools toward traditional traffic train transforming trial tune type understand unlabeled unsupervised use used user uses usm utilized valuable value various vulnerabilities way ways webinar well what where which without words workflows world |
| Tags | Malware Tool Threat Prediction Cloud |
| Stories | ChatGPT |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.