FACADE：基于对比学习的高精度内部威胁检测.pdf

《FACADE：基于对比学习的高精度内部威胁检测.pdf》由会员分享，可在线阅读，更多相关《FACADE：基于对比学习的高精度内部威胁检测.pdf（43页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsFACADEHigh-Precision Insider Threat Detection Using Contrastive LearningAlex KantchelianGoogleElie BurszteinGoogle DeepMind with Casper Neo,Ryan Stevens,Sadegh Momeni,Birkett Huber,Yanis Pavlidis and many other Googlers#BHUSA BlackHatEvents SCAN MEPresentation slides:https:/ Bla

2、ckHatEvents10 billion+events processed annually to protect Google from insider threats#BHUSA BlackHatEventsInsider attacks threat modelIntentionalattack by a rogue employeeUnwillingattack by a deceived or coerced employeeAccidental harm by a well intentioned employee#BHUSA BlackHatEventsExample of i

3、nsider threatsIntentionalaccess of confidential documents without business justification through access permissions abuseUnwillingaccess made using an employee account compromised by a malware Accidentalshare confidential documents with external party without NDA in good faith#BHUSA BlackHatEventsWh

4、y detecting insider attacks is hardHeavily context dependentRisk depends on user roles and their relations to the resources accessedWide attack surfaceInsider attackers have broad access to the enterprise infrastructure via legitimate credentialsVery low incidence Insider threat incidence events are

5、 extremely low volume#BHUSA BlackHatEventsFACADE:A High-Precision Insider Threat DetectionUsing Deep Contextual Anomaly Detectionlow false alertsDeep learningmodelUser and resource awareHow likely is the acces?#BHUSA BlackHatEventsHighly accurate anomaly detection?Really?#BHUSA BlackHatEventsRed Tea

6、m attacks ranked in the top 0.01%of suspicious events and many red team attackers in the top-10 most suspicious users during the attack period,with 10+millions events ranked by FACADE during that timespan.#BHUSA BlackHatEventsAgendaScoring Arbitrary Time PeriodsFeaturization of Resources and UsersFA