DiscoverSplunk [AI/ML, Splunk Machine Learning Toolkit] 2019 .conf Videos w/ SlidesIs it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]
Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Update: 2019-12-24
Share

Description

Detecting abnormal behavior is an important objective in security monitoring, but is extremely challenging as we mostly are expected to detect "unknown unknowns." We can, however, use an entity's past behavior to measure how much of what we observe today deviates from normal behavior. In this way we can detect unknown, hidden and insider threats early on to stay ahead of advanced threats. This talk presents a unified, scalable framework for anomaly detection that is built on the frequent itemset mining technique. The premise is that if we can align an event with more frequent patterns observed in history, then the event is unlikely to be an anomaly. By mining through an extensive set of features and feature co-occurrences, the model can accurately capture the normal behaviors. Any new behaviors can then be scored. At which point, any new rare co-occurrences of events can be detected and sent to analysts and SOC teams for rapid investigation.


Speaker(s)
Nancy Jin, Data Scientist, Splunk
Ping Jiang, Sr. Software Engineer in Test, Splunk



Slides PDF link - https://conf.splunk.com/files/2019/slides/SEC1230.pdf?podcast=1577146258


Product: Splunk User Behavior Analytics


Track: Security, Compliance and Fraud


Level: Intermediate

Comments 
In Channel
The New Experiment Experience in the Splunk Machine Learning Toolkit [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

The New Experiment Experience in the Splunk Machine Learning Toolkit [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-2444:04

The SOC of the Future [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

The SOC of the Future [Splunk Enterprise, Splunk Enterprise Security, Splunk User Behavior Analytics]

2019-12-2446:36

The Two Most Common Machine Learning Solutions Everyone Needs to Know [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

The Two Most Common Machine Learning Solutions Everyone Needs to Know [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

Use Deception, Automated Response and Threat Emulation to Make Your Defense Proactive [Splunk Enterprise Security, Splunk Machine Learning Toolkit, Phantom, AI/ML]

2019-12-24--:--

User Experience Modeling with the Splunk Machine Learning Toolkit [Splunk Machine Learning Toolkit, AI/ML]

User Experience Modeling with the Splunk Machine Learning Toolkit [Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

Use Splunk SIEMulator to Generate Data for Automated Detection, Investigation, and Response [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

Using Machine Learning to Detect Traffic Anomalies [Splunk Machine Learning Toolkit, AI/ML]

Using Machine Learning to Detect Traffic Anomalies [Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

What's New in Splunk for Security [Splunk Enterprise Security, Splunk User Behavior Analytics, Phantom]

2019-12-24--:--

You Only Learn Once (YOLO) [Splunk Enterprise, Splunk Machine Learning Toolkit]

You Only Learn Once (YOLO) [Splunk Enterprise, Splunk Machine Learning Toolkit]

2019-12-24--:--

Introduction to monitoring business operations with Acceleris’ party dashboard [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Introduction to monitoring business operations with Acceleris’ party dashboard [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

2019-12-24--:--

Just a normal day in the office – Data driven business process improvements for a global supply chain company. [Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Just a normal day in the office – Data driven business process improvements for a global supply chain company. [Splunk Cloud, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]

Large Scale Threat Hunting in Splunk [Splunk Enterprise, Splunk Enterprise Security, Splunk Machine Learning Toolkit]

2019-12-24--:--

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

Lessons Learned From Building a Threat Detection Program [Splunk Enterprise, Splunk Enterprise Security, AI/ML]

2019-12-24--:--

Lessons Learned from Deploying Splunk UBA [Splunk User Behavior Analytics, AI/ML]

Lessons Learned from Deploying Splunk UBA [Splunk User Behavior Analytics, AI/ML]

2019-12-24--:--

Los Angeles World Airports - Streamlining event management with IT Service Intelligence (ITSI) [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

Los Angeles World Airports - Streamlining event management with IT Service Intelligence (ITSI) [Splunk Enterprise, Splunk IT Service Intelligence, Splunk Machine Learning Toolkit]

2019-12-24--:--

Machine Learning & Splunk 2019: The Splunk Machine Learning Toolkit in Action [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

Machine Learning & Splunk 2019: The Splunk Machine Learning Toolkit in Action [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Maintaining a state of good repair with predictive analytics [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

Maintaining a state of good repair with predictive analytics [Splunk Enterprise, Splunk Machine Learning Toolkit, AI/ML]

2019-12-24--:--

Marcus by Goldman Sachs: Monitoring an Online Banking Startup with Splunk [Splunk Enterprise, AI/ML]

Marcus by Goldman Sachs: Monitoring an Online Banking Startup with Splunk [Splunk Enterprise, AI/ML]

2019-12-24--:--

Maximizing permissioned blockchain throughput using Samsung SDS Accelerator and Splunk MLTK [Splunk Enterprise, AI/ML]

Maximizing permissioned blockchain throughput using Samsung SDS Accelerator and Splunk MLTK [Splunk Enterprise, AI/ML]

2019-12-24--:--

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Is it Normal or Suspicious? Detecting Anomalies via Market Basket Analysis [Splunk User Behavior Analytics]

Splunk