Machine Learning: A Threat-Hunting Reality Check (Whitepaper)

Machine learning and how it can be applied to attack detection

Posted on 4 April 2017

This paper gives an introduction to the high-level concepts of machine learning and the typical ways in which it is applied to attack detection in the cyber security industry. It covers the problems commonly encountered and gives practical examples derived from Countercept’s experience of applying machine learning techniques as part of its threat-hunting platform.


Machine learning in attack detection...

We demonstrate that machine learning is currently more of an enhancement technology for solving specific security problems than a one-size-fits-all replacement technology. In particular, it will not replace the requirement for a highly experienced attack detection team.

 This paper will be of use to the following:
  • CIOs/CISOs to get a balanced view of what high level strengths and weaknesses machine learning can bring to attack detection, outside of vendor marketing hype.
  • Threat hunters and incident response teams looking to understand high-level technical detail on how software solutions using machine learning may fit into their wider attack detection and incident response toolsets.
  • Penetration testers and red-team specialists looking to understand common approaches to attack detection using machine learning.

Download Machine Learning - a reality check 5MB

pdf file format symbol2