Machine Learning: A Threat-Hunting Reality Check

Machine learning and how it can be applied to attack detection

Posted on 4 April 2017

Machine learning in attack detection paper

This paper gives an introduction to the high-level concepts of machine learning and the typical ways in which it is applied to attack detection in the cyber security industry. It covers the problems commonly encountered and gives practical examples derived from Countercept’s experience of applying machine learning techniques as part of its threat-hunting platform.

Machine learning in attack detection...

We demonstrate that machine learning is currently more of an enhancement technology for solving specific security problems than a one-size-fits-all replacement technology. In particular, it will not replace the requirement for a highly experienced attack detection team.


This paper will be of use to the following:

  • CIOs/CISOs to get a balanced view of what high level strengths and weaknesses machine learning can bring to attack detection, outside of vendor marketing hype.
  • Threat hunters and incident response teams looking to understand high-level technical detail on how software solutions using machine learning may fit into their wider attack detection and incident response toolsets.
  • Penetration testers and red-team specialists looking to understand common approaches to attack detection using machine learning
The problems with machine learning in attack detection...

By submitting your details you agree to receive occasional news and research from Countercept by MWR - you can unsubscribe at any time. For more details on the use of information submitted on this form please click here

More from MWR

Sign up for News & Research +-