ML in Security: Suspiciously Named Processes
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark Topic
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content

Kumar Sharad, Sr. Threat Researcher, and Abhinav Mishra, Principal Applied Scientist, explain the motivation and goals for ML based detection in ESCU, highlighting the benefits of using pre-trained models over live-trained models. Then they dive into a specific example of how Splunk is using Deep Learning to detect suspiciously named processes and how to deploy it using the Splunk App for Data Science and Deep Learning (DSDL). Finally, they touch on how this comes together in ESCU and discuss additional resources.
Watch this tech talk to learn:
- How to leverage Deep Learning models to detect suspiciously named processes
- The design of a RNN based character-level model at the heart of the detection
- How to use the pre-trained model via the DSDL app
Tech Talk part I:
- Chapters
- descriptions off, selected
- captions settings, opens captions settings dialog
- captions off, selected
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
End of dialog window.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
Tech Talk part II:
- Chapters
- descriptions off, selected
- captions settings, opens captions settings dialog
- captions off, selected
This is a modal window.
Beginning of dialog window. Escape will cancel and close the window.
End of dialog window.
This is a modal window. This modal can be closed by pressing the Escape key or activating the close button.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.