How Data Science Techniques Can Help Investigators Detect Malicious Behavior

Data science techniques can help organizations solve their security problems — but they aren’t a silver bullet. Working directly with customers, Endgame has been able to match the right science to unsolved customer security challenges to create effective solutions. This presentation by Endgame Data Scientist Phil Roth covers:

  • How machine learning techniques can be used to find security insights in large amounts of data.
  • The difference between supervised and unsupervised learning and the different types of security problems they can solve.
  • How a lack of labeled data and the high cost of misclassifications present challenges to data scientists in the security industry.
  • How Endgame has used an unsupervised clustering technique to group cloud-based infrastructure, a fundamental step in the detection of malicious behavior.

This presentation was originally delivered at RSA 2015.

About Phil: Phil Roth cleans, organizes, and builds models around security data for Endgame. He learned those skills in academia while earning his physics PhD at the University of Maryland. It was there that he built data acquisition systems and machine learning algorithms for a large neutrino telescope called IceCube based at the South Pole. He has also built image processors for air and space based radar systems.