Attackers using “living off the land” techniques can be difficult to identify. Detecting post-compromise anomalous patterns based on parent-child process relationships helps detect adversaries that...

Natural Language Processing (NLP) provides boundless opportunities for solving problems in artificial intelligence, making products such as Amazon Alexa and Google Translate possible. If you’re a...

Elastic Security has opened its detection rules repository to the world. We will develop rules in the open alongside the community, and we’re welcoming your community-driven detections. This is an...

Malware Bypass Research using Reinforcement Learning - bfilar/malware_rl

In this blog, we walk users through identifying beaconing malware in their environment using our beaconing identification framework.

ProblemChild: Discovering anomalous patterns based on parent-child process relationships Bobby Filar Team Lead, Sec Data Sci @filar David French Security Researcher @threatpunter Hyrum Anderson Tech...

We present cyber-security problems of high importance. We show that in order to solve these cyber-security problems, one must cope with certain machine learning challenges. We provide novel data...

Elastic Malware Benchmark for Empowering Researchers - elastic/ember

Machine learning is a popular approach to signatureless malware detection because it can generalize to never-before-seen malware families and polymorphic strains. This has resulted in its...

Malware Data Science explains how to identify, analyze, and classify large-scale malware using machine learning and data visualization.

Ransomware, a type of malicious software that encrypts a victim's files and only releases the cryptographic key once a ransom is paid, has emerged as a potentially devastating class of cybercrimes...

Query GreyNoise Intelligence API in Python. Contribute to bfilar/greynoise development by creating an account on GitHub.

It is becoming more common that adversary attacks consist of more than a standalone executable or script. Often, evidence of an attack includes conspicuous process heritage that may be ignored by...

for fun and profit!

CAMLIS 2019, Bobby FilarProblemChild: Discovering Anomalous Patterns based on Parent-Child Process Relationships (abstract: https://www.camlis.org/2019/talks...

This is a follow-up from my presentation on reinventing enterprise defense at ElasticON Security on August 19th, 2020. All too often when…

Bringing Red vs. Blue to Machine Learning - Download as a PDF or view online for free

KitNET is a lightweight online anomaly detection algorithm, which uses an ensemble of autoencoders. - ymirsky/KitNET-py

In this blog post, we train a classification model to identify malicious Windows process events and used anomaly detection to further uncover rare events. We are also releasing our models and...

PyTorch/HuggingFace Implementation of URLTran: Improving Phishing URL Detection Using Transformers - bfilar/URLTran

Binary code analysis allows analyzing binary code without having access to the corresponding source code. A binary, after disassembly, is expressed in an assembly language. This inspires us to...

Machine Learning for Computer Security. Contribute to ANSSI-FR/SecuML development by creating an account on GitHub.

Pytorch Implementation of "Predicting Domain Generation Algorithms using LSTMs" - bfilar/dga_predict

Lateral movement is an integral part of adversary movement into and around networks. This functionality is now built into relatively inexpensive and wid…

Microsoft's PowerShell is a command-line shell and scripting language that is installed by default on Windows machines. While PowerShell can be configured by administrators for restricting access...

PyData DC 2016Chatbots have become wildly popular interfaces for online services we use everyday. While these bots are not going to pass the Turing Test, the...

A curated list of resources dedicated to reinforcement learning applied to cyber security. - GitHub - Limmen/awesome-rl-for-cybersecurity: A curated list of resources dedicated to reinforcement le...

The command line hexadecimal editor, disassembler and debugger radare2 can be an invaluable reverse engineering tool. Even users of IDA Pro can find use in r...

A homoglyph (name spoofing) attack is a common technique used by adversaries to obfuscate file and domain names. This technique creates process or domain names that are visually similar to...

The Insider Threat Test Dataset is a collection of synthetic insider threat test datasets that provide both background and malicious actor synthetic data.

There are a ton of claims around AI and cybersecurity that don't quite add up. Here's what's really going on.

In-person Event - Learn how to apply machine learning to security data in the Elastic Stack with ProblemChild, a framework which flags rare malicious processes to help security/malware analysts...

As the amount of cyber data continues to grow, cyber network defenders are faced with increasing amounts of data they must analyze to ensure the security of their networks. In addition, new types...

The accurate measurement of security metrics is a critical research problem because an improper or inaccurate measurement process can ruin the usefulness of the metrics, no matter how well they...