The Prelude SIEM team will hold a conference (in French) on December 10 from 17:30 to 18:00 at POSS 2019, on the contribution of the AI ​​and the CTI in intrusion detection.


Machine learning, Open Threat Intelligence and Cybersecurity

For more than 20 years intrusion detection has been based on “classical” algorithm technologies. Logs are centralized and analyzed for specific patterns, and these events are correlated to each other in search of attack scenarios. This technique makes it possible to detect or anticipate numerous attacks, but essentially those that are “expected” since they correspond to pre-configured scenarios. In recent years, artificial intelligence has revolutionized computing. In the field of intrusion detection, machine learning algorithms promise to detect abnormal behavior and “weak signals” specific to APTs (Advanced Persistent Threats). A lot of Artificial Intelligence open-source projects implement new algorithms for dealing with this type of problems. One of the most well-known is French, it’s Scikit-learn. In addition, open Cyber Threat Intelligence databases (Open CTI, Spamhaus, DShield, etc.) can be used to share lists of addresses, domains and IOCs. These new technologies sometimes call into question the old processes considered by some too complex or outdated. What about it exactly? Is Artificial Intelligence the ultimate answer to cyber security problems? How effective are open Cyber ​​Threat databases? Should existing technologies be replaced or supplemented?

This presentation will provide an update on the subject by detailing the advantages and disadvantages of each technology and how best to exploit them.