Topic: Detecting Persistent Threats using Sequence Statistics
Speaker: Dr. Ted Dunning, Chief Application Architect at MapR
Time and date: 4:30-6:30pm, Monday 5 September 2016
Location: 40 Cameron Avenue in Belconnen at HP Enterprise
In a persistent threat, the attacker often penetrates a system but exploits information captured there elsewhere at a throttled rate to avoid detection. In some cases, the attacker even takes measures to protect the penetrated system from other attackers to avoid the detailed inspection that often accompanies the detection of a compromise. I will describe one particular kind of situation in which a single point of compromise is used to extract consumer financial information that is then used elsewhere to commit fraud. This kind of attack can be difficult to detect and hard to trace. In fact, however, detailed examination of transaction histories across thousands to millions of accounts can provide a very sensitive indicator of such activity and can often pin-point the original point of compromise. The detection technique that I will describe has very broad applicability across many problems that involve sequences of symbols and has produced state-of-art results in genomics, fraud detection, text analysis, retail recommendations and predicting attrition and profitability. The specific case that I describe in this talk is also interesting since the technique was initially developed using synthetic data which emulated real data closely enough that a fraud ring was detected the first time out.
About the speaker:
Ted Dunning is Chief Application Architect at MapR Technologies and committer and PMC member of the Apache Mahout, Apache ZooKeeper, and Apache Drill projects. Ted has been very active in mentoring new Apache projects and is currently serving as vice president of incubation for the Apache Software Foundation. Ted was the chief architect behind the MusicMatch (now Yahoo Music) and Veoh recommendation systems. He built fraud detection systems for ID Analytics (LifeLock) and he has 24 patents issued to date and a dozen pending. Ted has a PhD in computing science from the University of Sheffield. When he’s not doing data science, he plays guitar and mandolin. He also bought the beer at the first Hadoop user group meeting.
Pizzas and drinks will be sponsored by MapR. The venue will be sponsored by HP Enterprise.