Can behavioral analytics for enterprise security benefit from approaches in NLP?
While network protocols are the language of the conversations among devices in a network, these conversations are hardly ever labeled. Advances in capturing semantics present an opportunity for capturing access semantics to model user behavior. Ram Janakiraman explains how, with strong embeddings as a foundation, behavioral use cases can be mapped to NLP models of choice.
| Talk Title | Can behavioral analytics for enterprise security benefit from approaches in NLP? |
| Speakers | Ramsundar Janakiraman (Aruba) |
| Conference | O’Reilly Artificial Intelligence Conference |
| Conf Tag | Put AI to Work |
| Location | San Jose, California |
| Date | September 10-12, 2019 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Advances in NLP in semantic encoding techniques, specifically to tame polysemous words, have made a great impact in text and sequence analysis. The first step in the successful cross-domain application of NLP to enterprise security may just boil down to building a semantic representation of the network entities and their interactions. Ram Janakiraman examines how enterprise networks are like theme parks. Use of a device by a user maps to the use of tickets or a mobile application to access the amusements. Network protocols are now the language of the devices to exchange data. Every user behind a device in the network finds their target through gatekeepers conversing using these protocols. Such interactions provide insight into personal interests and popularity of the kind of the rides and the shows they visit. The presentation will focus on the application of this concept to building behavioral representations of the users based on how they go about their daily professional lives. Behavioral analysis in enterprise security comes with a few challenges. Higher data volume and higher demand for security admin’s time leave us with hardly any labeled data and, hence, any viable supervised approach. Furthermore, privacy concerns, unique network layouts, and global business presence do not lend themselves to much transfer learning across enterprises. For example, it’s common to find behaviors deemed normal for an enterprise but considered outliers in general. Ram offers insights into building a semantic representation of the entities from unlabeled data sources. The way users traverse a network carrying out their everyday workflow can be used to model behavior baselines over time and across devices. Various techniques to build representations can be applied to network data sources, much like building embeddings for a new language as a first step at every enterprise. With embeddings as a good foundation, more advanced models can be leveraged for various use cases in behavioral analytics. Ram also shows how the approach can change the engagement model of the product toward improving end-user experience and highlights the protection of privacy and identity of the network entities with his approach. You’ll leave with ideas to formulate approaches for the application of NLP to use cases in your domains.
