SPOT: A data-driven threat detection framework with knowledge-enhanced scoring
Abstract
In an era when digital threats are becoming increasingly sophisticated and pervasive, the need for robust cyber security measures has never been more critical. Traditional methods based on fact or correlation rule matching are insufficient. Machine learning (ML) for dynamic behaviour modelling and automated scoring is now crucial for effective threat detection. This paper introduces SPOT, a practical threat detection and scoring framework and system for user and entity behaviour analytics (UEBA). The framework comprises layered modules: data-driven ML for event scoring; event organisation into meaningful threats; and threat re-prioritisation based on business knowledge factors. The system architecture supporting this framework leverages a stream-based distributed computing platform enabling Cloudscale processing for high-fidelity threat identification. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Derek Lin is currently the Chief Data Scientist at Exabeam Inc., where he leads the development of data science-driven defences against cyber threats. His research interests and expertise include anomaly detection, insider threat detection and behaviour analytics. His prior work in machine learning (ML) spans areas such as risk-based online banking fraud detection, data loss prevention, voice-biometric security and speech and language processing. Derek holds numerous patents and has authored multiple publications in IT operations and security. He earned both his MS and BS degrees in electrical engineering from the University of Southern California.
