Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Administered by:

Server stats:

227
active users

eupolicy.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#AnomalyDetection

0 posts0 participants0 posts today
Europe Says<p><a href="https://www.europesays.com/2010929/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/2010929/</span><span class="invisible"></span></a> Integrating AI and ML technologies across OT, ICS environments to enhance anomaly detection and operational resilience <a href="https://pubeurope.com/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://pubeurope.com/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a> <a href="https://pubeurope.com/tags/Armis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Armis</span></a> <a href="https://pubeurope.com/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://pubeurope.com/tags/ControlSystem" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ControlSystem</span></a> <a href="https://pubeurope.com/tags/Darktrace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Darktrace</span></a> <a href="https://pubeurope.com/tags/GenerativeAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GenerativeAI</span></a> <a href="https://pubeurope.com/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://pubeurope.com/tags/industrial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>industrial</span></a> <a href="https://pubeurope.com/tags/IndustrialControl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IndustrialControl</span></a> <a href="https://pubeurope.com/tags/ML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ML</span></a> <a href="https://pubeurope.com/tags/Nvidia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nvidia</span></a> <a href="https://pubeurope.com/tags/OperationalResilience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationalResilience</span></a> <a href="https://pubeurope.com/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://pubeurope.com/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://pubeurope.com/tags/ThreatGEN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatGEN</span></a></p>
Europe Says<p><a href="https://www.europesays.com/1975014/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">europesays.com/1975014/</span><span class="invisible"></span></a> Aitech Unveils World’s First AI-Enabled Picosatellite Constellation Platform Transforming Space-Based Intelligence for Military, Defense, Public Safety, Agriculture and Infinite Other New Markets <a href="https://pubeurope.com/tags/Aitech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aitech</span></a> <a href="https://pubeurope.com/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a> <a href="https://pubeurope.com/tags/ArtificialIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ArtificialIntelligence</span></a> <a href="https://pubeurope.com/tags/constellation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>constellation</span></a> <a href="https://pubeurope.com/tags/LEOConstellation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LEOConstellation</span></a> <a href="https://pubeurope.com/tags/space" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>space</span></a> <a href="https://pubeurope.com/tags/SpaceDebris" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpaceDebris</span></a> <a href="https://pubeurope.com/tags/SpacePlatforms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpacePlatforms</span></a> <a href="https://pubeurope.com/tags/SpaceSymposium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpaceSymposium</span></a> <a href="https://pubeurope.com/tags/Watchman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Watchman</span></a></p>
da_667<p>Hey Hey People,</p><p>DA Here.</p><p>Do you, have a Suricata sensor in your network?</p><p>Do you, use Suricata as a part of sandbox that you run?</p><p>Have you, been hammering away at finding evil, and want to find more?</p><p>I'm doing a webinar courtesy of OISF this Thursday. 3PM UTC, which translates to 10am EST.</p><p>I'll be talking about two things during this meeting: One, is making good use of the ET INFO rule category as an early warning system.</p><p>Sure, there is a lot of noise to sift out of ET INFO, and for that reason, some choose to just cut it entirely. I'm here to show you how to grab the stuff we've seen in our sandboxes that can help to lead anomaly detection.</p><p>In the second part of this talk, I will talk about how you can convert network and system-specific artifacts into a set of Honeytoken-like IDS rules that again, can lead to anomaly detection, and perhaps even catching advanced or unidentified threats.</p><p>Here is a link to register for the meeting: <a href="https://us02web.zoom.us/webinar/register/WN_MJogFww8S4mIpEOctaTZlw#/registration" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">us02web.zoom.us/webinar/regist</span><span class="invisible">er/WN_MJogFww8S4mIpEOctaTZlw#/registration</span></a></p><p><a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/EmergingThreats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EmergingThreats</span></a> <a href="https://infosec.exchange/tags/DetectionEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DetectionEngineering</span></a> <a href="https://infosec.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatHunting</span></a> <a href="https://infosec.exchange/tags/OISF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OISF</span></a> <a href="https://infosec.exchange/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a></p>
Marko Jahnke<p>It is not surprising that <a href="https://bonn.social/tags/SIEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIEM</span></a> detection rules can be evaded in many cases, this is the same as for signature-based detection of <a href="https://bonn.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> in general.</p><p>This approach uses a combination of misuse and <a href="https://bonn.social/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a> to find potential <a href="https://bonn.social/tags/evation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>evation</span></a> attempts. The PoC implementation is called <a href="https://bonn.social/tags/AMIDES" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AMIDES</span></a>, and the code is available on GitHub.</p><p><a href="https://www.usenix.org/conference/usenixsecurity24/presentation/uetz" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">usenix.org/conference/usenixse</span><span class="invisible">curity24/presentation/uetz</span></a></p><p><a href="https://bonn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://bonn.social/tags/Research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Research</span></a></p>
Tero Keski-Valkama<p>I am a <a href="https://geeknews.chat/tags/SoftwareEngineer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareEngineer</span></a> and an <a href="https://geeknews.chat/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> <a href="https://geeknews.chat/tags/researcher" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>researcher</span></a> living in a <a href="https://geeknews.chat/tags/polyamorous" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>polyamorous</span></a> relationship in <a href="https://geeknews.chat/tags/Benalm%C3%A1dena" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Benalmádena</span></a>, <a href="https://geeknews.chat/tags/M%C3%A1laga" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Málaga</span></a>, <a href="https://geeknews.chat/tags/Spain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spain</span></a>. I mainly post <a href="https://geeknews.chat/tags/InternationalNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternationalNews</span></a> and <a href="https://geeknews.chat/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a>.</p><p>I have authored 16+ <a href="https://geeknews.chat/tags/patents" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>patents</span></a>, I am doing research on <a href="https://geeknews.chat/tags/Industrial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Industrial</span></a> <a href="https://geeknews.chat/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a> using <a href="https://geeknews.chat/tags/DifferentiableComputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DifferentiableComputing</span></a> and <a href="https://geeknews.chat/tags/DeepLearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeepLearning</span></a>.</p><p>I hack with <a href="https://geeknews.chat/tags/SDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SDR</span></a> and I have a <a href="https://geeknews.chat/tags/FlipperZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlipperZero</span></a>.</p><p>I have programmed computers since I was 6 years old and they generally do what I tell them to.</p><p><a href="https://geeknews.chat/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introduction</span></a>, <a href="https://geeknews.chat/tags/introductions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introductions</span></a></p>
Marko Jahnke<p>In the early 2000s, <a href="https://bonn.social/tags/SvenHenkel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SvenHenkel</span></a> and myself developed an <a href="https://bonn.social/tags/IDMEF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDMEF</span></a>/ <a href="https://bonn.social/tags/IDXP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDXP</span></a> compliant security event message pipelining framework for collecting and consolidating log messages, e.g., from network <a href="https://bonn.social/tags/IDS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDS</span></a>, and <a href="https://bonn.social/tags/EDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EDR</span></a> products. </p><p>In the messages stream, we were able to match multi-stage <a href="https://bonn.social/tags/correlation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>correlation</span></a> <a href="https://bonn.social/tags/DetectionRules" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DetectionRules</span></a> in near real-time (in-memory), before everything was stored in a central database. Structural graph-based <a href="https://bonn.social/tags/AnomalyDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnomalyDetection</span></a> was developed later by some colleagues.</p><p>We called it <a href="https://bonn.social/tags/MetaIDS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MetaIDS</span></a>.</p>
ExploreLive feeds
About