We aim to enable SOC operators to reduce tasks related to explanations for alerts. presented at CODEBLUE2020 2020

by Tsuyoshi Taniguchi,

Summary : We have developed a method for identifying attack types with explainable diagnosis by taking advantage of advanced adversary's evasive behavior.In addition to differences between legitimate and malicious behavior, we learn from comparison of targeted attacks and broad ones.This learning is a basis for explainable detection of attack types for unidentified domains.In this presentation, we will show that advanced adversaries rarely leave traces which defensive researchers are easy to detect then compare traces of targeted attacks with ones of broad attacks.For unidentified domains, we will demonstrate that our system identifies attack types with explainable diagnosis.