SnortML Training: Machine Learning based Exploit Detection

Brandon Stultz, Research Engineer for Cisco Talos, guides you on how to use SnortML - a machine learning-based detection engine capable of detecting novel attacks fitting known vulnerability types. This video includes how SnortML addresses the zero day problem, an overview of the vulnerability classes it is currently trained on, and a dive into neural networks. The video concludes a model development lab where you will see Brandon create a new model to detect a SQL injection attack. You can find the SnortML and LibML code on GitHub https://github.com/snort3. You can also join the conversation on our Discord https://discord.com/invite/Sdgsg8MtQQ. Chapters: 00.10 The Zero Day problem 01:15 Vulnerability classes that SnortML is trained on 03:21 Common exploit examples 05:00 What is Machine Learning? 06:32 What are neural networks? 08:09 Recurrent neural networks 09:10 Long short term memory neurons 11:33 How we built SnortML 13:17 LibML 15:11 Model Development Lab 24:14 Conclusion