An End-to-End System for Anomaly Detection Using Machine Learning on Knowledge Graphs

Voiceover

Presenter(s)

Lucas Payne

Abstract or Description

This project provides an end-to-end system for detecting anomalous behavior in a computer network based on analyzing system and server logs with machine learning techniques. Information across the set of log files is organized into a knowledge graph, which captures the entities within the network and their interactions with each other. A machine learning model based on knowledge graph completion is trained using normal network behavior. Then, new behavior passed through the model is evaluated and compared to the behavior the model has been trained on. The model returns a suspicion ranking from 0 – 4 for this behavior. This range of possible values will help security analysts better determine whether and how to respond to incidents based on their potential severity.