Security Congress Abstract
Honeypots have the ability to provide rich data sets that record attacker activity while collecting detailed information about their system interactions. Machine learning leverages predictive analytics to identify models within large data sets. In this session, we will discuss the results of combining these two techniques to automate the search for attacks.
Security automation may be enhanced through the use of honeypots and machine learning techniques. However, there is work to be done to create a useful monitoring platform. Challenges include real-time normalization of diverse data sets, feature identification, model implementation, as well as concept drift leading to stale models. We will discuss these challenges as well as approaches for addressing them in the context of typical honeypot and machine learning environments.