U.S. Department of Energy

Pacific Northwest National Laboratory

Deep Learning for Unsupervised Anomaly Detection in Streaming Cybersecurity Data

Thursday, August 11, 2016
Dr. Brian Hutchinson
Assistant Professor, Department of Computer Science
Western Washington University
Insider threat detection is a classic needle-in-a-haystack problem, with high-volume data streams and extremely rare events of interest. The sheer velocity and volume of data rules out a careful, manual analysis and makes it impractical to employ traditional, automated batch-processing methods. Furthermore, insider threat takes many forms which, combined with the rarity of threat events, makes it very difficult to explicitly characterize or model threat behavior. In this talk I will discuss our approach to insider threat detection that addresses these challenges. We use a novel deep learning architecture to model the day-to-day dynamics of "normal" user behavior so that we can automatically identify and flag anomalous behavior, under the assumption that threat behavior will be anomalous. Our system is explicitly designed for a real-time, multi-user, streaming environment.
Speaker Bio

Brian Hutchinson received his Ph.D. in electrical engineering from the University of Washington in 2013, where he also earned a Master's in the same field. He also holds degrees in computer science (B.S., M.S.) and linguistics (B.A.) from Western Washington University, where he has been an Assistant Professor of Computer Science since 2013. His research interests include machine learning, speech and language processing, and optimization. In particular, he is interested in novel deep learning architectures and their application across domains.

| Pacific Northwest National Laboratory