Video On Demand
Machine Learning for Threat Intelligence: Applying K-Means Clustering to Dharma and Phobos Ransomware Incidents
Eric Loui
Eric Loui
Runtime: 27:26
Conventional cyber threat intelligence techniques enable analysts to track, group and ultimately attribute incident data through indicators of compromise (IOCs). However, sometimes IOCs are insufficient for connecting the dots between different cases, particularly when adversaries reuse commodity tools. This presentation will demonstrate how using machine learning, specifically k-means clustering, can enable analysts to partition data points into multiple distinctive groups to discover previously unseen connections. Specifically, k-means clustering applied to Dharma and Phobos ransomware incident data revealed patterns to potentially provide insights into the actors behind the operations, as well as implications for the way actors monetize Dharma and Phobos campaigns.

Related Videos

Research & Threat Intelligence Priority Intelligence Requirements: Your Key to Working Smarter with More Impact
Thomas Schmitt AB-InBev 38:41
Research & Threat Intelligence LEAD Framework: Revamping Threat Intelligence
Filip Stojkovski Adobe 29:59