Network defense and cybersecurity applications traditionally rely on heuristics and signatures to protect networks and detect anomalies. Large companies may generate over 10TB of data daily, spread across different sensors and heterogenous data types. The difficulty of providing timely ingest, feature engineering, feature exploration, and model generation has made signature-based detection the only option. We'll show how to use RAPIDS and GPU acceleration to overcome these obstacles. We'll walk through data engineering steps involving large amounts of heterogeneous data (both source and format) and explore how GPUs can accelerate feature exploration and hyperparameter selection. This enables more in-house data scientists and information security experts to use internally collected data to generate predictive models for anomaly detection rather than rely on signature-based detection.
Rules-based approaches to cyber security detection do not scale and are burdened by a reliance on human engineering. In this session, we explore machine learning approaches to cyber security threats, specifically those related to failed login attempts (often a left-of-compromise indicator of an attack) and credential misuse (abnormal behavior). Rather than apply rules, we use the data processing and analytic capabilities of the GPU Open Analytics Initiative (GOAI) to accelerate model training, inference, and other steps necessary to provide actionable alerts to an analyst in near real-time.