Using ML and AI to detect Attacks

Machine Learning (ML) and Artificial Intelligence (AI) are reaching mainstream and provide a great opportunity for defenders.


As more and more data is collected, and malicious activity is buried in a sea of ‘normal’ complex user behaviour, the traditional log analysis and visualisations are just not got enough to provide a good understanding of what is going on (and actionable information on how to react)

We are now in the cusp of a Machine Learning and Artificial Intelligence revolution. There are already a number of companies and services that are exploring these technologies and have successfully used them to solve specific security challenges.

This Working Session will share common practices, what works today and what is worth focusing on in the future


  • How to feed data to ML and AI tools?
  • How to filter (aka map reduce) data sets to help further human and machine analysis?
  • Understanding what attackers and malicious code are doing in the applications and networks to protect
  • How to detect malicious upload of files and images
  • What responses/behaviour can be automated (based on ML findings or AI capabilities)
  • Can ML be used to auto-scale up and down infrastructure (based on network traffic or user behaviour), enabling more effective DoS protections


  • Security professionals
  • ML and AI researchers
  • Devops
  • SOC teams

Back to list of all Working Sessions and Tracks

Edit this page here