About: This concluding session addresses practical, real-world applications of machine learning in Security Operations Centers (SOCs), focusing on detection frameworks, authentication security, and advanced threat intelligence.

Democratizing ML for Enterprise Security: A Self-Sustained Attack Detection Framework

Speaker: Sadegh Momeni

Author(s): Sadegh Momeni; Ge Zhang; Birkett Huber ; Hamza Harkous; Sam Lipton; Benoit Seguin; Yanis Pavlidis

This paper proposes a two-stage hybrid framework for ML-based threat detection in enterprise security, combining loose YARA rules with an ML classifier and leveraging synthetic data generation (Simula) and active learning to achieve a self-sustained, low-overhead solution for SOCs.

Evaluating Risk-Based Authentication Effectiveness in Production 2FA Systems

Speaker: Steven Leung

Author(s): Steven Leung

This study provides the first large-scale empirical evaluation of Risk-Based Authentication (RBA) effectiveness in production two-factor authentication (2FA) systems against real-world opportunistic, targeted, and advanced attacks. It demonstrates how heuristic and anomaly detection methods improve security while maintaining user experience.

LLM ATT&CK Navigator: Mapping Observed Generative Adversarial Techniques Across the Cyber Killchain

Speaker: Kyla Guru

Author(s): Kyla Guru; Alex Moix

This work introduces the LLM ATT&CK Navigator, an interactive tool that maps real-world instances of AI-enabled misuse onto the MITRE ATT&CK Killchain and calculates enablement risks. This provides actionable insights into current adversarial tactics for defensive prioritization.