About: This concluding session addresses practical, real-world applications of machine learning in Security Operations Centers (SOCs), focusing on detection frameworks, authentication security, and advanced threat intelligence.
Democratizing ML for Enterprise Security: A Self-Sustained Attack Detection Framework
Speaker: Sadegh Momeni
This paper proposes a two-stage hybrid framework for ML-based threat detection in enterprise security, combining loose YARA rules with an ML classifier and leveraging synthetic data generation (Simula) and active learning to achieve a self-sustained, low-overhead solution for SOCs.
Evaluating Risk-Based Authentication Effectiveness in Production 2FA Systems
Speaker: Steven Leung
This study provides the first large-scale empirical evaluation of Risk-Based Authentication (RBA) effectiveness in production two-factor authentication (2FA) systems against real-world opportunistic, targeted, and advanced attacks. It demonstrates how heuristic and anomaly detection methods improve security while maintaining user experience.
LLM ATT&CK Navigator: Mapping Observed Generative Adversarial Techniques Across the Cyber Killchain
Speaker: Kyla Guru
This work introduces the LLM ATT&CK Navigator, an interactive tool that maps real-world instances of AI-enabled misuse onto the MITRE ATT&CK Killchain and calculates enablement risks. This provides actionable insights into current adversarial tactics for defensive prioritization.