At Abnormal, we tackle the problem of staying ahead of attackers by updating our AI/ML models the most up to date information possible. We have both automated systems and security researchers keeping up with the latest attacks. The data gathered is then consumed by a rapidly retraining NLP pipeline.
The data we have is large (many terabytes), and multimodal. Evaluated data includes:
We turn all this data into useful features for a detection system and break down attacks into what we call “attack facets”.
Attack Facets:
For example, if we break down the Microsoft password reset example, we have:
Building ML models to solve a problem with such a low base rate (1 in 10,000,000,000 constitutes an advanced email threat) and precision forces a high degree of diligence when modeling sub-problems and feature engineering.
In the same way we break an attack into components, we can use the same breakdown to help inspire the type of information we would like to model about an email in order to determine if it is an attack.
To continue learning about Abnormal’s AI/ML Data Training capabilities, read our Engineering Blog.
Schedule a personalized product demo to see:
Schedule a personalized product demo to see:
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.