“You Don’t Do That Usually”: Detecting Anomalies in AWS IAM User Activity
Introduction Users may perform thousands of actions (events) per day in their Amazon Web Services (AWS) environments. This generates a […]
Blog What we're working on now
“LOL you’re not executing that”: Detecting Malicious LOLBin Commands
LOLBins (living off the land binaries) are executable files that are already present in the user environment, LOLBins (living off […]
That Escalated Quickly: A Model for Alert Prioritization
Hundreds of millions of events. Tens of thousands of triggered rules. A thousand incidents. Every week. That is the reality of the modern cyber threat landscape and the sheer volume of alerts that the Sophos MTR […]
Analyzing Security ML Models with Imperfect Data in Production
SophosAI team develops numerous machine learning models that get directly integrated to our products. Currently we have more than 30 models deployed […]
ELI10: A Regex, a Hierarchical Approach, and a Deep Learning Model Walk into a Bar
Previously in the ELI10 series, we went over our detector of malicious web content based on URLs: a lightweight deep […]
Killed By ML – URL Analysis with LIME
Introduction At Sophos we take a neural network approach to detecting previously unseen malicious and derogatory URLs. We use a […]
ELI10: Hunting for Malicious URLs with Character-level Embeddings and Convolutions
Introduction On any given day that we are happily browsing the Web, we are stomping around on a minefield. Malware […]
A machine learning approach to inferring the maliciousness of unknown IP addresses, autonomous systems, and ISPs
Introduction The machine learning-based detection technologies we build at Sophos AI rely on many information sources, including binary programs, system […]
Catastrophic Forgetting – Part 2
Introduction In the last blog post (linked here for anyone who missed it), I explained what catastrophic forgetting is and […]
Catastrophic Forgetting – Part 1
Here at the Sophos AI team, our most common goal is to develop deep learning models that inspect a file […]