Back To Schedule
Tuesday, January 27 • 11:00am - 12:00pm
Devil in the Haystack

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Application security lies in the core of Salesforce.com's products, for which the reason is obvious. As much as one has strengthened on perimeter defenses, an in-depth defense strategy that lies right in the app is much needed.

This talk focuses on the application of statistics and machine learning techniques on in-app events to detect and eventually prevent attacks and abuses on Salesforce platform.

OWASP group laid out a framework of intrusion detection response in applications - Appsensor. Our work is distinct from the Appsensor project in that the data-driven statical approaches are built with online learning methodologies and adaptive behavior modeling techniques; it thus require as little configuration and supervision as possible. Unsupervised learning and bootstrapping are established techniques within machine learning. This research dramatically differs from the previous detection techniques for two reasons: 1) The in-app detection inspects transactions in the context of the application’s semantics, interaction and enhanced information about their users, whereas an IDS or IPS usually operates on the perimeters at the firewall or at the network gateway. They have no to little knowledge of the behavior within an application. 2) Our methods are adaptive to behavior changes, while the previous techniques largely rely on signature-based misuse detection with rather stale configuration that are thus susceptible to a higher level of false positives. One example of the adaptive behavior based detections include detecting a fraud user who is stepping through a multi-step business process in an anomalous order. The determination of the anomaly is based on firstly a learned regular behavior over time, and secondly automatically adjusted by evidences of changes in a user's role or business process. Other examples include alerting on abnormal timing or volume of certain in-app activities or geolocation abnormality of user's access points in a single session.
In this talk, we will also give our experience of the big data technologies around the Apache Hadoop ecosystem, in particular, Apache Spark as the major enabling technologies for in-depth app platform threat detection.

avatar for Ping Yan

Ping Yan

Research Scientist, Salesforce.com
Ping spent nearly a decade conducting academic and applied data analytics research, innovating machine learning models in various domains, from consumer behavior modeling to algorithmic security threat detection. Her works were published as journal articles, monographs and books... Read More →

Tuesday January 27, 2015 11:00am - 12:00pm PST
Annenberg Community Beach House: Track 2 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (1)