MLGuard – Detecting Malicious Web Requests using a Serverless-based Machine Learning System - Abhinav Srivastava, Frame.io

less than 1 minute read

Abstract

Web Application Firewall (WAF) blocks incoming web requests using a variety of signatures such as SQL injection, Cross-Site Scripting, and Bots. Proactively identifying and blocking bad requests, which avoid exhibiting the known malicious patterns, is both challenging and essential from security operations perspective. In this talk, I will describe a serverless-based end-to-end system called MLGuard that ingests AWS load-balancers log data, creates a machine-learning model (Isolation Forest) with the frequency distribution of cumulative HTTP response code using Amazon SageMaker, invokes the model using the HTTP API to detect unusual requests, and sends alerts to Slack for the security team to block IPs. MLGuard utilizes various Serverless technologies such as Function-as-a-Service, DynamoDb, and API Gateway, and since its deployment a year ago, it has helped block thousands of bad IPs.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

MLGuard – Detecting Malicious Web Requests using a Serverless-based Machine Learning System - Abhinav Srivastava, Frame.io

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google