Download - Membership DataSciX Presentation
![Page 1: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/1.jpg)
Improving abuse detection @ Membership
Projects related to Haoyang Yuan
![Page 2: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/2.jpg)
can we leverage external threat intelligence
to prepare for traffic behaviors we haven’t seen?
RAPTOR
31 sources of hourly threat intelligence
![Page 3: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/3.jpg)
27,522 suspicious registrations that
Yahoo did not classify as suspicious
351 suspicious registrations that
were classified as suspicious by Yahoo as well
Cross-referencing new signals with past logins and registration logs
(24 Hours of Data, 10% of Raptor’s data sources)
37,580 suspicious logins that
Yahoo did not classify as suspicious
119,311 suspicious logins that were classified as suspicious by
Yahoo as well
![Page 4: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/4.jpg)
How to get login context?
If data is delayed → no sense of previous login behavior!Can’t respond quickly!
HDFSLogin Server 15 minutes
Baltar alarm!
Data Rainbow Highway
?
![Page 5: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/5.jpg)
How to get login context?
Real-time login context to help classification
(e.g. unique user count by IP in last minute)
HDFS15 minutes
10 msStorm Topology
1 million/minute
More time
Login Server
![Page 6: Membership DataSciX Presentation](https://reader035.vdocumento.com/reader035/viewer/2022062523/58ef50ef1a28ab9f608b462f/html5/thumbnails/6.jpg)
Thanks
youngsam
kevin
francis the great