Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn how to leverage AI and natural language processing to automatically generate neural Attack Surface Reduction (ASR) rules for detecting sophisticated operational technology (OT) and industrial control system (ICS) attacks in this DEF CON 33 conference talk. Discover the innovative Suspicious2Vec multimodal AI detection system that focuses on identifying suspicious behaviors rather than explicitly malicious ones, using contextual comprehension of process integrity and OT-specific operations. Explore how threat actors like the Russian Sandworm group exploit OT-level Living Off the Land (LoTL) techniques and abuse benign OT infrastructure to evade traditional security measures and control critical factory assets. Examine the research methodology that analyzed 2,000,000 data points over a full year from real-world factories, detected through 562+ expert-written rules, and understand how word embedding methods project suspicious actions into numerical vectors. Gain insights into the creation of malware templates from OT and IT malware families sourced from VirusTotal, and learn about the successful detection of 12+ variant OT malware samples from over 52,000 factory program files using this AI-driven approach to cybersecurity in industrial environments.
