Conducting the Kill-Chain: Detecting APT Progression Through Music-Sequence Modeling
Krupa Brahmkstri, Sneha Rangari
BSidesSF 2026 · Day 1 · AMC Theatre 14
In an era where cybersecurity defenses are increasingly sophisticated, advanced persistent threats (APTs) continue to bypass detection, often by operating under the radar for extended periods. This talk, "Conducting the Kill-Chain: Detecting APT Progression Through Music-Sequence Modeling," presented by Krupa Brahmkstri and Sneha Rangari from Visa, addresses a fundamental flaw in current security methodologies: the overreliance on detecting individual, isolated events. While security operations centers (SOCs) excel at identifying suspicious "notes"—like a single failed login or a privilege escalation—they frequently miss the "melody" or "composition" of a complete attack chain.
AI review
Legitimate applied ML security research from practitioners who clearly built and deployed something real at Visa scale. The music analogy is gimmicky but the underlying work — Transformer-based sequence modeling as a pre-correlation layer for kill-chain detection — is sound engineering. Concrete metrics (11-min earlier detection, 22% FP reduction, 15% precision gain) keep it honest, but the talk stays at the 'what we built and measured' level without going deep enough on the 'how' to be genuinely instructive.