Machine learning has been widely discussed in various areas. However, there is not much discussion about intrusion detection in large scale enterprise networks. This talk will propose a method based on statistical learning. The main idea is to identify unknown threats by modeling behaviors at different attack stages, and some tricks in performing pre-filter data and conducting post-correlate alarms.Learning Objectives:1: Understand the basic information of the security operations in a large Internet company.2: Learn how to use statistical models to identify the unique patterns of post-exploitation attacks.3: Master the necessary skills in performing pre-filter data and conducting post-correlate alarms.Pre-Requisites:Have basic statistical knowledge, familiar with the popular attack techniques.