We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Defending Networks with Incomplete Information: A Machine Learning Approach

2
 Cite
 Share
 Related Material
 Download
 Purchase
No logo availableDEF CON
 Pinto, Alexandre

Formal Metadata

Title
Defending Networks with Incomplete Information: A Machine Learning Approach
Title of Series
Number of Parts
112
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Let's face it: we may win some battles, but we are losing the war pretty badly. Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24 hour day. Even less, if you let them eat and sleep. On the other hand, there is a severe shortage of capable people to do "simple" security monitoring effectively, let alone complex incident detection and response. Enter the use of Machine Learning as a way to automatically prioritize and classify potential events and attacks as something can could potentially be blocked automatically, is clearly benign, or is really worth the time of your analyst. In this presentation we will present publicly for the first time an actual implementation of those concepts, in the form of a free-to-use web service. It leverages OSINT and knowledge about the spatial distribution of the Internet to generate a fluid and constantly updated classifier that pinpoints areas of interest on submitted network traffic logs. Alexandre Pinto (@alexcpsec) has over 13 years dedicated to information security solutions architecture, strategy advisory and monitoring. He has experience with a great range of security products, and has even been know to do pen-testing from time to time. Alex holds the CISSP-ISSAP, CISA, CISM, CREST CCT APP and PMP certifications. And somehow he is still a nice guy. He was also a PCI QSA for 5+ years, but is almost fully recovered. Alex has been responsible over the last 3 years to kickstart his previous company's offices in 2 different countries mainly because he is able to perform competently on a very deep technical level on all the company services, from risk auditing (*sigh*) to network and web application penetration testing. For the past year, as a part of his sabbatical, he has been researching and exploring the applications of Machine Learning and Predictive Analytics into Information Security Data, specially in supporting the mess that we currently face in trying to make sense of day to day usage of SIEM solutions as a whole.