Presented at DerbyCon 7.0 Legacy (2017)
Sept. 23, 2017, 10 a.m.
"CHIRON is an open source python based Machine Learning framework that applies security analytics to home network traffic and for dynamic learning of indicators of external threats and other potential malicious activity. The tool continuously monitors network traffic and applies machine learning techniques for adaptive discovery and baselining of a small user population. Initial use cases in v1.0 include:
- Identification of assets in home network (IoTs, Workstations, Laptops, Servers, routers)
- Fingerprints users, services, and protocols
- Applies analytics to users and devices (Average session length, Traffic, Visited sites) to determine standard usage behavior and service profiles
CHIRON framework will then perform dynamic analysis that will provide users with the following
-- High risk domains, assets, users
-- Usage per asset and user
-- Social media usage
-- Malicious file downloads
-- Data usage (Cloud Services)
Chiron will provide users with indicator of high risk assets, users and visited sites as well as identification of malicious sites and payloads. The goal of Chiron is to provide detection of threats using behavioral machine learning techniques. This provide users with a free lightweight open source tool that does not depend on static commercial signatures. CHIRON can run on Security Onion Linux distribution, it uses BRO IDS framework to process network traffic and does not need production hardware in order to be deployed. The more storage space allocated to underlying log data will provide with greater visibility"
Rod Soto has over 15 years of experience in information technology and security. Currently working as a Director of Security Research at JASK.AI. He has spoken at ISSA, ISC2, OWASP, DEFCON, Black Hat, RSA, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series. Joseph Zadeh studied mathematics in college and received a BS from University California, Riverside and an MS and PhD from Purdue University. While in college, he worked in a Network Operation Center focused on security and network performance baselines and during that time he spoke at DEFCON and Torcon security conferences. Most recently he joined JASK.AI as Chief Data Scientist. Previously, Joseph was part of Splunk UBA and the data science consulting team at Greenplum/Pivotal helping focused on Cyber Security analytics and also part of Kaiser Permanentes first Cyber Security R&D team.