Practical Cyborgism: Getting Start with Machine Learning for Incident Detection

Presented at BSidesDC 2016, Oct. 23, 2016, 1:30 p.m. (50 minutes)

Organizations today are collecting more information about what's going on in their environments than ever before, but manually sifting through all this data to find evil on your network is next to impossible. Reliable detection of security incidents remains elusive, and there is a distinct lack of open source innovation.

It doesn't have to be this way! In this presentation, we’ll walk through the creation of a simple Python script that can learn to find malicious activity in your HTTP proxy logs. At the end of it all, you'll not only gain a useful tool to help you identify things that your IDS and SIEM might have missed, but you’ll also have the knowledge necessary to adapt that code to other uses as well.


Presenters:

  • Chris McCubbin - Director of Data Science at Sqrrl
    #Chris McCubbin, Director of Data Science, Sqrrl Data, Inc. Chris is the Director of Data Science and a co-founder of Sqrrl Data, Inc. Chris' primary task is prototyping new designs and algorithms to extend the capabilities of the Sqrrl Enterprise cybersecurity solution. Prior to cofounding Sqrrl, Chris spent 2 years developing big-data analytics for the Department of Defense at TexelTek, Inc and 10 years as Senior Professional Staff at the Johns Hopkins Applied Physics Laboratory where he applied machine learning algorithms to swarming unmanned vehicle ensembles. Chris holds a Masters degree in Computer Science and Bachelor’s degrees in Mathematics and Computer Science from the University of Maryland.
  • David Bianco - Lead Security Technologist at Sqrrl
    #David J. Bianco, Lead Security Technologist, Sqrrl Data, Inc. Before coming to work as a Security Technologist and DFIR subject matter expert at Sqrrl, David led the hunt team at Mandiant, helping to develop and prototype innovative approaches to detect and respond to network attacks. Prior to that, he spent five years helping to build an intel-driven detection & response program for General Electric (GE-CIRT). He set detection strategies for a network of nearly 500 NSM sensors in over 160 countries and led response efforts for some of the company’s the most critical incidents. David stays active in the community, speaking and writing on the subjects of Incident Detection & Response, Threat Intelligence and Security Analytics. He is also the person behind [The ThreatHunting Project](http://threathunting.net) and a member of the [MLSec Project](http://www.mlsecproject.org). You can follow him on Twitter as [@DavidJBianco](https://twitter.com/DavidJBianco) or subscribe to his blog, ["Enterprise Detection & Response"](http://detect-respond.blogspot.com).

Links:

Similar Presentations: