Loading...

DEFCON 21: Defending Networks with Incomplete Information - A Machine Learning Approach

7,185 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Aug 27, 2013

Let's face it: we may win some battles, but we are losing the war pretty badly. Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24 hour day. Even less, if you let them eat and sleep. On the other hand, there is a severe shortage of capable people to do "simple" security monitoring effectively, let alone complex incident detection and response.

Enter the use of Machine Learning as a way to automatically prioritize and classify potential events and attacks as something can could potentially be blocked automatically, is clearly benign, or is really worth the time of your analyst.

In this presentation we will present publicly for the first time an actual implementation of those concepts, in the form of a free-to-use web service. It leverages OSINT and knowledge about the spatial distribution of the Internet to generate a fluid and constantly updated classifier that pinpoints areas of interest on submitted network traffic logs.

Loading...


to add this to Watch Later

Add to

Loading playlists...