Software Engineering Institute

Collection Contents

• 

  Improved Hunt Seeding with Specfic Anomaly Scoring

  January 8, 2019 • Presentation

  By Brenden Bishop (Columbus Collaboratory)

  In this presentation, the attendees were presented with a flexible, open source tool for non-parametrically modeling multivariate densities of network logs.

  read
• 

  Using Triangulation to Evaluate Machine Learning Models

  January 8, 2019 • Presentation

  By Andrew Fast, PhD (CounterFlow AI)

  In this presentation, Dr. Andrew Fast presents a series of questions and data queries that can be used to determine the parameters of effectiveness for a machine learning model.

  read
• 

  Cybersecurity Data Science: Best Practices from the Field

  January 8, 2019 • Presentation

  By Scott Mongeau (SAS)

  In this presentation, the author seeks to take a step back from methodological insights and case studies to ask larger questions concerning the status of cybersecurity data science as an emerging profession.

  read
• 

  Four Machine Learning Techniques that Tackle Scale - And Not Just By Increasing Accuracy

  January 8, 2019 • Presentation

  By Lindsey Lack (Gigamon Applied Threat Research (ATR)

  In this presentation the author presents an overview of the ways in which recent machine learning techniques can provide ancillary value—value beyond accurate predictions—that helps with the problems of scaling real-world implementations.

  read
• 

  The Power of Cyber Threat Intelligence

  January 8, 2019 • Presentation

  By Eboni Thamavong (X8, Full Spectrum Engagement)

  In this presentation, the author discusses how to anticipate the right questions and convey the right information to executives through case studies that highlight the power of what cyber threat intelligence can do to drive executive decision making.

  read
• 

  The Generation and Use of TLS Fingerprints

  January 8, 2019 • Presentation

  By Blake Anderson (Cisco Systems, Inc.), David McGrew (Cisco Systems, Inc.), Keith Schomburg (Cisco Systems, Inc.)

  In this presentation, the authors describe a TLS fingerprinting system and discusses the common pitfalls when using this type of information and analyzes techniques that make effective use of our newly open-sourced TLS fingerprint database.

  read
• 

  Monitoring Massive Network Traffic using Bayesian Inference

  January 9, 2019 • Presentation

  By David Rodriguez (Cisco Systems, Inc.)

  In this presentation, the author discusses methods for performing large scale Bayesian inference on DNS logs aggregated into count data, representing the number of requests from tens of millions of stub IPs made to hundreds of millions of domains.

  read
• 

  Using Generative Adversarial Networks to Improve Phishing Domain Classifiers

  January 9, 2019 • Presentation

  By Jen Burns (The MITRE Corporation), Emily Heath (Mitre)

  In this presentation, the authors discuss the use of generative adversarial networks (GANs) to construct synthetic phishing domains as potential evasion attacks, and test the value of including these domains in a machine learning classifier.

  read
• 

  Harvesting Logs for Enhanced Investigations

  January 9, 2019 • Presentation

  By David Gainey (Defense Information Systems Agency)

  In this talk, the author discusses the type of information that should be continuously collected and kept on-hand for investigative value in the case of a network compromise, and he addresses the value of such artifacts in an investigation.

  read
• 

  Network Telescopes Revisited: From Loads of Unwanted Traffic to Threat Intelligence

  January 9, 2019 • Presentation

  By Piotr Bazydlo (Research and Academic Computer Network (NASK, Poland)), Adrian Korczak (Research and Academic Computer Network (NASK, Poland), Pawel Pawlinski (Research and Academic Computer Network (NASK, Poland))

  This presentation introduces a comprehensive system developed to analyze malicious traffic on a large scale and produce actionable results in close to real time.

  read
• 

  Time-Based Correlation of Malicious Events and Their Connections

  January 9, 2019 • Presentation

  By Steve Henderson, Brittany Nicholls (Enlighten IT Consulting), Brian Ehmann (Enlighten IT Consulting)

  In this presentation, the authors discuss how to automate the use of statistics to help link events and connections in a timeline during an incident or forensic investigation.

  read
• 

  IMPACT: Information Marketplace for Policy and Analysis of Cyber-risk & Trust

  January 10, 2019 • Presentation

  By Jeff Schmidt (Columbus Collaboratory)

  In this presentation, Jeff Schmidt introduces a U.S. Department of Homeland Security (DHS) program called Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT).

  read
• 

  InSight2: IRNC Advanced Measurements and Instrumentation (AMI)

  January 10, 2019 • Presentation

  By Angel Kodituwakku (The University of Tennessee Knoxville), Dr. Jens Gregor (The University of Tennessee Knoxville), Buseung Cho (KISTI), Carter Bullard (QuSient LLC)

  In this presentation, the authors discuss InSight2, an open platform, intended to monitor and facilitate the development of network analytics for these large-scale networks.

  read
• 

  Detecting Automatic Flows

  January 10, 2019 • Presentation

  By Jeffrey Dean (United States Air Force)

  In this presentation, Jeffrey Dean, PhD., discusses specific Netflow-derived features that can be used to discriminate between flows generated by user actions and those generated automatically by applications or systems.

  read
• 

  Quantum Approach to Inverse Malware Eradication

  January 9, 2019 • Presentation

  By Daniel Medina (Glasswall Solutions Inc.), Matt Shabat (Glasswall Solutions Inc.)

  The goal of this presentation is to inform people that using a 'pass only known good' methodolgy through a quantum approach simplifies the solution and the future of information security will benefit from an inverted approach to security.

  read