Software Engineering Institute

Collection Contents

• 

  DeCypher: Cyber Knowledge Graph Queries Expressed through Natural Language

  February 6, 2023 • Presentation

  By Steven Noel (MITRE)

  This session focuses on DeCypher, which represents the first known approach to natural language processing for constructing graph database queries for cyber situational understanding.

  read
• 

  IPFIX and DPI Information in a Big Data Environment

  February 6, 2023 • Presentation

  By Katherine Prevost, Timothy J. Shimeall

  This presentation describes several tools for processing IPFIX flow data with DPI details.

  read
• 

  Taranis NG - A New Tool for OSINT Analysis

  February 6, 2023 • Presentation

  By Milan Pikula (National Cyber Security Centre)

  This presentation describes how to process raw OSINT sources into actionable vulnerability advisories, threat intel, and more, using a recently released open-source tool.

  read
• 

  DIB-VDP Pilot - Trail Blazers!

  February 6, 2023 • Presentation

  By Melissa Vice (DoD Cyber Crime Center)

  This talk presents significant outcomes that affect the nation's Defense Industrial Base (DIB).

  read
• 

  Practical GAN-based Synthetic IP Header Trace Generation using NetShare

  February 6, 2023 • Presentation

  By Yucheng Yin (Carnegie Mellon University)

  This presentation describes using Generative Adversarial Networks (GANs) to automatically learn generative models to generate synthetic packet- and flow header traces for networking tasks.

  read
• 

  Knowledge Graphs for Security: Past, Present, and Future

  February 6, 2023 • Presentation

  By Scott Mongeau (SAS)

  This session describes the core value propositions of knowledge graphs (KGs).

  read
• 

  Anomaly Detection on Devices DNS Queries Using Deep Learning

  February 6, 2023 • Presentation

  By Fatemeh Riahi (Infoblox)

  This talk describes a lightweight DNS anomaly detection system that employs a deep learning method on DNS traffic to characterize network devices.

  read
• 

  Combating Disinformation in DNS and Beyond

  February 6, 2023 • Presentation

  By Blake Anderson (Cisco Systems, Inc.)

  This presentation describes commonly employed evasion strategies that attempt to erode the value of domain name-based indicators of compromise, including domain fronting, domain faking, and residential proxying.

  read
• 

  Detecting DNS Tunneling Using Behavioral and Content Metadata Features

  February 6, 2023 • Presentation

  By Darin Johnson (Infoblox)

  This talk describes new work emphasizing a reduction in false positives when using DNS tunneling to detect and counter.

  read
• 

  Guppy: A Scalable Security Data Lake

  February 6, 2023 • Presentation

  By Faisal Alghamdi (Saudi Aramco), Hafiz Farooq (Saudi Aramco)

  This session explains a generic and scalable Security Data Lake framework that is tuned to handle all types of security data.

  read
• 

  Efficiently Standing Up a Cloud-Based Cybersecurity Data Lake with Minimal Resourcing

  February 6, 2023 • Presentation

  By Rosalie Bakken (Mayo Clinic)

  This presentation highlights a quick and efficient approach to build a cybersecurity data lake, incorporating data that are unique to an organization, and providing coverage that is entirely flexible.

  read
• 

  Large Scale Data Preparation for Machine Learning Models

  February 6, 2023 • Presentation

  By Matthew Spitzer (Mayo Clinic)

  This talk describes one methodology that has been applied to the preparation of large-scale data in support of ML modeling activities.

  read
• 

  QUIC Fixes for Network Security Monitoring

  February 6, 2023 • Presentation

  By David McGrew (Cisco Systems, Inc.)

  This presentation describes the QUIC protocol, how it is currently used, how it facilitates some evasive network behaviors, and how it is possible to extract some useful metadata from the protocol and fingerprint client applications.

  read
• 

  MRI for the Cloud Workloads: How Network Data Can Power Visibility, Detection, and Response Programs for Securing Cloud Workloads

  February 6, 2023 • Presentation

  By Edward Wu (ExtraHop Networks)

  In this talk, we explore how network data can be utilized to provide visibility and ultimately secure cloud workloads.

  read
• 

  Data-Driven Detection Using PySpark

  February 6, 2023 • Presentation

  By Markus De Shon (Google)

  This session discusses the underlying Python framework we've built for our own operational needs and are releasing to the public.

  read
• 

  (Attempting to) Automate the Diamond Model

  February 6, 2023 • Presentation

  By Teresa Chila (Chevron)

  This talk presents a framework for automating some of the tasks in the Diamond Model for Intrusion Analysis.

  read
• 

  Striking the Balance: Measuring and Managing the Complexity of Cyber Environments

  February 6, 2023 • Presentation

  By Brett Tucker

  This presentation proposes and explores a novel means to measure cyber environment complexity.

  read
• 

  Cyber Precog - A GPU Platform for Better Enabling AI/ML at the Edge

  February 6, 2023 • Poster

  By Colin Friedman (Booz Allen Hamilton)

  This poster describes Cyber Precog, a GPU-enabled software and data engineering platform that brings operationally honed cyber tooling and a modular pipeline for rapid capability deployment.

  read
• 

  DevSecOps and Traffic Analysis

  February 6, 2023 • Poster

  By Timothy A. Chick, Brent Frye

  This poster explains an authoritative reference model for DevSecOps, the Platform Independent Model (PIM).

  read
• 

  Leveraging Disparate Enterprise Data for Cybersecurity Purposes

  February 6, 2023 • Poster

  By Rosalie Bakken (Mayo Clinic), Matthew Spitzer (Mayo Clinic)

  This poster describes a data lake poised to address the most pressing cybersecurity use cases expeditiously and efficiently.

  read
• 

  Unexpected Outbound Protocol (UNX-OBP)

  February 6, 2023 • Poster

  By Sean Hutchison

  This poster describes the Unexpected Outbound Protocol (UNX-OBP) capability.

  read