David McGrew (Cisco Systems, Inc.)
Cisco Systems, Inc.
Publications by David McGrew (Cisco Systems, Inc.)
-
QUIC Fixes for Network Security Monitoring
February 06, 2023 • Presentation
David McGrew (Cisco Systems, Inc.)
This presentation describes the QUIC protocol, how it is currently used, how it facilitates some evasive network behaviors, and how it is possible to extract some useful metadata from the protocol and fingerprint client applications.
read -
Bayes at 10+ Gbps: Identifying Malicious and Vulnerable Processes from Passive Traffic Fingerprinting
August 18, 2020 • Presentation
David McGrew (Cisco Systems, Inc.)
This presentation describes an inferencing system and its implementation, results in applying it to real-world traffic, and open issues in this technology area.
read -
The Generation and Use of TLS Fingerprints
January 08, 2019 • Presentation
Blake Anderson (Cisco Systems, Inc.)David McGrew (Cisco Systems, Inc.)Keith Schomburg (Cisco Systems, Inc.)
In this presentation, the authors describe a TLS fingerprinting system and discusses the common pitfalls when using this type of information and analyzes techniques that make effective use of our newly open-sourced TLS fingerprint database.
read -
Detecting Threats, Not Sandboxes
May 18, 2017 • Presentation
Blake Anderson (Cisco Systems, Inc.)David McGrew (Cisco Systems, Inc.)
In this presentation, the authors discuss detecting threats and characterizing network environment to improve Malware Classification.
read -
Classifying Encrypted Traffic with TLS-Aware Telemetry
January 14, 2016 • Presentation
Blake Anderson (Cisco Systems, Inc.)David McGrew (Cisco Systems, Inc.)Alison Kendler (Cisco Systems, Inc.)
In this presentation, the authors propose augmenting the typical 5-tuple with TLS-aware telemetry elements.
read -
Understanding Network Traffic Through Intraflow Data
January 11, 2016 • Presentation
David McGrew (Cisco Systems, Inc.)Blake Anderson (Cisco Systems, Inc.)
In this presentation, the authors describe experiments to collect intraflow data from network taps, endpoints, and malware sandbox runs.
read