Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs
Offered By: 0xdade via YouTube
Course Description
Overview
Explore a methodology for detecting automated behavior in cyber-relevant log data through time signature-based matching in this 23-minute conference talk. Learn how to identify temporal patterns that indicate malicious activity executed by scripts or bots, and discover a scalable approach using locality sensitive hashing to overcome the limitations of brute force methods. Examine the potential applications of this coordination detection methodology, including developing features for anomaly detection, characterizing automated behavior through unsupervised clustering, and fusing disparate data sources using temporal signature keys. Gain insights from examples using a dataset of billions of netflow records, and understand how this approach can enhance network defense capabilities in the context of DARPA's Network Defense program.
Syllabus
TIME SIGNATURE BASED MATCHING FOR DATA FUSION AND AUTOMATION DETECTION IN CYBER RELEVANT LOGS
DARPA'S NETWORK DEFENSE PROGRAM
DEFINING TEMPORAL FEATURES OF LOG DATA
BRUTE FORCE COMPUTATION OF PAIRWISE DISTANCES
USE LOCALITY SENSITIVE HASHING TO REDUCE NUMBER OF PAIRWISE DISTANCE COMPUTATIONS
EXAMPLE: APPLICATION TO NETFLOW (SILK) DATA
POTENTIAL DATA FUSION APPLICATION
Taught by
0xdade
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network