YoVDO

Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs

Offered By: 0xdade via YouTube

Tags

ShmooCon Courses Data Analysis Courses Cybersecurity Courses Locality-Sensitive Hashing Courses

Course Description

Overview

Explore a methodology for detecting automated behavior in cyber-relevant log data through time signature-based matching in this 23-minute conference talk. Learn how to identify temporal patterns that indicate malicious activity executed by scripts or bots, and discover a scalable approach using locality sensitive hashing to overcome the limitations of brute force methods. Examine the potential applications of this coordination detection methodology, including developing features for anomaly detection, characterizing automated behavior through unsupervised clustering, and fusing disparate data sources using temporal signature keys. Gain insights from examples using a dataset of billions of netflow records, and understand how this approach can enhance network defense capabilities in the context of DARPA's Network Defense program.

Syllabus

TIME SIGNATURE BASED MATCHING FOR DATA FUSION AND AUTOMATION DETECTION IN CYBER RELEVANT LOGS
DARPA'S NETWORK DEFENSE PROGRAM
DEFINING TEMPORAL FEATURES OF LOG DATA
BRUTE FORCE COMPUTATION OF PAIRWISE DISTANCES
USE LOCALITY SENSITIVE HASHING TO REDUCE NUMBER OF PAIRWISE DISTANCE COMPUTATIONS
EXAMPLE: APPLICATION TO NETFLOW (SILK) DATA
POTENTIAL DATA FUSION APPLICATION


Taught by

0xdade

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network