Loading…
FloCon 2019 has ended

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Lunch Time Table Talk [clear filter]
Wednesday, January 9
 

12:30pm

Lunchtime Table Talk: Data Science Behind the Scenes, Part 1 - The Data Science Process for Network Security
Limited Capacity seats available

Data science is rapidly becoming an integral part of the network security industry. Although widespread applications of data science in network security are relatively recent, data science has roots going back decades.  Unfortunately, this maturity presents an obstacle for those who are new to the field and seeking to learn.  Furthermore, most presentations (whether spoken or written) tend to focus only on the final model and performance results, pushing to the background many of the critical intermediate steps required for success.

The goal of these “Behind the Scenes” lunchtime talks is to help bridge the gap between network analysts and data scientists by providing an overview of some of the foundational, but often unseen, steps that lead to a successful data science result.  These talks are meant to be accessible to those desiring to learn more about data science and are intended to benefit network analysts and data scientists alike.

Intended Audience:  Anyone who does, leads or manages data science projects and wants to go behind the models to learn strategies for increasing data science success.

Behind the Scenes, Part 1: The Data Science Process for Network Security
Thomas Edison is credited with saying that “genius is 1% inspiration and 99% perspiration.”  As Edison experienced, the path to success can be a lengthy and circuitous one.  To help shorten the journey, it can be helpful to rely on industry frameworks.  Most network analysts are familiar with one or more of the security frameworks such as MITRE’s ATT&CK Framework or Lockheed Martin’s Cyber Kill Chain.   Similarly, there are several well-known industry processes for taking a data science project from inspiration, through perspiration, to completion including CRISP-DM, SEMMA, and the Team Data Science Process.  We go behind the scenes to explore the similarities between these processes and show how to use them to effectively guide data science projects on network data.

Speakers
avatar for Andrew Fast

Andrew Fast

Chief Data Scientist, CounterFlow AI, Inc
Andrew Fast is the Chief Data Scientist and co-founder of CounterFlow AI, where he leads the implementation of streaming machine learning algorithms for CounterFlow's next-generation network forensics platform, ThreatEye.Previously, Dr. Fast served as the Chief Scientist at Elder... Read More →


Wednesday January 9, 2019 12:30pm - 1:00pm
Fleur de Lis B-C 300 Bourbon St, New Orleans, LA 70130, USA

12:30pm

Lunchtime Table Talk: Towards Security Defect Prediction with AI
Limited Capacity seats available

In this study, we investigate the limits of the current state of the art AI system for detecting buffer overflows and compare it with current static analysis engines. To do so, we developed a code generator, s-bAbI, capable of producing an arbitrarily large number of samples of controlled complexity. We found that the static analysis engines we examined have good precision, but poor recall. We found that the state of the art AI system, a memory network modeled after another present in the literature, can achieve similar performance to the static analysis engines, but requires an exhaustive amount of training data in order to do so.

Our work implies that there are three threads of future work: First, further developing static analysis engines to improve their recall against this minimally complex class of synthetic code as a lower bar than NIST’s more realistic code datasets (e.g. Juliet). Second, improving AI systems to the point were they can at least solve s-bAbI. And, third, increasing the complexity of s-bAbI to find the additional failure modes of improved static analysis engines and AI systems.

Attendees will Learn:
• the current state of the art in neural networks applied to code analysis
• some secure coding best practices
• how secure coding can improve using AI techniques

Speakers
avatar for Eliezer Kanal

Eliezer Kanal

Technical Manager, CERT Division - Software Engineering Institute
Eliezer Kanal is a technical manager at CERT who focuses on applying machine learning techniques to the cybersecurity domain. His team contributed to a wide variety of projects, including statistical visualization tools to assist with malware reverse engineering, metrics for the efficacy... Read More →


Wednesday January 9, 2019 12:30pm - 1:00pm
Fleur de Lis A 300 Bourbon St, New Orleans, LA 70130, USA
 
Thursday, January 10
 

12:30pm

Lunchtime Table Talk: Data Science Behind the Scenes, Part 2 - "Tidy" Data for Network Traffic Analysis
Limited Capacity seats available

Data science is rapidly becoming an integral part of the network security industry. Although widespread applications of data science in network security are relatively recent, data science has roots going back decades.  Unfortunately, this maturity presents an obstacle for those who are new to the field and seeking to learn.  Furthermore, most presentations (whether spoken or written) tend to focus only on the final model and performance results, pushing to the background many of the critical intermediate steps required for success.

The goal of these “Behind the Scenes” lunchtime talks is to help bridge the gap between network analysts and data scientists by providing an overview of some of the foundational, but often unseen, steps that lead to a successful data science result.  These talks are meant to be accessible to those desiring to learn more about data science and are intended to benefit network analysts and data scientists alike.

Intended Audience:  Anyone who does, leads, or manages data science projects and wants to go behind the models to learn strategies for increasing data science success.

Behind the Scenes, Part 2: “Tidy” Data for Network Traffic Analysis
A critical component for having success with data science is transforming “messy” data into a format suitable for input into data science and machine learning algorithms.  Hadley Wickham, one of the premier contributors to the R ecosystem, named the ideal end result “tidy” data.  Data scientists estimate 80% of a data science project is spent tidying data.  Despite the effort required, tidying data is typically viewed as peripheral to the more exciting algorithms used to get the results.  We go behind the scenes to explore what “tidy” looks like for three types of data encountered in network security use cases  (tabular, time series, and graph data) and highlight how to transform one data type to another.

Speakers
avatar for Andrew Fast

Andrew Fast

Chief Data Scientist, CounterFlow AI, Inc
Andrew Fast is the Chief Data Scientist and co-founder of CounterFlow AI, where he leads the implementation of streaming machine learning algorithms for CounterFlow's next-generation network forensics platform, ThreatEye.Previously, Dr. Fast served as the Chief Scientist at Elder... Read More →


Thursday January 10, 2019 12:30pm - 1:00pm
Fleur de Lis A 300 Bourbon St, New Orleans, LA 70130, USA

12:30pm

Lunchtime Table Talk: Graph Measures for Network Traffic Analysis
Limited Capacity seats available

This presentation describes the use of network science (graph statistics) measures analyzing a flash crowd incident that occurred in 2016. Several network science metrics are applied to network flow data as a means of assessing the overall impact of this incident, and both productive and non-productive measures are profiled using captured data from the incident and parallel periods of normal traffic, along with explanation for this productivity difference. The use of such measures in a security operations center is briefly discussed, as well as prospects for future work.

Speakers
avatar for Josh Fallon

Josh Fallon

Network Defense Analyst, CERT Division - Software Engineering Institute
Dr. Joshua Fallon is a network defense analyst with the CERT Situational Awareness Team of the Software Engineering Institute, where he participates in analysis of network security and resilience and supports development of tools and methods for network analysts. This work focuses... Read More →
avatar for Timothy Shimeall

Timothy Shimeall

Senior Member of the Technical Staff, CERT Division - Software Engineering Institute
The only person to make more than 10 consecutive appearances at FloCon, Tim Shimeall is a Senior Network Situational Awareness Analyst for the CERT Division of the Software Engineering Institute (SEI). Shimeall develops methods to support decision making in network security at and... Read More →



Thursday January 10, 2019 12:30pm - 1:00pm
Fleur de Lis B-C 300 Bourbon St, New Orleans, LA 70130, USA