Loading…
FloCon 2018 has ended
Tucson, AZ – January 8-11, 2018

PLEASE NOTE THAT THE CURRENT SCHEDULE IS TENTATIVE. CHANGES TO THE SCHEDULE BELOW MAY OCCUR

Watch this space for details on the technical program for FloCon 2018. In the meantime, see the FloCon website at www.cert.org/flocon.
Back To Schedule
Thursday, January 11 • 1:00pm - 1:30pm
Multi-Dimensional Network Anomaly Detection with Machine Learning

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

With the growth in the amount of network traffic and the increased sophistication of network-based attacks such as DDoS, Botnets, and advanced persistent threats, identifying and responding to all possible threats can be overwhelming for security analysts. Furthermore, the multi-dimensional nature of network traffic makes it difficult for analysts to accurately identify and rank the most important threats using each network source in isolation.  

Detecting advanced threats requires correlating observations of multiple types of data including DNS, Flow, HTTP, TLS, etc.  No single data type is sufficient on its own. However, as we combine more types of data, there are more variables to search for correlation, individually and in combination. This "curse of dimensionality" can result in faulty statistical reasoning leading to an increase in false positives and missed opportunities to identify and stop threats.

In this talk, we describe how recent multi-dimensional anomaly detection algorithms from machine learning can be used to combine traffic from multiple sources, while addressing the curse of dimensionality. Then, using an open-source platform of YAF, Apache Spark, and Apache Spot (incubating), we show how these algorithms can be used to provide effective focus for analysts and improve network outcomes

Attendees will learn:
Attendees will be introduced to the state of the art in machine learning anomaly detection and gain some insight into techniques to limit the errors of statistical approaches

Speakers
avatar for Randy Caldejon

Randy Caldejon

CTO & Co-Founder, CounterFlow AI, Inc.
As CTO of CounterFlow AI, Randy Caldejon leads the company's innovation and product development. Prior to CounterFlow, Randy was the CTO of Enterprise Forensics at FireEye. He is a widely-respected authority in network security monitoring and sensor technology. A military veteran... Read More →
avatar for Andrew Fast

Andrew Fast

Chief Data Scientist, CounterFlow AI, Inc
Andrew Fast is the Chief Data Scientist and co-founder of CounterFlow AI, where he leads the implementation of streaming machine learning algorithms on CounterFlow AI's ThreatEye cloud-native analytics platform for Encrypted Traffic Analysis. Previously, Dr. Fast served as the Chief... Read More →



Thursday January 11, 2018 1:00pm - 1:30pm MST
Presidio III, IV, V