HITB LAB: Identifying Threats in Raw Data Events: A Practical Approach for Enterprises (PART 2)

PRESENTATION SLIDES (PDF)

With proliferation of custom, targeted attacks it is essential for any CIRT team to be able to detect and rapidly respond to evolving network threats. In this workshop session Fyodor, Vitaly and Vladimir will demonstrate a practical approach of mining and identifying malicious activity patterns from raw network data, empowering machine learning algorithms and a number of hacks the authors will demonstrate practically usable platform for detecting on-going network exploitation activity (exploit kit sequence detection), time series analysis applied to compromised machines C2 calls.

In part 2 of this four hour workshop will cover following areas of advanced practical intrusion detection:

  • Applying neural network based detection to identify anomalous behaviour and automatically extract indicators of compromise (IoCs) from raw network
  • Statistical analysis of network traffic for detection of anomalous activity.

 All the tools used in this workshop are to be shared and publicly released under Open Source (GPL) license.

CONFERENCE
Location: Track 3 / HITB Labs Date: October 16, 2014 Time: 1:30 pm - 3:30 pm Vladimir Kropotov Fyodor Yarochkin Vitaly Chetvertakov