Back to Talks

Hunting with Data Science - Increasing the Signal-to-Noise Ratio

Austin Taylor

Audience level: Intermediate
Topic area: ETL

Description

After anomalous network traffic has been identified there can still be an abundance of results for an analyst to process. This talk is for Data Scientist and Network Security professionals who want to increase the signal-to-noise through feature extraction and post-processing output.

SLIDES: https://www.slideshare.net/AustinTaylor8/threat-hunting-with-data-science

Abstract:

After anomalous network traffic has been identified there can still be an abundance of results for an analyst to process. This talk is for Data Scientist and Network Security professionals who want to increase the signal-to-noise.

Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, Flare is designed for rapid prototyping and development of behavioral analytics. Flare's intent is to make identifying malicious behavior in networks as simple as possible. Flare comes with a collection of pre-built utility functions useful for performing feature extraction.

Using Flare, we'll walk through identifying Domain Generation Algorithms commonly used in malware and how to reduce the dataset to a manageable amount for security professionals to process.

We'll also explore Flare's beaconing detection which can be used with the output from popular Intrusion Detection System frameworks.

More information on flare can be found at: https://github.com/austin-taylor/flare