Practical Applications of Data Science in Detection

ShmooCon X - 2014

Presented by: Mike Sconzo, Brian Wylie
Date: Sunday January 19, 2014
Time: 12:00 - 12:50
Location: Belay It room
Track: Belay it

It seems recently offensive tactics, exploits and vulnerabilities are getting all the Info Sec sexy-points. We're going to try and swing this back towards detection as we apply some new-fangled math and techniques to solve some existing problems and tackling new ones. We'll take Data Science off its pedestal and show how, with problem and data understanding you can apply different techniques to make analysis more exciting and effective.

We'll use several open source tools and libraries to perform the data exploration and analysis, including iPython and pandas as well as a data hacking library we've already released. After discovering some useful patterns we'll show how we were able to implement the results so that they can be used for actual network analysis (with some real-world results). Some of the use cases used to demonstrate the concepts will be passive browser fingerprinting and SQL injection detection.

Audience members are welcome and encouraged to play buzzword bingo.

Brian Wylie Brian Wylie's interests are data analysis, machine learning and information visualization. Current projects include a breadth of work applying data analysis to security problems. Brian has been a long time advocate of open community projects including the Visualization ToolKit (VTK) and the Titan Informatics Toolkit. Brian's Erdˆs number is 3.

Mike Sconzo

Mike Sconzo has been around the Security Industry for quite some time, and really enjoys looking at network traffic. He has recently been using various data analysis techniques to look security related data in a new light where before he'd just use a hex editor.

Brian Wylie

Brian Wylie's interests are data analysis, machine learning and information visualization. Current projects include a breadth of work applying data analysis to security problems. Brian has been a long time advocate of open community projects including the Visualization ToolKit (VTK) and the Titan Informatics Toolkit. Brian's Erdös number is 3.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats