In this workshop, we will explore how to how to apply situational cyber security knowledge to machine learning more effectively. We will demonstrate, analyze, and explain hands-on machine learning and statistical approaches with probabilistic algorithms that can deliver results that simple deterministic approaches cannot
Managing large quantities of security data has always been challenging. There are an abundance of approaches to finding bad actors, and they all tackle different parts of the problem in different ways. In modern day dispersed, decentralized, and diverse organizational deployments and infrastructures, finding and focusing on acute incidents and breaches always benefits from two major factors: the right people with the right knowledge, and the correct tools and approaches applied to the correct subset of problems.
In this session, we will review the pros and cons of various approaches from the perspective of a security analyst and highlight their differences. The ultimate goal—catching bad guys sooner—requires an effective combination of data science coupled with a deep understanding of cyber security. We will investigate and provide practical examples of utilizing Jupyter notebooks, a data scientists tool, to analyze Suricata EVE data. We will also identify and discuss some common mistakes and misconceptions and how to more effectively apply situational cyber security knowledge to machine learning.
This workshop will use open-source tools, including Suricata, Jupyter, and Python data analysis libraries (Pandas) to apply statistical analysis of real network security event data. We will explore how actual raw Suricata EVE JSON data can be transformed for statistical analysis.
Related reading that this workshop will be based on:
https://www.stamus-networks.com/blog/jupyter-playbooks-for-suricata-part-3https://youtu.be/hevTFubjlDQRequirements: Basic understanding of network protocols, TCP/IP, and IT security.