It is that time of the year again, and in less than a month most of the Information/Cyber Security community is turning to Las Vegas for what are arguably the most important conferences of the year in the US.
And although I have been silent about the recent developments at the research, it doesn't mean that I haven't been hard at work here to develop our Machine Learning research and help the community with insights and techniques that can be leveraged by all.
As a part of this work, I am presenting 2 (two!) different talks during Black Hat and DEF CON. The talks are complementary, and talk about two different aspects of our evolving research.
The "Secure Because Math" talk will primarily concern the evolution and usage of machine learning in information security monitoring, and will talk about the almost 30 year-old history of trying to use analytics for intrusion detection.
A lot of what is old is new again, and unless we ask the right questions to the new products and vendors, we will never see real innovation and progress in this field. If you are an architect or designer of one of those new "math-powered" products, please attend and make sure to tell me where I am wrong.
There has been a lot of mystery around these practices, and there will continue to be until organizations understand better the capabilities of these tools. Every one would potentially profit in being forthcoming with the actual capabilities and research results of these techniques.
The "Threat Intelligence IQ" talk will have more math as Kyle and I delve into some of the biases and potential overlaps of known public threat intelligence feeds and some semi-private ones that agreed to provide some aggregated data.
This is a dear subject to me as MLSec Project is consuming more and more datasets and we need to make sure of the average quality and contribution of every single source we ingest. I have learned a lot from Kyle Maxwell's contributions to MLSec Project and we decided to give this talk idea a go.
One interesting outcome of the "Threat Intelligence IQ" talk is that we will publish the threat intelligence gathering and enrichment code, and also the analysis code used for the experiment so the attendees can replicate the results on our data, or even better, perform the same analysis on their own threat intelligence feeds. Hopefully this will also dispel some of the mystique around the incoming threat intelligence wave.
I will be around Las Vegas for the whole week (from August 4th to August 11th), so feel free to ping me and let's get a coffee (and/or beer) together!
See you in Vegas!