Return to site

The MLSec Project guide to FIRST Conference 2015

Written by Alex Pinto

We at MLSec Project are very excited to be presenting on FIRST for the first time (see what I did there)! I am personally even more psyched that this time I will be co-presenting with my colleague Alexandre Sieira, who has grown to be a committer and principal of MLSec Project with several contributions on our "not ready for open source" experiments at the moment. Did I mention that he also works for a great startup?
But enough about us. I have reviewed the talks list for FIRST 2015 and here are the ones you should keep an eye out if you are interested in data science and machine learning applied to security. Let me know on Twitter if I missed something!
Data Munging and Architecture

Building instantly exploitable protection for yourself and your partners against targeted cyber threats using MISP - Mr. Andras IKLODY (CIRCL) - June 15th, 2015 11:00 – 12:00

Should be a good introduction overview to MISP, which is an open-source threat intelligent platform of sorts. I have not been keeping up with it's development, so it should be worthwhile to see how it is going.

Ce1sus: A Contribution to an Improved Cyber Threat Intelligence Handling - Mr. Jean-Paul WEBER ( - June 16th, 2015 12:45 – 13:15

This is yet another open-source Threat Intelligence Platform, but if it actually has the STUX implementation it promises, it should be worthwhile to have a look. Regardless, there is so much that can be done in this space, and it should be interesting to see what this one does differently.

DSMS: Automating Decision Support and Monitoring Workflow for Incident Response - Mr. Chris HORSLEY (CSIRT Foundry), Mr. SC LEUNG (HKCERT) - June 16th, 2015 15:45 – 16:45

Automation of incident response is hot right now, and the open-source offerings are very few and far between (the only other one I am aware of is Fido from Netflix). Interested to see what they have put together, and what sources of data they are consuming.

Fact Tables - A Case Study in Reducing Reactive Intrusion Time-to-Know by 95% - Mr. Jeff BOERIO (Intel Corp.) - June 16th, 2015 10:15 – 11:15

Data warehousing and BI applied to security data! Why don't people do this more?

Sinfonier: Storm Builder for Security Intelligence - Mr. Fran GOMEZ (Telefonica), Mr. Leonardo AMOR (Telefonica) - June 17th, 2015 13:30 – 14:30

This looks very exciting. Apache Storm is a very robust toolset for streaming data analysis and implementations of this toolset for security should be interesting. I only don't recommend watching this talk further because it happens in the same time as mine. :)
Data Analysis

Data-Driven Threat Intelligence: Useful Methods and Measurements for Handling Indicators - Mr. Alexandre PINTO (Niddel), Mr. Alexandre SIEIRA (Niddel) - June 17th, 2015 13:30 – 14:30

This is the newest revision on our #tiqtest and #tidatasci series, and we will be analysing and releasing aproximately 1 YEAR of open threat intelligence data with the TIQ-test toolset. Hopefully we can get more people interested in both projects and also on analyzing their own threat intelligence data against open and commercial offerings.

Evaluating the Effectiveness of Fuzzy Hashing Techniques in Identifying Provenance of APT Binaries - Ms. Bhavna SOMAN (Intel Corporation) - June 18th, 2015 10:30 – 11:00 

Bhavna is a MLSec Project member and has been doing some great work on malware analysis and classification. I am very excited to watch her presentation, and I am sure there will be a lot of great analysis and technical information there.

Validating and Improving Threat Intelligence Indicators - Mr. Douglas WILSON (FireEye) - June 17th, 2015 16:00 – 17:00

Doug is an industry veteran, and has been on the Threat Intelligence game for a long time. He told me that he put this presentation together as a "response" to my first TIQ-test presentation, so I am very interested to see where this conversation leads. As someone who is generating threat intelligence, he has a very different perspective of possible measurements than a customer that is just consuming them. Because of that, this presentation will probably have insights that I did not think of.

Collecting, Analyzing and Responding to Enterprise Scale DNS Events - Mr. Bill HORNE (Hewlett-Packard) - June 15th, 2015 15:00 – 16:00

I am a sucker for large-scale detection solutions so I will gladly attend this one. Hopefully it is does not focus too much on the data collection part (which is a very solved problem), and spends more time on the actual analytics. Also hope it is not just a thin layer on top of a sales pitch.

Incident Response Programming with R - Mr. Eric ZIELINSKI (Nationwide) - June 15th, 2015 16:00 – 17:00

Yay! We need more people exploring security data analysis with R. Although it should be an introduction piece, I am very excited to hear about other peoples experiences and preferred tools when doing work around security data. I'll probably learn a thing of two from this talk.
Machine Learning

Implementation of Machine Learning Methods for Improving Detection Accuracy on Intrusion Detection System (IDS) - Mr. Bisyron MASDUKI (Id-SIRTII), Mr. Muhammad SALAHUDDIEN (Id-SIRTII) - June 19th, 2015 10:15 – 11:15

Machine learning applied to IDS is very old concept that has sadly not met with much success historically. Regardless, it should be interesting to see what this team has put together, and if they have some interesting twist on the current state of the art.

Machine Learning for Cyber Security Intelligence - Mr. Edwin TUMP (NCSC-NL) - June 17th, 2015 16:00 – 17:00

Now this one is a little bit more promising. The abstract says very little, but since I have been focusing most of my recent research in this specific space, I am very curious to see what they have come up with. It LOOKS like and NLP solution to auto parse indicators, which sadly has been done to death already. Hopefully it is something more than that.
Not really related to ML, but plugging it anyway

Crisis Communication for Incident Response - Mr. Scott ROBERTS (GitHub) - June 16th, 2015 15:45 – 16:45

Scott has put together a great talk about what works and what does not work in relation to communicating breaches to the general public. Examples like the way Target handled their breach communications will be discussed about what they did wrong and what they did right. And surprisingly enough, he will have some interesting examples to share of people who did it right, believe it or not.

All Posts

Almost done…

We just sent you an email. Please click the link in the email to confirm your subscription!

OKSubscriptions powered by Strikingly