Tech Talk: Overcoming Problems when Applying Machine Learning to Cybersecurity

  • Date Monday, January 12, 2015  Time 11:00 AM
  • Speaker Evan C. Wright
  • Location 421 SW 6th Ave. Suite 300
  • Galois is pleased to host the following tech talk. These talks are open to the interested public--please join us! (There is no need to pre-register for the talk.)

The statistical and algorithmic methods of artificial intelligence have led to impressive breakthroughs that have significantly empowered the domains of finance, marketing, imaging, biology and many others. At the same time, cybersecurity has continued to be a field with more and more advantage going to attackers yet minimal lasting contributions are made from the AI community.

This talk covers observations and lessons learned from some of our own applications of AI to the cybersecurity domain with a more detailed explanation of two methods. First, using computer network data, we share a method for detecting the obfuscation of the command-and-control channel established by some malware. Second, we identify a mechanism to detect the otherwise difficult to distinguish malware Zeus by monitoring malware execution at the Kernel level.

Evan Wright is a member of the Technical Staff for the Threat Discovery Group of the CERT Coordination Center (CERT/CC). The CERT/CC is a division of the Software Engineering Institute at Carnegie Mellon University. He holds a MS in Information Security and Technology Management from Carnegie Mellon University and a BS in Technology Systems from East Carolina University. He has over 20 years experience in computer networking and holds a CCNP and six other certifications. Since joining SEI, he has supported a variety of customers in areas such as IPv6 security, ultra-large scale network monitoring, malicious network traffic detection, intelligence fusion, and cybersecurity applications of machine learning. Before joining SEI, he was a network administrator for a medium sized company and Internet Service Provider in North Carolina.