FloCon 2020 has ended
Back To Schedule
Thursday, January 9 • 11:00am - 11:30am
Using Deep Neural Networks to Detect Compromised Hosts in Large Scale Networks

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Detecting compromised hosts in networks is an important cyber security challenge. Investing in defenses on the perimeter of the network is key to prevent compromises within the network. However, hosts are compromised at an alarming rate due to security breaches and insider threats. It is becoming impossible for network security analysts to keep up with the barrage of data to manually detect compromises. Automating the detection of compromises and providing decision support play a key role in optimizing the analyst's workflow. Various statistical modeling techniques have been proposed to assist analysts with detecting compromised hosts by examining their behavior on the network at flow level. But most of this research lacks real datasets that reflect modern attacks, preventing their use in real-world scenarios. Literature tends to use benchmark data sets that are simulated and outdated.

In this presentation, we discuss the generation of a new dataset based on recent, real network data from global research and education that is fused with actual threat lists and contextual information. This augmented data set provides ground truth in training supervised statistical models. We describe the development of a statistical model based on deep neural networks. Using these cutting-edge modeling techniques, we were able to detect compromised hosts in a network using the InSight2 platform at a high accuracy and low false positive rate. Compared to existing statistical models, our model is readily deployable in wide range of networks, since it has been developed using real-world data. We present case studies based on its deployments at academic institutions and explore its impact in real-world applications from both academic and industrial viewpoints. These case studies use several visualization techniques to show the initial detection, exploration of the source of the attack, command and control centers, and lateral movement of cyber security threats. This process generates further data that can be used to improve the accuracy of the model as the analyst documents and categorizes the threat after Investigation.

Attendees Will Learn: 
  • Latest developments in statistical modeling used for threat detection
  • How deep learning can be used for better accuracy
  • Complementing and improving the analyst workflow

avatar for Angel Kodituwakku

Angel Kodituwakku

PhD candidate Computer Engineering, concentrating in Cybersecurity, The University of Tennessee, Knoxville
Angel Kodituwakku is currently a PhD candidate in Computer Engineering with a concentration in Cybersecurity at the University of Tennessee, Knoxville. He served as a Research Associate for two years on a National Science Foundation funded project. He received his MS in Computer Engineering... Read More →
avatar for Eboni Thamavong

Eboni Thamavong

Lead Associate - Commercial Cyber Team, Booz Allen Hamilton
Eboni Thamavong has worn many hats throughout her career and is at the forefront of transformation in cybersecurity operations, analysis, and strategy. She is known for identifying areas for development and growth to move organizations forward. Ms. Thamavong is known for her insights... Read More →

Thursday January 9, 2020 11:00am - 11:30am EST
Regency Ballroom Hyatt Regency Savannah 2 W. Bay Street Savannah GA 31401