Using Data Science to Stop Malicious Tunneling in its Tracks

March 21, 2019 at 1:30 PM to 3:30 PM

Location:5345 Herzberg Laboratories
Cost:Free

Abstract :
Cybercriminals often sneak around firewalls by deceptively communicating or tunneling through accepted protocols. When traffic looks like HTTP(S), SSH or DNS, a firewall is generally unable to spot a wolf in sheep’s clothing. For example, the SANS 2017 Data Protection Survey found that nearly 30% of data exfiltration incidents last year involved DNS tunneling and 43% of incidents were facilitated by malware that used encrypted communication channels.

In this presentation, Maria Pospelova, a leading data scientist at Interset, will explore a new data science approach to avoid the limitations of conventional methods to identify malicious tunneling – even when communications are encrypted. Maria will walk through the science behind a unique automatic NetFlow classification method that can autonomously determine traffic is HTTP(S), SSH or DNS, without explicit information from interim hardware routers.
As the creator of this new tunneling detection method, Maria will discuss the development process and the machine learning algorithms used. She will showcase the model’s performance against known intrusion detection datasets and explain why this automatic classification method can dramatically improve accuracy with fewer resources than existing solutions, while simultaneously protecting privacy.

This presentation will:

  1. Introduce Interset and the problems we solve in the cybersecurity space
  2. Detail the process by which this new tunneling detection method was developed
  3. Demonstrate the method’s accuracy against an intrusion data set

Biography:


Maria is a Sr. Data Scientist at Interset, an AI security analytics company, and co-author of “Automatic, On-Line Tuning of YARN Container Memory and CPU Parameters.” With deep expertise in big data, analytics and data science, she takes an active role in the development and innovation of Interset’s technology, which leverages the Hortonworks Hadoop platform as part of its big data architecture. Her responsibilities include modeling, data exploration, data analysis and research, and helping customers extract the most value out of the solution.
Prior to Interset, Maria worked on machine learning solutions for big data problems at Carleton University’s Parallel Computing Research Lab. Prior to Carleton University, she worked at Bedarra Research Labs on an Interactive Collaborative Analytics Environment product, where had an opportunity to experience both front end and back end development. Maria holds a Bachelor’s Degree in Computer Science Honors with High Distinction and a Master’s Degree in Computer Science with a specialization in Data Science.

Please RSVP to Maria’s seminar below.