BigSnarf blog

Infosec FTW

Category Archives: Thoughts

NLP Use Cases


Identity is the perimeter


Most anomaly detection techniques I’ve seen is to record login data.

  • Alert of threshold
  • Alert threshold over time
  • Maintain a count for logins
  • Maintain a count for failures
  • Track IP Addresses

Ensemble ML Diagrams




Good Sources of Labelled Security Attack Data – The ongoing challenge

Screen Shot 2016-05-09 at 8.15.43 AM

We all need to watch for compromising account credentials.

  • password brute forcing/password guessing
  • password reset
  • phishing/whaling
  • credential leaks/harvesting
  • drive by compromise

How do you watch this stuff in the cloud? Workstations? Users?  Account breaches increase risk and gives a “bad guy” anywhere, anytime access.

Also, in regards to this interesting slide above from RSA conference. I would add:

  • Crawl – Public Data
  • Walk – HoneyPot Data
  • Jog – Red Team Data
  • Run – Shared Normalized Breach Data and Attach Methodology for PP rules (IMHO)

Retraining Inception 3 Tensorflow to recognize new task

RF, SVM, KNN ensembles training

Screen Shot 2016-03-26 at 12.24.10 AM

Spark OLAP

STL for anomaly detection

Table Flip


Intrusion Detection approaches for Anomaly Detection still rely on the Analyst not Software

Typical approaches for Anomaly Detection

  1. Statistical anomaly detection using 90th and 99th percentile T-Digest Algorithm, Time Series Analysis, Heavy Hitters, TopK
  2. Distance based methods like SimHash and LSH on features
  3. Rule-based detection using Data Mining (geoLocation, login behaviors per day, workstation, time)
  4. Signature-based detection using Snort and BRO
  5. Model based AD built on tons of features for DNS traffic, Users, Servers
  6. Change Detection
  7. Machine Learning

Typical approaches for Analyst ad-hoc query detection

  1. Visual Analysis
  2. Alert investigation
  3. Correlation Analysis
  4. Search
  5. SQL
  6. Time Series Analysis
  7. Graph Processing Queries

Get every new post delivered to your Inbox.

Join 53 other followers