Registration is NOW Open
Marriott Wardman Park
2660 Woodley Rd NW
Washington DC, District of Columbia 20008 USA
Phone: 1-202-328-2000 

Book Now 
*discount rates expire August 19, 2019
Thursday, September 12 • 11:30am - 12:15pm
Cryptocoin Miners vs Machine Learning

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This talk will be a walkthrough of how I built a detection engine focused on finding cryptocoin miners within an AWS architecture. It utilizes AWS Flow Logs as the data source and multiple statistical analysis techniques for both massaging the data and performing the actual detection. AWS Flow Logs do not function as traditional per-packet 5-tuple captures. Instead, the data is aggregated over a 10-minute period, organized by unique IP address and port numbers. This presents a unique challenge for building a detection model as you don't have detailed per-packet logs. The methodology itself follows an iterative design: look for a pattern, implement into code, check for false positives. This is repeated until we have a sufficiently knowledgable model capable of flagging cryptocoin mining traffic with a minimal false positive rate. The techniques discussed include cluster analysis via k-means and DBSCAN, convex hulls, linear regression analysis, nearest neighbor, and several other simple but very powerful statistical analysis techniques. The final implementation will be built on top of ELK, culminating into a turn-key release that owners can drop into their environments.

avatar for Jonn Callahan

Jonn Callahan

Jonn started his career working within the government sector, helping to start a program responsible for securing web applications run on government infrastructure.Looking to expand his experience beyond the .NET stack and the occasional Java app, he moved into the private sector... Read More →

Thursday September 12, 2019 11:30am - 12:15pm
Lincoln 4