There is a current trend from "trapping" to "hunting". In order to fully understand the impact of a breach, the detection of malware threats needs to be complemented by the proactive exploration of anomalous network behavior and inter-artifact relationships. This activity is supported by machine learning techniques, which can be leveraged to aggregate and classify events at an unprecedented scale. This presentation highlights how machine learning and artificial intelligence can support a human operator in assessing a sophisticated threat that has breached a target network.
Giovanni Vigna has been researching and developing security technology for more than 20 years, working on malware analysis, web security, vulnerability assessment, and intrusion detection. Giovanni is currently a Professor in the Department of Computer Science at the University of California in Santa Barbara and is the director of the Computer Security Group at UCSB. He is the author of more than 200 publications, including peer-reviewed papers in journals, conferences, and workshops, a book on intrusion correlation, and (as an editor) a book on mobile code security. Giovanni has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy (in 2010 and 2011). He is known for organizing and running an annual inter-university Capture The Flag (iCTF) hacking contest that involves dozens of institutions and hundreds of students around the world. Giavanni also leads the Shellphish Hacking Team, which is the longest-running team playing at DefCon’s CTF.