Threat Detection Using Time Series Analysis and Summary Statistics of Darknet Probes and OSSEC Reports

Wednesday, April 20 | 10:15a.m. - 11:45a.m. | Cascade Ballroom II, Mezzanine Level, Second Floor
Session Type: Professional Development
The ability to detect malicious activity across an organization's computing infrastructure is an ongoing problem we face as information security practitioners. Where can an organization start when building a threat detection program? How can an organization gain threat detection intelligence using free tools? This presentation will address these questions and provide initial steps taken toward developing a threat detection program. Our darknet sensor data comes from dropped packets logged by iptables and collected by OSSEC. We use ossec-reportd to generate reports from across our infrastructure. These data are imported into R for statistical computing and graphics.


OUTCOMES: Learn about implementing a threat detection program * Learn about importing OSSEC data into R * Learn introductory R concepts for creating security metrics

Speakers

  • Clay Wells

    Information Security Engineer, University of Pennsylvania

Resources & Downloads