Unconventional Methodologies to Consider in Information Security

why go blind twitter is his pocket that people ought to talk about who i am and where I come from and all that systems thinking as far as the way to way look at the

tools they your systems some of the consider the higher math involved

sometimes have a disclaimer kind of thing I think I decided everything

the monograms electrical engineering at Boston University you know the possum University mascot is anybody

Oh

don't tell her no here here all right my masters at the UVA let's go

fellow time in the army shop making the rocketry stuff swing right before I got the soccer moniker because I was the guy that first out Thank You Man takes about seven let's get him up to move all

kool dollars I to make sure her first expression big picture kind of guy that turn off today your enemies done yourself win yo yourself there Connor don't know you're gone you might win and you know I be yourself clear enemy I serve up with that the problem that we have a lot of our networks is understanding one what is on computer somebody's

if you're an organization when we letter probably seen a lot of the news we've done the problems if they're doing this is looking at the 15 terabits per second that's approximate Cisco Cisco said is going across internet every second trying to try to make sense of all that and figure out it's kind of a big problem obviously our own bed which smaller networks we're going range it's still there's no problem we'll figure out something like a link them all this information photograph one thing that I think that I want to do letters well is that I think a lot of people get too wrapped around they actually got to get really really excited about to land think your

particular tools or sell a little problems rather than building problem so one thing I encouraged Curtis all news and our networks is to look at it a top-down approach look at you have goals for you know if I go there's everybody everybody systems thank you trying to do with it which any video to have a objective goal as you quantify you don't have a reason why that goal is important than why purpose they will optimize what you have we'll also take a look take a look at the system and figure out based on the wave design what is that system values yes p times they dry out you know with different types of applications you're

going to have different weight how mentality integrity have your weight on one of those aspects you have to choose probably two to three Bastian and another thing is don't build a comp around tool time the two of the best problem unsolved problem great problems so in general we want to know what's up but what is actually probably was plugged into that work on things running on all your all different boxes out their routers switches servers workstations what things are going on in each of those boxes and are they doing the right thing miss my room is my router that's me passing traffic correctly Silverado things in the right place I've got a server who's it

is operating correctly under load is someone another thing we want to know is somebody trying to do something that on my network someone trying to kill my data someone trying to shut my stuff down so I'm trying to just get going to being able to figure that out and also figure out when you have a vulnerability to being able to effectively mitigate so that's kind of what actually is a problem with your networks in general so looking at three different off the beaten path ways of looking claims so with the state takes model what you're looking at is you have some equations that define you're buying your system and they're set up and linear in

your elegant fashion looking at things like as far as state barriers if you look at the human body for example they as a system and you want to figure out what the state what kind of state as we can combine it maybe let's say good health and that captain assemble State Fair there might be your blood pressure respiration rate make your body different different levels with different different chemicals in here in your bloodstream that sort of thing as far as inputs pretty consultant the inputs are designed to make some kind of change

what kind of things generator state transition is a combination of inputs are there certain kinds of inputs to do that cause you physical aspect for example one of your inputs into the human body system is alcohol at a certain point the alcohol generation we transition into a bad state too much alcohol thinking about how you get the system together as far as looking at different state variables and what you put you want to serve can you observe those things right now in my current state I can't tell you what my body chemistry is as far as how much how much uric acids am i blowing how much potassium how much sodium all those kind of things so those those things that are

not available currently them and obviously go dr. they draw some blood those are some of the things we got a look at what you say face model if you're not a hopefully after that scary too much this is the general come ova of the state space model as far as we have yet your inputs got your outputs and you have your state variables this is a continuous time so this is a first order derivative state

as an example a practical example the street time version basically the catcher server so patch electrode well things to kind of look at as part of the state of our server once the help of us over let's look alike is CP utilization on the server and never will be maxed out we were chugging through we have enough a state of that as far as we input into the system utilizes

utilization is way up high you

so that's that chunk right there I'm not going to go into actually not how to do this

but ideally what you want to do is you want to figure out what kind of how can I look at my system I kind of look at these what's happening on my system and garage some kind of way to control what's actually going in one system to effective and give me what I want I want my server to stay up as long as possible and a lot of the get choked up what can I do that would be a nice what it looks like nothing else traffic

home when it's not what kind of soup looking at a network person what what kind of purpose your network service probably shouldn't see a whole lot of traffic right

recap

the nation based followed most agent based models are focused on the interaction between the different the entities one engine based model for example might be a sheep wolves and grass sheep eat grass cheap you might have been also come you can also model much more complex for example traffic intersection spending in from different areas that model time of day as far as health encourage that along you can model the interactions between the drivers interaction with drivers near augusta more driving drunk driving close to Charles go over the more laid-back and relaxed

a lot of different reasons we look at eh based modeling is figuring out how many of these things with more attributes you look at it just requires more data as you have

if you don't have enough data coming we look at enough contribution your system you might not get an accurate picture now watch everyone else's favorite tools use to get excellent access or something I like ninjas so what my partner I did you da we looked at we use an agent based model too

one of the things we felt was a lot of people to rely heavily on to they want I to school to solve all the problems really look at what they have what the problem is I think all of the kind of development cycle we have to factor out their attacker time availability they equip them with minor things they've gotten into our stuff passional ability record something else try to find that in the sack one of the things we go Videology behind and policy

way we mop of that was we had we had ninjas that we're trying to break into your network obviously their attributes or skill hey Stevie that we trill

a level of training

the targets are in consultation they have a certain level value as they get broken into goodness and intellectual property their value will go down in time about product

we be able to realize that blowing up so your logo

netload will actually do that to the poor customize the charges if you will also have as many turtles usually very impressed and we let the simulation run

breaking points as far as Mary attackers to level

correlation start looking through mentally lifecycle

methodology looking for target defined target attack target is successful

discovered

scalpers

person

you know McNamara

this is kind of a thing it seems pretty intuitive as far as number number attackers time over time per pound as far as the manager calls over time the longer they're allowed to be there also remember organizations

a couple of interesting things found there's always some interesting dynamics underlying themes of may not be present one of the things we found one less have lower levels of skill attack damage to the cause as you can see it didn't really get up there too much and in some cases it kind of took more graduates look over the things we found more skilled offenders that cause more damage quickly this we found with the value basically evaluate everything it didn't come that also to value of the organization they're attacking higher value organizations are going to have those

a couple of different things male model of setup different entities with quality offense

everyone's favorite course one of the biggest things we'll just figure out like what is we have also

taking that over time 50 what what is

leave any Super Bowl hands up so what one year I took a basically all the data Oh

fact so what when you do baseball what's the what's the one teacher looking for facebook No

slugging percentage combination of the batting average

basically that was is that everybody

this is what I came up with I'm also kind of tractors with the real thing was black brown and not so bad book on the final we got basically fed of elevation reporting and tracking 15 and this is the range

tema models this is the wings we unfortunately that

maybe not so much on that another thing when the rest models

one thing that this is actually basics panel it's having physical model I

the state of

broken spam

you can go there you what I different models in a similar sense you want to have detection you want to go false positive my sales sorry little false negative you don't want to let through you don't want to let standard this is correctly identifying

both love

and this is kind of sore analysis part these are all the different indicators that were in that kind of great

all these little red dots or span

looking at you guys doing your own

the axes this is what it is is when the principal component analysis that it comes up with Oh where see this is actually like a translation

any one of these any one of these data field

basically there's

generally

a little bit unconventional way of looking at things too much

loser earlier I

my head like a rough overview what Israel yeah that poor lady out on top

so this is actually because the street tunnel we have miles to go

you have to go back through

derive this from every every service will differ in this in this instance of scars that your optimal utilization

those those two those two

C matrix in this case

I didn't want to go to crowd

I

I found really good w side learning logical things going around

I never thought about losing control systems kind of theory

we're all

patient resources

I can expect this appliance

in trying to apply to No

a good way

problem that paper the reason

by just building boxing's hear that you can buy a transcript that's three things get scripts monkey

I did this was real simple actually

I'm assuming you bought this from the paper there's a fairly famous that actually applied biosystems directly to men very well received vemia but