Cryptocoin Miners vs ML - John Callahan

JONN CALLAHAN This talk will be a walkthrough of how Jonn built a detection engine focused on finding cryptocoin miners within an AWS architecture. It utilizes AWS Flow Logs as the data source and multiple statistical analysis techniques for both massaging the data and performing the actual detection. This will not be a deep dive of the math itself, but rather a high-level overview of why Jonn chose the techniques he did. If you've ever wanted to take your blue team skills to a level beyond simple rule generation, this will be the talk for you. Jonn Callahan spent the last six years working within appsec but have spent a lot of my free time (and R&D company time) building tooling. Jonn got a love for automation and have recently rediscovered my love for math through learning ML. While marrying these fields together is nothing new nor novel, Jonn wanted to bring these concepts into the light, showing that you don't need a PhD in mathematics to leverage these concepts to further enhance your blue team responsiveness and environment insight.