BSides DC 2018 - Network Traffic is an Open Book

To a network interface, the traffic through it reads like an open book in a foreign language: legible but unintelligible. To read this language, we build models using natural language processing and deep machine learning techniques. These models can then accurately classify network traffic because they understand it so well that they can parse its context; as a person would when reading a book. In this presentation, we cover: • how to use natural language processing and machine learning to analyze traffic (even encrypted traffic!); • how to perform the analysis at scale using Apache Spark and TensorFlow’s newest memory-efficient API’s; and • what generally applicable insights we have gleaned in the process. Advait Nagarkar (Senior Data Scientist at Fidelis Cybersecurity) Dr. Advait Nagarkar is a Data Scientist at Fidelis Cybersecurity, where his principal focus is on the detection of malware in network traffic. Before joining Fidelis, he worked at Oath Inc. (i.e., AOL+Yahoo), where his principal focus was classification and natural language processing analysis of email data. Advait holds a PhD in Nuclear Physics which he earned working on the ATLAS experiment at the Large Hadron Collider, where his principal focus was particle physics data analysis. Daniel Marino-Johnson (Data Scientist at Fidelis Cybersecurity) Daniel Mariño Johnson is a Data Scientist at Fidelis Cybersecurity. He develops predictive models for detecting malware and data science based products to enhance the productivity of security analysts. He received his B.S. in Mathematics at the University of Maryland and has been published in a peer-reviewed journal in the field of differential equations. His interests include cybersecurity, machine learning, and natural language.