Loading…
BSidesSF 2019 has ended
View analytic
Monday, March 4 • 11:00am - 11:30am
Making Sense of Unstructured Threat Data

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Over the last decade the cybersecurity community has made significant progress on collecting and aggregating intelligence that describes threat actors and campaigns, their tactics and techniques, and technical IOCs leveraged by them. However, tracking this intelligence as part of cybersecurity operations or applying it to analytical systems is difficult because it is generally unstructured. Knowledge bases like MITRE's ATT&CK are an excellent example of how useful intelligence can be once it's organized—getting to that end state is a huge challenge. In this presentation we will show how recent advances in Natural Language Processing (NLP) can help us organize this intelligence and add structure to make it actionable. We will demonstrate how to use Word2Vec: a shallow neural network which understands meanings and relationships between words and can therefore be used to organize the information these documents provide. This exercise trains a Word2Vec model on open source intelligence reports coming from EU-CERT and US-CERT and clusters them into ‘tactical categories’, that can be mapped to the MITRE ATT&CK framework.

Speakers
avatar for Zainab Danish

Zainab Danish

Data Scientist, Trustar Technology
Zainab has been working as a Data Scientist at TruSTAR since July 2018. She laid down groundwork for a new data infrastructure at TruSTAR and is helping design more optimized workflows. She also builds Machine Learning models to augment core services in the security platform and loves... Read More →
NK

Nicolas Kseib

Nicolas is the Lead Data Scientist at TruSTAR Technology, a threat intelligence platform built to accelerate enterprise security investigations. He leads the company's data science initiatives and roadmap. He is always thinking of ways to leverage analytics and machine learning to... Read More →



Monday March 4, 2019 11:00am - 11:30am
Theater 15 (overflow in #11)