Engineering seminar: Cyber Storm Tracker — Using Machine Learning for Cyber Log Data

/in


Dr. Glenn A. Fink, a senior cyber sercurity researcher with Pacific Northwest National Laboratory (PNNL), will give the talk.

Cyber logs are not human language, but of all the common data types used in machine learning (ML), natural language is the closest. But cyber log data is very different from natural lanuage. Log lines contains lots of random-looking garbage. IP addresses and other things frequently change definition. Punctuationh is all over the place. Domain names look like Windows Active Directory names, which look like many other cyber “nouns.” And the syntax and semantics of phrases and terms changes from sensor to sensor. This makes cyber data challenging to ingest into ML models. 

Dr. Fink will talk about the work done at PNNL to ingest cyber logs into natural language processing tools using embeddings. He’ll also show how embeddings can be used as coordinates to show how IP addresses change behavior and relate over time. At the end, seminar attendees will understand why there are still not many true ML methods out there for cyber, and what the major challenges are ahead. 

Dr. Find has worked in computer security, deep learning, visualization, bio-inspired design and human-centric computing at PNNL since 2006. He is the lead inventor of several technologies, including PNNL’s Digital Ants technology, which Scientific American cited as one of 10 “world-changing ideas” in 2010. Digital Ants recently earned an award for Excellence in Technology Transfer from the Federal Laboratory Consortium and was listed as a finalist for an R&D 100 award. His work includes research in bio-inspired, decentralized cyber security and privacy. He has published numerous scientific articles and papers, has edited a book and hosted several workshops on computer security, privacy and the Internet of Things. 

Dr. Fink was a three-year NSF IGERT Graduate Fellow at Virginia Polytechnic Institute and State University, where he completed his Ph.D. in computer science in 2006. Dr. Fink’s dissertation, “Visual Correlation of Network Traffic and Host Processes,” fostered the Hone technology that currently is an open-source software project. Dr. Fink was a software…

Source…