BSidesAugusta 2023

BSidesAugusta 2023

Harnessing ML and AI for Next-Gen Security Engineering
2023-10-07 , Track 4

The next generation of cybersecurity engineers will be data engineers who happen to specialize in cybersecurity. This talk aims at showing how cybersecurity engineers can benefit from today's technology to make sense of the sea of data that they are gathering. Currently, we are constantly bombarded with information about GPT, ML, AI, and a variety of abbreviations. The question is, though, how can we as cybersecurity engineers capitalize on these tools? I will answer this question with a concrete example of the usage of ML and AI from the perspective of a cybersecurity researcher. The goal of my talk is to show that, with today's tools, a cybersecurity professional can make new discoveries and invent creative ways of using cybersecurity data for business solutions.

First, I will dive into the types of data we encounter in the cybersecurity ecosystem. Then I will analyze the framework of exploratory data analysis (EDA), which includes statistics and visualizations to make sense of an opaque dataset. I will give solid examples of how we engineer features from our data. Finally, I will demonstrate the use of AI to "question" your data, help you draw conclusions, and create models to detect malicious behavior.

This talk includes a demo with Jupyter notebooks and public packet capture data. It demonstrates how we can capitalize on packet captures to discover malicious activity using Pandas AI, Scikit LLM, and a variety of Python libraries. The audience is taken through the journey of raw data, exploratory data analysis, feature engineering, and finally modeling. Through this journey from raw data to models, I aim to describe the possibilities that ML and openAI models have opened for cybersecurity engineers to be creative and resourceful. The code for this talk is in the repo: https://github.com/mundruid/bsides-augusta-2023.

Xenia Mountrouidou is a Senior Security Researcher at CyberadAPT with a versatile experience in academia and industry. She has over 10 years of research experience in network security, machine learning, and data analytics for computer networks. She enjoys writing Python scripts to automate the boring things, finding interesting patterns with machine learning algorithms, and researching novel intrusion detection techniques. Her research interests revolve around network security, Internet of Things, intrusion detection, and machine learning. She has authored scholarly papers in the areas of performance modeling, computer networks, embedded computer architectures, and computer network security.