My name is Emanuel Seemann and I have been working as a Data Scientist at Crowdsec since 2022.
I have a degree in pure mathematics from ETH Zürich and got into programming by writing minecraft mods as a kid. Since then I have been hacking away at various coding projects in a variety of different languages. When I'm not behind my computer you can sometimes find me on the lake in a sailing boat.
At Crowdsec we receive a lot of signals of users detecting attacks using our open source intrusion prevention system. We used these signals to detect whether attackers are behind anonymization services such as proxies or VPNs. We show that by monitoring changes in attack behavior over time we can reliably detect proxies and VPNs and use this data to improve our threat intelligence.
Crowdsec is an open-source IDS/IPS and we recently added a detection capability that is based on Bayesian inference, a technique which has long been used to detect email spam. We show that this old and simple tool is still incredibly powerful and present how other threat analysts can improve their threat detection using Bayesian inference.