Engineering Workshop: Tracker Tyber Storm – Using Machine Learning for Cyber ​​Data

Dr. Glenn A. Fink, a senior cybersecurity researcher, reports at the National Pacific Northwest Laboratory (PNNL).

Cyber ​​journals are not human language, but of all the common types of data used in machine learning (ML), natural language is the closest. But cyber data is very different from natural language. Line lines contain random waste that is visible. IP addresses and other things often change the definition. Punctuation is everywhere. Domain names are similar to Windows Active Directory names, which are similar to many other cyber “names”. And the syntax and semantics of phrases and terms change from sensor to sensor. This makes it difficult to integrate cyber data into ML models.

Dr. Fink talks about the work that has been done at PNNL to integrate cyber reports into natural language processing tools using input. It also shows how input can be used as coordinates to show how IP addresses change behavior and relate over time. Finally, workshop participants will understand why there are still no real ML methods in cyber and what challenges lie ahead.

Dr. Finn has worked at PNNL since 2006 in the areas of computer security, in-depth training, visualization, biological design, and human-centered access. He is a leading inventor of several technologies, including PNNL Digital Ants technology. American Science cited as one of the 10 “changing world” ideas of 2010. Digital Ants recently won the Federal Laboratory Consortium Award for Excellence in Technology Transfer and was named a finalist in the R&D 100 Award. His work includes research in the field of cyber security and biosecurity, decentralized. He has published numerous scientific articles and essays, edited a book, and conducted several seminars on computer security, privacy, and the Internet of Things.

Dr. Fink was a three-year NSF IGERT graduate from Virginia Polytechnic Institute and Virginia State University, where he received his Ph.D. In Computer Science in 2006. Dr. Fink’s dissertation, “Visual Correlation of Network Traffic and Host Processes,” promoted Hone’s technology, which is currently an open source software project. Dr. Fink has been a software engineer for 15 years at the Naval Level War Center in Dalgren, Virginia, where he has worked on projects such as the Trident ballistic missile program, a single ground control station for unmanned aerial vehicles and virtual operations. a network for the rapid deployment of coalition warfare. Dr. Fink served for 11 years as an Army Reserve Officer in the Signal Corps, where he rose to the rank of captain and commanded a communications company.

Digital information

Join the Zoom meeting

Friday, April 8, 12:00 p.m.

to 13:00

Virtual event

Leave a Comment