Deep Learning, Cyber Intelligence, Managing Privacy and Security, and Network Traffic Analysis: The Latest Work from the SEI
As part of an ongoing effort to keep you informed about our latest work, this blog post summarizes some recently published SEI reports, podcasts, and presentations highlighting our work in deep learning, cyber intelligence, interruption costs, digital footprints on social networks, managing privacy and security, and network traffic analysis. These publications highlight the latest work of SEI technologists in these areas. This post includes a listing of each publication, author(s), and links where they can be accessed on the SEI website.
By Ritwik Gupta, Carson Sestili
Although traditional machine learning methods are being successfully used to solve many problems in cybersecurity, their success often depends on choosing and extracting the right features from a data set, which can be hard with complex data. In this podcast, Ritwik Gupta and Carson Sestili explore deep learning, a popular and quickly growing subfield of machine learning, that has had great success resolving problems presented by these data sets and on many other problems where picking the right features for the job is hard or impossible.
View the SEI Podcast.
Best Practices in Cyber Intelligence
By Jared Ettinger
The SEI Emerging Technology Center is conducting a study sponsored by the U.S. Office of the Director of National Intelligence to understand cyber intelligence best practices, common challenges, and future technologies that we will culminate in a published report. Through interviews with U.S.-based organizations from a variety of sectors, researchers are identifying tools, practices, and resources that help those organizations make informed decisions that protect their information and assets. In this podcast, Jared Ettinger describes preliminary findings from the interviews including best practices in cyber intelligence.
View the SEI Podcast.
Digital Footprints: What Can be Learned from the Traces We Leave on Social Networks
By April Galyardt and Carson Sestili
Social networks have become part of our daily lives. We browse, share, "like," and generally communicate with friends using these tools every day. In the midst of all this, we rarely stop to consider how much information about ourselves we are freely handing over to the social network companies. This information, called "metadata," contains an incredibly rich--and often frighteningly detailed--view of some of the most personal aspects of our lives.
In this first webcast in a two-part series, the presenters describe what metadata is and what information can be gleaned from it.
Specifically, they discuss
- how metadata gets generated
- how it can be used to uncover extensive personal information
- steps you can take to protect your privacy
Digital Footprints: Managing Privacy and Security
By Lena Pons and Matthew Butkovic
With the recent Cambridge Analytica news and the rollout of the General Data Privacy Rule (GDPR) in Europe, there are many questions about how social media data privacy is managed and how it could be managed. The Federal Trade Commission (FTC) currently enforces rules for how companies communicate with users about how what data is collected, and how it is used. Following hearings in April about social network data privacy, legislators are considering expanding FTC's authority to give users more information and choices about how data is collected and with whom it is shared.
In this second webcast, which is part of a two-part series, the presenters discuss the situation, challenges related to enacting data- and privacy-related policy, and share their expertise on how to effectively legislate privacy and security.
This webcast is geared toward
- anyone who wants to better understand their rights to their data on social media
- executives and managers concerned about effects to changes to data privacy
- policymakers who want to understand technological challenges to controlling data access
SEI Cyber Minute: Interruption Costs
By Suzanne Miller
Watch SuZ Miller in this SEI Cyber Minute as she discusses "Interruption Costs" in the development process. Agile requires a mindset shift in terms of both what can be done in a short iteration and the importance of allowing the team to do the planned work if you expect to get a positive result.
View the SEI Cyber Minute.
New SiLK Analysis Suite Release Available for Download
The SEI's CERT Division has released a new major version (3.17.0) of the System for Internet-Level Knowledge (SiLK) traffic analysis suite. SiLK is a collection of tools designed to facilitate security analysis of large networks. The SiLK tool suite supports the efficient collection, storage, and analysis of network flow data, enabling network security analysts to rapidly query large historical traffic data sets. SiLK is capable of analyzing traffic on the backbone or border of a large, distributed enterprise or mid-sized Internet service provider.
Highlights of the new release include the following:
New analysis options. The rwaggbagtool command now supports filtering rows from an aggregate bag file when a field's value is below or above a designated value or when an IP address field is absent or present in an IPset file. This capability allows analysts to examine flow data in new ways. For instance, analysts can examine which IP address their networks are getting the most traffic from using any flow field as the key. The feature also supports set operations.
Compatible country codes. The rwgeoip2ccmap tool now supports MaxMind's GeoIP2 and GeoLite2 formats. The CSV versions of these formats are included in SiLK. This change aligns SiLK with current country code standards.
Improved timestamp fidelity. The rwuniq and rwstats tools now support millisecond timestamps when a fractional time is specified with the --bin-time switch. This feature enables analysts to aggregate results by fractions of a second.
Default IPv4 format. When the rwsetcat tool prints an IPset containing both IPv4 and IPv6 addresses, IPv4 addresses are no longer prefixed with "::ffff:" by default. However, the analyst can still view a mix of IPv6 and IPv6-mapped addresses if preferred. The change offers more flexibility in visualizing the data.
To learn more about the SiLK analysis suite, to download the latest version, and to learn about other useful tools produced by CERT, visit the CERT Network Situational Awareness Tools website.
Download the System for Internet-Level Knowledge (SiLK) Traffic Analysis Suite