Behavioral Analysis from DNS and Network Traffic presented at Deepsec 2016

by Josh Pyorre,

Summary : Multiple methods exist for detecting malicious activity in a network, including intrusion detection, anti-virus and log analysis. But the majority of these use signatures, looking for already known events and they typically require some level of human intervention and maintenance.
However,using behavioral analysis, it's possible to observe and create a baseline of average behavior on a network, enabling intelligent notification of anomolous activity. This talk will demonstrate methods of performing this activity in any environment. Attendees will learn new methods which they can apply to further monitor and secure their networks.