Network Protocol Classification with Random Forests

Channel:
United States SANS Cyber Defense
Subscribers:
20,000
Published on ● Video Link: https://www.youtube.com/watch?v=YpzJ4kik8PY


Duration: 50:35
500 views
18

During part 2 of “Applying Machine Learning to Network Anomalies,” someone on the livestream asked if a Random Forest could be used to solve the same problem. I answered, “No,” but promised to do a session explaining why not.

Tune in to learn a little bit about Random Forests, how to apply them to classification problems, and why they don’t work well for anomaly detection.

David Hoelzer, the operations chief for Enclave Forensics, Inc. and a managing partner with Occulumen, Ltd. (and SANS Fellow) will lead this livestream. David has more than thirty years of experience in the IT and cybersecurity fields, with more than 25 years specifically in the network monitoring, SOC operations, and incident response fields. He leads the machine learning function within Enclave Forensics and is the author of both SEC503 (Intrusion Detection In-Depth) and SEC595 (Applied Data Science and Machine Learning/AI for Cybersecurity Professionals).

https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/
https://www.sans.org/cyber-security-courses/applied-data-science-machine-learning/

#machinelearning #ai #ml #networking #datascience



Other Videos By SANS Cyber Defense


2021-11-01Threats & Challenges 2021: What Cyber Defenders Need to Know – and Do
2021-10-30Knocking on Clouds Door: Threat Hunting Powered by Azure AD Reports and Azula
2021-10-29Random Forests: Still Useful?
2021-10-28Data Science for SOC: A Practical Example of Detecting Advanced Credential Attacks
2021-10-26TShark: Leveraging statistics | Nik Alleyne
2021-10-26The Yellow Brick Road: Where Lions and Tigers and Bears Meet
2021-10-24Adversary Simulation: Measure and Close the Gaps in Your Security Posture
2021-10-22Can we REALLY 10X the SOC?
2021-10-21Zero Trust Architecture – Applying ZTA in Today’s Environment
2021-10-20A River Runs Through IT: What Whitewater Rafting Taught Me About Incident Response
2021-10-15Network Protocol Classification with Random Forests
2021-10-15Container Monitoring
2021-10-08Applying Machine Learning to Network Anomalies | Part 3
2021-09-17Machine Learning with Zeek and Tensorflow (Part 2): Processing the Data
2021-09-07Key Tactics for Automating Security Operations
2021-09-03Machine Learning with Zeek and Tensorflow (Part 1): Talking to Zeek
2021-08-23SANS Blue Team Summit 2021
2021-08-18TShark - Working with Regular Expressions
2021-08-14SOC Automation with PowerShell Interactive Notebooks
2021-08-12Understanding And Using GIT
2021-08-06Introducing SANS role-based labs


Tags:
network protocol
network protocol classification
random forests
network protocol classification with random forests
dave hoelzer
sans sec595
sec595
david hoelzer
dave hoelzer sans institute
david hoelzer sans institute