A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


CHIRON - Home based ML IDS - Rod Soto & Joseph Zadeh Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

CHIRON - Home based ML IDS
Rod Soto & Joseph Zadeh
Derbycon 2017

CHIRON is an open source python based Machine Learning framework that applies security analytics to home network traffic and for dynamic learning of indicators of external threats and other potential malicious activity. The tool continuously monitors network traffic and applies machine learning techniques for adaptive discovery and baselining of a small user population. Initial use cases in v1.0 include: - Identification of assets in home network (IoTs, Workstations, Laptops, Servers, routers) - Fingerprints users, services, and protocols - Applies analytics to users and devices (Average session length, Traffic, Visited sites) to determine standard usage behavior and service profiles CHIRON framework will then perform dynamic analysis that will provide users with the following -- High risk domains, assets, users -- Usage per asset and user -- Social media usage -- Malicious file downloads -- Data usage (Cloud Services) Chiron will provide users with indicator of high risk assets, users and visited sites as well as identification of malicious sites and payloads. The goal of Chiron is to provide detection of threats using behavioral machine learning techniques. This provide users with a free lightweight open source tool that does not depend on static commercial signatures. CHIRON can run on Security Onion Linux distribution, it uses BRO IDS framework to process network traffic and does not need production hardware in order to be deployed. The more storage space allocated to underlying log data will provide with greater visibility

Rod Soto has over 15 years of experience in information technology and security. Currently working as a Director of Security Research at JASK.AI. He has spoken at ISSA, ISC2, OWASP, DEFCON, Black Hat, RSA, Hackmiami, Bsides and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision and CNN. Rod Soto was the winner of the 2012 BlackHat Las vegas CTF competition and is the founder and lead developer of the Kommand && KonTroll competitive hacking Tournament series. Joseph Zadeh studied mathematics in college and received a BS from University California, Riverside and an MS and PhD from Purdue University. While in college, he worked in a Network Operation Center focused on security and network performance baselines and during that time he spoke at DEFCON and Torcon security conferences. Most recently he joined JASK.AI as Chief Data Scientist. Previously, Joseph was part of Splunk UBA and the data science consulting team at Greenplum/Pivotal helping focused on Cyber Security analytics and also part of Kaiser Permanentes first Cyber Security R&D team.

@rodsoto @josephzadeh

Back to Derbycon 2017 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast