All of the little handshakes and file exchanges that happen behind the scenes when we use computers on a network are recorded here. These are file records of network traffic. The goal of Infosec when looking through network traffic is to find 1) communications of malware with Command and control servers 2) malware jumping between devices on the network 3) someone else spying on network traffic 4) unsecured communications.Īt a basic level, this can be done by looking at packet capture (pcap) files. This is often done using heuristic/rules based methods and trained human agents. Network intrusion detection and Infsec usually start and end with sniffing network traffic for unusual stuff. We'll move through this process setp by step: In this post I'm going to walk through one simple way to store the network traffic on a single device for later inspection. I'm actually doing something more sophisticated than that, but it's not worth going into here. This would give me labeled data to do amchine learning on! How can I do this? Well, if I were to take the most naive approach, I could infect different computers with a variety of malware and collect the internet traffic. To fight this I've started collecting my own data to work on. If the data isn't proprly cleaned you can leak sensitive data or private communications. THis data is rare for good reason! Getting access to someone's network traffic gives you a lot of information about how they work and what they do. There are a few interesting sets like the Darpa Intrusion dataset, but they are few and far between. Unfortunately, datasets for building these kinds of models is scarce. Other than the usual precautions one might take against malware/network intrusion such as antivirus software, password managers, always using the latest firmware on routers and IOT.I've also been training models to detect beacons (periodic communications between malware and command and control servers) and DGA (domain generating algorithms). Recently I've been playing around with what I call "hobbyist cyber security".
0 kommentar(er)
