Engineering Seminar: Cyber ​​Storm Tracker — Using Machine Learning for Cyber ​​Log Data

Dr. Glenn A. Fink, senior cybersecurity researcher at Pacific Northwest National Laboratory (PNNL), will give the talk.

Cyber ​​logs are not human language, but of all the common data types used in machine learning (ML), natural language is the closest. But cyberlog data is very different from natural language. Log lines contain a lot of random looking garbage. IP addresses and other things change definitions frequently. Punctuation is everywhere. Domain names look like Windows Active Directory names, which look like many other cyber “names”. And the syntax and semantics of phrases and terms change from sensor to sensor. This makes cyber data difficult to ingest into ML models.

Dr. Fink will talk about the work done at PNNL to ingest computer logs into natural language processing tools using embeddings. It will also show how embeddings can be used as coordinates to show how IP addresses change in behavior and relate over time. At the end, seminar participants will understand why there are still not many true ML methods for cyber, and what the main challenges are ahead.

Dr. Find has been working in the fields of computer security, deep learning, visualization, bio-inspired design and human-centered computing at PNNL since 2006. He is the lead inventor of several technologies, including the PNNL’s Digital Ants technology, which American Scientist cited as one of 10 “World-Changing Ideas” in 2010. Digital Ants recently won an Excellence in Technology Transfer Award from the Federal Laboratory Consortium and was a finalist for an R&D 100 Award. Their work includes research on bio-inspired and decentralized cybersecurity and privacy. He has published numerous articles and scientific papers, edited a book and conducted several workshops on computer security, privacy and the Internet of Things.

Dr. Fink was an NSF IGERT Fellow for three years at Virginia Polytechnic Institute and State University, where he earned his Ph.D. in computer science in 2006. Dr. Fink’s thesis, “Visual Correlation of Network Traffic and Host Processes”, promoted the Hone technology which is currently an open source software project. Dr. Fink was a software engineer for 15 years at the Naval Surface Warfare Center in Dahlgren, Va., where he worked on projects such as the Trident ballistic missile program, a unified ground control station for unoccupied aerial vehicles and a virtual operation. network for rapid deployment coalition warfare. Dr. Fink served for 11 years as an army reserve officer in the Signal Corps, where he rose to the rank of captain and commanded a communications company.

Login information

Join Zoom meeting

Friday, April 8 at 12 p.m.

for 1:00 p.m.

Virtual event

Sherry J. Basler