The foundation of Security B-Sides was predicated on individuals within the information security community who wanted to participate within their industry, sharing thoughts and ideas with other passionate InfoSec professionals, while creating a sense of community and stewardship for their collective tradecraft. Major conferences focus on the current hot topics in information security. B-Sides events explore the fringe of conversation and focus on the “next big thing”. B-Sides gives voice to the conversation that is happening just below the surface, and attending enables you to engage that conversation.
Unlike other events where the speaker is rushed in and out, B-Sides DC provides an intimate environment for the attendees to directly engage the speaker before, during, and after their talk or presentation. Attendees are looking for more than just information; they are looking to make connections they will call upon throughout the rest of the year. The attendees are overwhelmingly technical, with over 80% self-identifying “IT security ninja” as their role.
The 2017 Security B-Sides DC will be held at the Renaissance Washington DC Downtown in downtown Washington, DC from Friday, October 6 through Sunday, October 8, 2017.
This new venue was chosen as it provides BSidesDC with a great new and larger space that allows the event to grow this year and also for the future! The venue also offers a central location, Metrorail accessibility, and nearby eateries. Parking is available at the hotel and also in the surrounding area parking garages.
Please join Khaled Al-Hassanieh, Senior Software Engineer, to discuss “How to Detect Malicious Certificates in Your Spare Time” on Sunday October 8, 2017 in the Grand Central room.
We present machine learning algorithms for detecting malicious certificates with a high level of accuracy. The performance of our algorithm meets the demands of deploying such models in a product. Interestingly, the key ingredients for building such models are all publicly available! However, one still needs to connect the dots, i.e. collect represent good and malicious certificates from various online sources and/or network traffic as well as identify which “cookie-cutter” machine learning algorithm, available as Python libraries, to use.
Key takeaways from our presentation:
- Understand how to leverage the fact that SSL certificates contain information in a structured format to build machine learning models.
- It is embarrassingly easy to build algorithms for detecting malicious certificates using Python libraries. We will share results for three of them—Logistic Regression, Support Vector Machines, and Random Forests.
- Identify which attributes are important for distinguishing between malicious and legitimate certificates.
- The main challenges in deploying these models is the low prevalence environment—i.e., on an average, your network traffic will have orders of magnitude lower malicious certificates compared to legitimate ones. How do we fine tuning machine learning algorithms to perform robustly in such environments?
Khaled Al-Hassanieh is a senior software engineer at Fidelis Cybersecurity. His work combines software engineering and machine learning. He develops and productizes models for malware detection and other security applications. Before joining Fidelis Cybersecurity, he was a postdoctoral researcher at Los Alamos and Oak Ridge National Laboratories. As a theoretical physicist, he developed theoretical and numerical models to study condensed matter systems. His research has led to 29 peer-reviewed articles in renowned journals. Khaled holds a Ph.D. in Physics from Florida State University.