DEF CON 32 - Signature-Based Detection Using Network Timing - Josh Pyorre
About this talk
Malware traffic is commonly identified using signatures based off its code, strings, and associated network infrastructure. However, it's also possible to build signatures from the timing between network transactions. This presentation will explore using network captures of known malicious network activity to find similar behavior in random traffic. The talk is technical as it involves processing packets with Python and a some data science, but will be presented in a way that anyone should be able to understand and enjoy.
Stay Updated
Get notified about new features and conference additions.
