Computer Science Special Seminar
- Gates Hillman Centers
- ASA Conference Room 6115
- SEBASTIÁN GARCÍA
- Researcher and Teacher
- Department of Computer Science
- Czech Technical University in Prague
The Stratosphere Datasets: Advanced malware, normal and attack data for your network security research
This talk is a walk through the very large and labeled malware, IoT and attack datasets of the Stratosphere Lab. Among other security and ML research activities, one of the goals of the Stratosphere Lab is to create real, long, verified and labeled datasets for security research. This dataset is a huge collection of traffic that focuses on real (no simulations) and weeks-long malware executions, normal behaviors, infected normal employees, real hand-made attacks, traffic from real IoT devices, dozens of honeypots and background traffic from our university. Among the features of our datasets are that all malware is allowed to really attack the Internet, the normal captures are verified, we have mixed traffic that includes normal users while they are infected with malware, more than 10 honeypots in several countries, a variety of real IoT hardware devices and several years of background university traffic. The data is being used for IoT ML detection, adversary learning, behavioral profiling and more. In the more than 450 captures there are real local infections with Wannacry ransomware, a myriad of HTTPS malware (the traffic opened with mitmproxy), almost all big botnets, millions of attacks to our honeypots and real DDoS attacks from IoT malware. Ladies and gentlemen, step right up and see!"
Sebastian Garcia is a malware researcher and security teacher that has extensive experience in machine learning applied on network traffic. He founded the Stratosphere Lab, home of the first machine learning-based, free software IPS. The Stratosphere Lab has ~15 researchers working in security topics and executing malware to create large datasets. He likes to analyze network patterns and attacks with machine learning. As a researcher in the AIC group of the Czech Technical University in Prague, he believes that free software and machine learning tools can help better protect users from abuse of their digital rights. He has been teaching in several countries and Universities and working on penetration testing for both corporations and governments. He was lucky enough to talk several conferences such as Ekoparty, DeepSec, Hackitivy, Botconf, Hacklu, InBot, SecuritySessions, ECAI, CitizenLab, ArgenCor, Free Software Foundation Europe, VirusBulletin, BSides Vienna, HITB Singapore, CACIC, AAMAS, etc. He co-founded the MatesLab hackspace in Argentina and also co-founded the Independent Fund for Woman in Tech. He researches on honeypots, malware traffic detection, social networks troll detection, distributed scanning (dnmap) keystroke dynamics, Bluetooth analysis, privacy protection, intruder detection, robotics, microphone detection with SDR (Salamandra) and biohacking.
Faculty Host: Justine Sherry