Join us on Wednesday, March 19th at 10am Pacific for the webinar “Integrating ML Analysis with Zeek”.
The Speaker is Dubem Nwoji from Corelight
Abstract:
Traditionally, analysts employ Zeek’s scripting capabilities to parse and analyze network behavior imperatively, a method that proves sufficient for various scenarios. However, as the complexity of network behavior escalates, the need for more sophisticated analysis techniques becomes evident.
A growing trend exists to integrate machine learning (ML) downstream in response to this complexity. This integration typically involves analyzing Zeek-generated logs with ML platforms, balancing ease of use with performance. However, this method raises the question of whether analysis can be optimized by processing data directly at the source, especially within air-gapped, isolated environments requiring independent AI/ML operations.
This presentation will delve into Zeek’s capabilities to forward event data to non-Zeek processes, like Python applications or locally deployed sidecars, for immediate AI/ML inference. This feature reduces metadata volume and avoids the labor-intensive log generation and ingestion cycle. The result is a more efficient workflow, faster threat detection, and a proactive cybersecurity stance, applicable even in air-gapped settings. We will discuss the practical integration of Zeek with AI/ML, its ease of implementation, and the potential impact on future security strategies.
Bio:
Dubem’s work lies at the intersection of data analytics and security. As a Researcher at Corelight Labs, he melds his knowledge of network security with advanced machine learning techniques to tackle pressing questions in the field, particularly focusing on integrating analytical models seamlessly with Zeek’s powerful monitoring capabilities. He holds an MS in Data Informatics from the University of Southern California.