Starting this Saturday, Black Hat USA 2013 will be convening at Caesar’s Palace in Las Vegas. In this series, intended to preview many of the talks and presentations scheduled for the event, SiliconANGLE will focus on the exploitative vulnerabilities associated with big data and how those vulnerabilities can be limited.

In an article for this series, written last week, we focused on Endgame and their new Hadoop-based open framework, BinaryPig. In it, we discussed how their specific endeavor sought to feed malware data into their system, performing on it a static analysis in the hopes they might extract specific feature sets used for performing large-scale machine learning.

Today, we will highlight a presentation to be offered by Alexandre Pinto. Pinto’s security expertise stems from more than 13 years dedicated to information security solutions architecture, strategy advisory and monitoring. His presentation, entitled ‘Defending Networks with Incomplete Information: A Machine Learning Approach’, shows the data and compute precipice upon which we are currently standing. It is quite obvious, with the staggering projections on data usage, we will need to rely on computers to sift through and recognize patterns in the data on their own.

As the technology currently allows, there is a reliance on top security practitioners to stand, seemingly with their fingers in the dyke, against an ever increasing flood of data. Even with the advances in malware and targeted attacks detection technologies, Pinto claims, “[They] can only do so much in a 24-hour day; even less if you let them eat and sleep.” Add to their daunting task the fact there is an appallingly scant number of individuals with the capability to simply act as a security monitor, let alone those who are able to detect a complex incident and enact a security response.

This, according to the presentation abstract submitted by Pinto, is where the use of Machine Learning can be used to automatically prioritize and classify potential events and attacks as something that might be regarded as benign, something that could be blocked automatically, or something that requires the immediate attention of your security analyst.

Pinto intends to, for the first time, publically present an actual implementation of those concepts. His free-to-use web service leverages Open Source Intelligence (OSINT) along with knowledge about the spatial distribution of the Internet to generate a fluid and constantly updated classifier. When employed, it is able to pinpoint areas of interest on submitted network traffic logs.

Alexandre Pinto’s presentation is currently scheduled for 5:00pm on Thursday, August 1.