Security Congress Abstract
Networks are complex systems and too often no one knows everything about what's happening. Most knowledge about the network is about typical activity. But what about atypical activity?
There are many reasons to want to find unusual network behavior. The biggest reason is that it may be a sign of something new/unexpected. This doesn't necessarily imply that a network intrusion is underway; there are many other possibilities, but unusual behavior is something you want to know.
This talk isn't about commercial tools; it's an introduction to writing your own tools for detecting unusual network events. We'll use Python, with some easily available PIP installations, and look at some simple approaches to the problem that answer some interesting questions and scale well.