Daniel Johnston

Daniel Johnston is a security researcher in the Imperva Threat Research group. Daniel holds a MSc in Cyber Security from Queen's University Belfast, and has over 7 years of experience in network and web application security. At Imperva Daniel specializes in web application security, bot detection, malware and threat intelligence research.


Session

12-14
10:00
45min
Unmasking APT Malware Activity: Real-World Malware Campaign Tracking Using Big Data Analytics and Machine Learning Clustering
Daniel Johnston, Ori Nakar

Our talk introduces an innovative framework for automating the identification and handling of malware samples targeting web servers, leveraging big data analytics and machine learning to cluster and track active malware campaigns. We will demonstrate an innovative and unique framework that employs heuristic analysis to autonomously identify and process web-delivered malware samples. This framework enhances the efficiency and accuracy of malware detection in large data sets, reducing the reliance on manual intervention, and enabling near real-time threat hunting, and campaign tracking.

Building upon the collected malware data, we utilize big data analytics techniques to track and monitor malwares, cluster similar malware samples and associated network activity, to unveil patterns and connections between various campaigns. This clustering approach provides deeper insights into the tactics, techniques, and procedures (TTPs) employed by threat actors, facilitating the identification of overarching strategies and objectives.

We will conclude with a detailed analysis of notable real-world malware campaigns identified through this system. Attendees will gain insights into the operational methodologies of these campaigns, their impact and the defensive measures that can be employed. Case studies will highlight real-world applications and the effectiveness of our automated approach in enhancing cybersecurity posture.

Main talk track
Track 2