Behaviour based detection (BBD) is built on examining activity over time to evaluate normal behaviour versus suspicious. As opposed to using traditional approaches with indicators of compromise, or geo-blocking, BBD examines patterns of behaviour on incoming connections, flagging unexpected or unusual sequences and activities for actions such as blocking or further examination. BBD can detect and block bad actors who use port knocking, or spray attacks to infiltrate systems before compromise occurs. We will discuss eight years of lessons learned while developing a BBD based system to detect and block bad actors based on subsystems for firewalls, ssh, web, and email. An overview of the software used and the approaches taken will be covered along with a discussion of further methodologies such as storage snapshots and applications for deep learning.

Summit Speaker

Lance Bailey

Director of IT, BC Cancer Research Institute

 Lance is the Director of IT at BC Cancer Research, and has worked in private sector, academic and medical research for close to 40 years.

View slide deck

Technology Track

Session Format
Speaker Presentation (45 minutes)