GraphConnect 2020 has ended
Back To Schedule
Wednesday, April 22 • 3:30pm - 4:10pm
Which Comes First, The Data Model or the Algorithm?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The intelligence community has applied link analysis to everything from modeling call records to financial transactions. But what happens when you apply the same techniques to the technical artifacts of cyberattacks? How do you avoid overthinking your data model when modeling such complex data?    

Cybersecurity may be the ideal domain for graph analysis as the relationships between technical attributes are often more critical than the discrete values. For example, an attribute's maliciousness often depends on the surrounding context. This can include the presence or absence of other attributes, the behaviors that those attributes exhibited, and the similarity of that behavior with other attack vectors. Graphs and contextual link analysis are very effective mechanisms for identifying potentially malicious activity.

However, before performing any type of analysis, you need to create the data model! While many graph data model examples are reasonably straightforward, the modeling of cybersecurity data can become quite complex. You would ideally model the attributes of any real world artifact (e.g., an email or file), the occasions in which those attributes were seen together, the behavior that those attributes exhibited when they were observed, and the source of your knowledge about those relationships. But how much knowledge do you really need to encode in the graph? When should you rely on path traversals rather than leveraging more advanced graph algorithms? Do you need to create a hyper graph in order to capture the source of relationships? What are the performance implications? How do you expire data from the graph? And finally, how do you make some decisions and actually build something?

avatar for Liz Maida

Liz Maida

CEO, UpLevel Security (McAfee)
Liz Maida is the Founder and CEO of Uplevel Security (recently acquired by McAfee). She was previously a Senior Director at Akamai Technologies and served in multiple executive roles focused on technology strategy and new product development. She played a lead role in Akamai’s initial... Read More →

Wednesday April 22, 2020 3:30pm - 4:10pm EDT
Room 2