Advancing Network Threat Detection Thru Standardized Feature Extraction & Dynamic Ensemble Learning
Unknown
BSides Las Vegas 2025 · Day 1
**Jason Ford**, introducing himself as a **research engineer** at **Proofpoint** giving his **first BSides talk**, presents roughly two years of research on improving **network intrusion detection** by fixing what he argues is the real bottleneck in many machine-learning **NIDS** efforts: **feature extraction** and **generalization**. The talk contrasts classical **signature**-driven **NIDS** with **NDR**-style behavioral analytics, then proposes a three-part pipeline: a standardized feature framework derived from **raw pcaps**, training a basket of diverse classifiers, and combining them with a custom **ensemble** method he names after himself—**“Ford class”** (expanded in-slide as **Ford class-specific weighted values**). He reports validation accuracy just under **98%** for the ensemble, with emphasis on **balanced precision and recall** relative to individual models, and outlines future work including **hyperparameter** tuning for weaker models and **field testing** using a **Raspberry Pi** with channel-hopping Wi-Fi capture in a conference hotel environment.
AI review
A grounded ML-for-NIDS research talk with the right skepticism about dataset realism, a reproducible-ish pipeline story, and an ensemble trick that is simple enough to implement but not trivial to invent—exactly the BSides bar for applied research.