Jan 29, 2026, 8:10 pm @AWS Experience

Automating Network Threat Detection Using Behavioural Heuristics and Machine Learning

Modern network attacks no longer rely solely on volumetric floods or simple signatures. Malware-infected hosts, Trojan backdoors, and command-and-control channels increasingly blend into normal traffic patterns, exploiting encryption, low-and-slow behaviour, and cloud infrastructure. As a result, effective defence requires automated, behaviour-driven analysis of network telemetry rather than static rules. In this session, I present a deep technical walkthrough of applying heuristic and machine-learning techniques to network telemetry for automated threat detection, adapted from my MSc research on Trojan malware detection. The talk reframes malware detection as a network automation and analytics problem, focusing on how behavioural indicators can be extracted from network-level signals such as flow metadata, timing patterns, entropy of destinations, protocol usage, and session characteristics. Key technical topics include: Modelling malicious behaviour using network telemetry rather than payload inspection Engineering heuristic features from NetFlow, VPC Flow Logs, and firewall events Identifying anomalous beaconing, lateral movement, and covert channels Applying ML classifiers to distinguish benign automation from malicious activity Integrating detection outputs into automated response workflows Designing closed-loop systems that trigger network policy changes safely Rather than focusing on manual analysis, this session emphasises how detection logic can be automated and operationalised, enabling network teams to move from alerting to autonomous, policy-driven response. While the data originates from a security context, the techniques discussed apply directly to network observability, anomaly detection, and automation pipelines, making this session highly relevant to modern network engineers.