Corelight Labs
Research
From detecting attacks to profiling behavior, Corelight Labs creates new ways to deepen network insight and strengthen enterprise security. We work in close partnership with other innovators at Corelight, and we take pride in the robust, deeply technical capabilities we create.
Recent research
Network Detection of Interactive SSH Impostors Using Deep Learning
Impostors who have stolen a user's SSH login credentials can inflict significant harm to the systems to which the user has remote access. We consider the problem of identifying such imposters when they conduct interactive SSH logins by detecting discrepancies in the timing and sizes of the client-side data packets, which generally reflect the typing dynamics of the person sending keystrokes over the connection.
Recent research
GGFAST: Automating Generation of Flexible Network Traffic Classifiers
When employing supervised machine learning to analyze network traffic, the heart of the task often lies in developing effective features for the ML to leverage. We develop GGFAST, a unified, automated framework that can build powerful classifiers for specific network traffic analysis tasks, built on interpretable features. The framework uses only packet sizes, directionality, and sequencing, facilitating analysis in a payload-agnostic fashion that remains applicable in the presence of encryption.
Blogs from Corelight Labs
Keith J. Jones
Mar 25, 2025
Keith J. Jones
Feb 28, 2025
Keith J. Jones
Feb 14, 2025
Tillson Galloway
Sep 11, 2024
Keith J. Jones
Jul 2, 2024
Corelight Labs Team
May 17, 2024
Corelight Labs Team
Mar 20, 2024
Ben Reardon
Mar 9, 2024
To learn more about Corelight Labs, contact our team.
Get our research the minute it's published
Sign up for Corelight Labs news.