E-Book, Englisch, 182 Seiten, Format (B × H): 191 mm x 235 mm
Talabis / McPherson / Martin Information Security Analytics
1. Auflage 2014
ISBN: 978-0-12-800506-4
Verlag: Academic Press
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Finding Security Insights, Patterns, and Anomalies in Big Data
E-Book, Englisch, 182 Seiten, Format (B × H): 191 mm x 235 mm
ISBN: 978-0-12-800506-4
Verlag: Academic Press
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques.
Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covered in this book, you will be able to gain security insights into unstructured big data of any type.
The authors of Information Security Analytics bring a wealth of analytics experience to demonstrate practical, hands-on techniques through case studies and using freely-available tools that will allow you to find anomalies and outliers by combining disparate data sets. They also teach you everything you need to know about threat simulation techniques and how to use analytics as a powerful decision-making tool to assess security control and process requirements within your organization. Ultimately, you will learn how to use these simulation techniques to help predict and profile potential risks to your organization.
- Written by security practitioners, for security practitioners
- Real-world case studies and scenarios are provided for each analytics technique
- Learn about open-source analytics and statistical packages, tools, and applications
- Step-by-step guidance on how to use analytics tools and how they map to the techniques and scenarios provided
- Learn how to design and utilize simulations for "what-if" scenarios to simulate security events and processes
- Learn how to utilize big data techniques to assist in incident response and intrusion analysis
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Chapter 1: Analytics Defined
Chapter 2: Primer on Analytics Software and Tools
Chapter 3: Analytics and Incident Response
Chapter 4: Simulations and Security Processes
Chapter 5: Access Analytics
Chapter 6: Technical Risk Profiling
Chapter 7: Security Intelligence and Next Steps
Chapter 1 Analytics Defined
Abstract
Knowledge of analytical methods and techniques is essential for uncovering hidden patterns in security-related data. Analytical techniques range from simple descriptive statistics, data visualization methods, and statistical analysis algorithms such as regression, correlation analysis, and support vector machines. The field of analytics is broad. This chapter will focus on methods particularly useful for discovering security breaches and attacks, and which can be implemented with either free or commonly available software. As there are unlimited ways that an attacker can compromise a system, analysts also need a toolkit of techniques to be creative in analyzing security data. Among tools available for creative analysis, we will examine analytical programming languages allowing an analysts to customize analytical procedures and applications. The concepts introduced in this chapter will provide you with a framework for security analysis, along with useful methods and tools. Keywords
Big data; CSV; Databases; Distributed file system; Hadoop; Hive; Hive query language; HQL; JSON; Machine learning; MapReduce; Neural networks; Pig; Principal components analysis; Relational database; security analytics; SQL; Statistics; Structured data; Structured query language; Supervised learning; Support vector machines; Text mining; Unstructured data; Unsupervised learning; XML Information in this Chapter ? Introduction to Security Analytics ? Analytics Techniques ? Data and Big Data ? Analytics in Everyday Life ? Analytics in Security ? Security Analytics Process Introduction to Security Analytics
The topic of analysis is very broad, as it can include practically any means of gaining insight from data. Even simply looking at data to gain a high-level understanding of it is a form of analysis. When we refer to analytics in this book, however, we are generally implying the use of methods, tools, or algorithms beyond merely looking at the data. While an analyst should always look at the data as a first step, analytics generally involves more than this. The number of analytical methods that can be applied to data is quite broad: they include all types of data visualization tools, statistical algorithms, querying tools, spreadsheet software, special purpose software, and much more. As you can see, the methods are quite broad, so we cannot possibly cover them all. For the purposes of this book, we will focus on the methods that are particularly useful for discovering security breaches and attacks, which can be implemented with either for free or using commonly available software. Since attackers are constantly creating new methods to attack and compromise systems, security analysts need a multitude of tools to creatively address this problem. Among tools available, we will examine analytical programming languages that enable analysts to create custom analytical procedures and applications. The concepts in this chapter introduce the frameworks useful for security analysis, along with methods and tools that will be covered in greater detail in the remainder of the book. Concepts and Techniques in Analytics
Analytics integrates concepts and techniques from many different fields, such as statistics, computer science, visualization, and research operations. Any concept or technique allowing you to identify patterns and insights from data could be considered analytics, so the breadth of this field is quite extensive. In this section, high-level descriptions of some of the concepts and techniques you will encounter in this book will be covered. We will provide more detailed descriptions in subsequent chapters with the security scenarios. General Statistics
Even simple statistical techniques are helpful in providing insights about data. For example, statistical techniques such as extreme values, mean, median, standard deviations, interquartile ranges, and distance formulas are useful in exploring, summarizing, and visualizing data. These techniques, though relatively simple, are a good starting point for exploratory data analysis. They are useful in uncovering interesting trends, outliers, and patterns in the data. After identifying areas of interest, you can further explore the data using advanced techniques. We wrote this book with the assumption that the reader had a solid understanding of general statistics. A search on the Internet for “statistical techniques” or “statistics analysis” will provide you many resources to refresh your skills. In Chapter 4, we will use some of these general statistical techniques. Machine Learning
Machine learning is a branch of artificial intelligence dealing with using various algorithms to learn from data. “Learning” in this concept could be applied to being able to predict or classify data based on previous data. For example, in network security, machine learning is used to assist with classifying email as a legitimate or spam. In Chapters 3 and 6, we will cover techniques related to both Supervised Learning and Unsupervised Learning. Supervised Learning
Supervised learning provides you with a powerful tool to classify and process data using machine language. With supervised learning you use labeled data, which is a data set that has been classified, to infer a learning algorithm. The data set is used as the basis for predicting the classification of other unlabeled data through the use of machine learning algorithms. In Chapter 5, we will be covering two important techniques in supervised learning: ? Linear Regression, and ? Classification Techniques. Linear Regression Linear regression is a supervised learning technique typically used in predicting, forecasting, and finding relationships between quantitative data. It is one of the earliest learning techniques, which is still widely used. For example, this technique can be applied to examine if there was a relationship between a company’s advertising budget and its sales. You could also use it to determine if there is a linear relationship between a particular radiation therapy and tumor sizes. Classification Techniques The classification techniques that will be discussed in this section are those focused on predicting a qualitative response by analyzing data and recognizing patterns. For example, this type of technique is used to classify whether or not a credit card transaction is fraudulent. There are many different classification techniques or classifiers, but some of the widely used ones include: ? Logistic regression, ? Linear discriminant analysis, ? K-nearest neighbors, ? Trees, ? Neural Networks, and ? Support Vector Machines. Unsupervised Learning
Unsupervised learning is the opposite of supervised learning, where unlabeled data is used because a training set does not exist. None of the data can be presorted or preclassified beforehand, so the machine learning algorithm is more complex and the processing is time intensive. With unsupervised learning, the machine learning algorithm classifies a data set by discovering a structure through common elements in the data. Two popular unsupervised learning techniques are Clustering and Principal Components Analysis. In Chapter 6, we will demonstrate the Clustering technique. Clustering Clustering or cluster analysis is a type of Unsupervised Learning technique used to find commonalities between data elements that are otherwise unlabeled and uncategorized. The goal of clustering is to find distinct groups or “clusters” within a data set. Using a machine language algorithm, the tool creates groups where items in a similar group will, in general, have similar characteristics to each other. A few of the popular clustering techniques include: ? K-Means Clustering, and ? Hierarchical Clustering. Principal Components Analysis Principal components analysis is an Unsupervised Learning technique summarizing a large set of variables and reducing it into a smaller representative variables, called “principal components.” The objective of this type of analysis is to identify patterns in data and express their similarities and differences through their correlations. Simulations
A computer simulation (or “sim”) is an attempt to model a real-life or hypothetical situation on a computer so that it can be studied to see how the system works. Simulations can be used for optimization and “what if” analysis to study various scenarios. There are two types of simulations: ? System Dynamics ? Discrete Event Simulations In Chapter 4, we will be dealing specifically with Discrete Event Simulations, which simulates an operation as a discrete sequence of events in time. Text Mining
Text mining is based on a variety of advance techniques stemming from statistics, machine learning and linguistics. Text mining utilizes interdisciplinary techniques to find patterns and trends in “unstructured data,” and is more commonly attributed but not limited to textual information. The goal...
