Applying data science to identify malicious actors in enterprise logs presented at bsidesdc 2016

by Balaji Balakrishnan,

Summary : Applying data science to identify malicious actors in enterprise logs
The presentation will provide guidelines on information security data science insights with repeatable process and examples on visualizing and applying machine leaning to information security data for identifying malicious actors. One of the key strengths of security teams is access to enterprise log data, meta-data, network traffic data, and netflow data. The challenge is finding and isolating the bad actors from legitimate traffic. Security professionals can benefit by applying machine learning and data science on enterprise data to find anomalies and identify patterns which will be helpful in isolating events which might indicate compromise. Steps involved in applying machine learning algorithms are to visualize and combine data cleansing with clever feature engineering, choose right metric/method for estimating model performance and then spend a lot of time tuning the parameters.