Activity
Time:
Special Lecture
Date:
4:00 pm –
4:50 pm
Avery Hall
Room: 115
1144 T St
Lincoln NE 68508
Lincoln NE 68508
Additional Info: AVH
Contact:
Steven Cohn, (402) 472-7223, scohn1@unl.edu
Robert Bridges (Oak Ridge National Laboratory) will present “Regulating the alert rate of anomaly detectors and other applications of math to security,” hosted by Jessie Jamieson.
Abstract: I’ll give a quick overview of my path from pure mathematics PhD research to my current position as an applied researcher using math and data science to support security operations. Next I’ll give a high-level discussion of some fun projects where we’ve applied math and data science to security applications. Finally, I’ll discuss operational obstacles of deploying online anomaly detection systems, and some mathematical developments (even a some theorems and proofs) that are new developments of myself and UNL student/ORNL intern Jessie Jamieson.
Below is the abstract for the technical portions of the talk followed by my bio.
Cyber security analysts have the unenviable task of identifying malicious activity in their network without knowledge of when or how attacks will occur. Fortunately, large scale cyber operations have widespread collection and query capabilities for an enormous amount of logging data (network flows, system logs, alerts, …). In general, our research focuses on developing data science (math, statistics, visualization, and computer science) tools to assist our cyber analysts. For example, using discriminant analysis to identify the progression of an identified attack, using graph theory to find suspicious network traffic patterns, and using anomaly detection to protect vehicles from signal-injection attacks are all recent applications of fairly simple mathematics targeting security applications. We’ll focus on operational difficulties of real-time anomaly detection in practice and some theorem-based solutions we’re developing. For this we assume a non-singular probability distribution has been given on a data set and propose an intuitive, principled approach to setting the alert threshold by 1. introducing a function from the sample space to the positive reals that scores how anomalous an event is and 2. proving that we can regulate the number of events that are flagged as anomalous, thereby circumventing the big data problem. Moreover, this approach works independently of the probability distribution, which allows comparability across distributions and needs no heuristic tuning.
Refreshments will be served in 348 Avery, 3:30-4:00. The talk is free and open to the public.
Abstract: I’ll give a quick overview of my path from pure mathematics PhD research to my current position as an applied researcher using math and data science to support security operations. Next I’ll give a high-level discussion of some fun projects where we’ve applied math and data science to security applications. Finally, I’ll discuss operational obstacles of deploying online anomaly detection systems, and some mathematical developments (even a some theorems and proofs) that are new developments of myself and UNL student/ORNL intern Jessie Jamieson.
Below is the abstract for the technical portions of the talk followed by my bio.
Cyber security analysts have the unenviable task of identifying malicious activity in their network without knowledge of when or how attacks will occur. Fortunately, large scale cyber operations have widespread collection and query capabilities for an enormous amount of logging data (network flows, system logs, alerts, …). In general, our research focuses on developing data science (math, statistics, visualization, and computer science) tools to assist our cyber analysts. For example, using discriminant analysis to identify the progression of an identified attack, using graph theory to find suspicious network traffic patterns, and using anomaly detection to protect vehicles from signal-injection attacks are all recent applications of fairly simple mathematics targeting security applications. We’ll focus on operational difficulties of real-time anomaly detection in practice and some theorem-based solutions we’re developing. For this we assume a non-singular probability distribution has been given on a data set and propose an intuitive, principled approach to setting the alert threshold by 1. introducing a function from the sample space to the positive reals that scores how anomalous an event is and 2. proving that we can regulate the number of events that are flagged as anomalous, thereby circumventing the big data problem. Moreover, this approach works independently of the probability distribution, which allows comparability across distributions and needs no heuristic tuning.
Refreshments will be served in 348 Avery, 3:30-4:00. The talk is free and open to the public.
Download this event to my calendar
This event originated in Math Colloquia.