Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Four Steps to Visual Analytics for Cyber Security

No description
by

Clifton Phua

on 7 October 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Four Steps to Visual Analytics for Cyber Security

Four Steps to
Visual Analytics
for Cyber Security

4 Steps
Step 1: Data preparation
Combine
datasets
Step 2: Statistical classification & feature selection
PROC
LOGISTIC
Step 3: Visual anomaly detection
Temporal spikes
and dips
Step 4: Visual analytics
Raw
datasets
VAST 2013 Challenge
Mini-Challenge 3: Visual Analytics for Network Situation Awareness

Clifton
Jun Yao
Kelvin
Yi Chin

SAS Enterprise Guide (for data pre-processing)
SAS Enterprise Miner (for statistical classification and feature selection)
SAS Visual Analytics (for information visualization)
4 Questions
What are the key network and machine problems?
Which are key variables?
When did they occur?
Where are suspicious external IP addresses, and compromised internal servers and workstations?
4 Challenges
Data preparation
Statistical classification and feature selection
Visual analytics for visual anomaly detection
Visual analytics for drilling down into specifics
Feature
engineering
NF
(20v, 69M)
BB
(14v, 5.5M)
IPS
(13v, 16.5M)
w1 NF + BB
(74v, 8.7K)
w2 NF + BB
(74v, 7.3K)
w2 NF + BB + IPS
(129v, 7.3K)
statusVal
operation
PROC
DMINE
Prepared
data
High accuracy from all 3
logistic regression models
(R2 > 0.97)
Changes from
previous week
and day-of-week
Data with 1-minute granularity with most suspicious minutes worthy of investigation into raw datasets
Drilling down
into specifics
Line charts (with forecasting)
Correlation plots
Treemaps (with hierarchies)
Heatmaps
Bubble plots (with animation)
Full transcript