The training introduces anomalies and basic anomaly detection methods based on data from cyber-attacks.
Content
- Data flows:
- Demonstration of a real data flow (capturing data from cyber-attacks – honeypot; storing data in databases (Elasticsearch); analysing the data flow; sampling and filtering the data; counting the elements in the flow; estimating the number of elements in the flow).
- Detection of anomalies:
- What are anomalies or. Isolates; Anomaly types; Anomaly detection challenges/tasks; Anomaly detection methods.
- Example of data stream processing:
- Using Elasticsearch database for explorative data exploration; Implementation of multi-element counting (python); Implementation of unusual event detection as an example of anomaly detection (python).
Learning objectives
- Know the cyber-attack data capture system and how to create a cyber-data stream.
- Understand data flows and methods of analysing data flows, using cyber-attacks as an example.
- Know anomalies and basic anomaly detection methods based on data from cyber-attacks.
Target group
Service designers, security analysts, R&D specialists, technical support specialists and consultants.