data analysis machine learning bro and you
play

Data Analysis, Machine Learning, Bro and You! Together again like - PowerPoint PPT Presentation

Oct 18, 2023 •447 likes •705 views

Data Analysis, Machine Learning, Bro and You! Together again like never before... Presenter Brian Wylie Working at Kitware Inc. Background in Information Security and Vis Likes open source and mixed Corgis Whats the point of this talk?

  1. Data Analysis, Machine Learning, Bro and You! Together again like never before...

  2. Presenter Brian Wylie Working at Kitware Inc. Background in Information Security and Vis Likes open source and mixed Corgis

  3. What’s the point of this talk? Provide software classes and examples that make the path from Bro Network data to the popular data analysis and machine learning libraries easy . When you say easy , what do you mean? One line of code: Bro Log à Pandas DataFrame Pandas DataFrame with all the right types and timestamp as index

  4. What’s the intended audience? • People who like Python • Interested in Pandas, scikit-learn, Spark, Parquet • Hate seeing examples on Iris data or TF-IDF • Frustrated when trying to use your own data • Want easy examples using Bro!

  5. Are you going to show super scalable blah? • Presentation will talk about Pandas, Scikit-Learn • We also have classes/notebooks on: • Kafka • Parquet • Spark • We’ll show a some of this stuff… Please see tomorrow’s great Talk J 3:30 p.m. Spark and Bro: When Bro-Cut Won’t Cut It Eric Dull, Joseph Mosby, & Brian Sacash; Deloitte & Touche

  6. Talk Outline What is the best way to do data science on Bro Network data? ● Big Picture ● Software Bridges • Bro to Python • Bro to Pandas • Bro to Scikit-Learn ● Example: Anomaly Detection I’m not sure… Ahhh!!! ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  7. Security Data → Data Analysis and Machine Learning Data flow diagram of how Pandas and Scikit-Learn are used. ● DataFrame = Pandas ● Numpy array = Scikit-Learn JSON Agents Packets Logs Bro IDS DataFrame numpy array Stats Filtering Grouping Vis/Plots Clustering Anomaly Stats ML

  8. You guys haven't seen Talk Outline my rabbit have you? ● Big Picture ● Software Bridges (BAT) ○ Bro to Python ○ Bro to Pandas ○ Bro to Scikit-Learn ● Example: Anomaly Detection ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  9. What is BAT? A simple to use Python Module that makes getting Bro data into popular data Bro Analysis analysis and ML package super easy! Tools $ pip install bat https://github.com/Kitware/bat Who’s Kitware? ● ~130 people, offices around the world ● Developing and supporting open source software for 25 years ● New information security program ● Summer Internships available J

  10. You guys haven't seen Talk Outline my rabbit have you? ● Big Picture ● Software Bridges ○ Bro to Python ○ Bro to Pandas ○ Bro to Scikit-Learn ● Example: Anomaly Detection ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  11. Hello World from pprint import pprint from bat import bro_log_reader Step 1: $ pip install bat Step 2: Write a few lines of code # Run the bro reader on a given log file reader = bro_log_reader.BroLogReader('dhcp.log') Step 3: There is no step 3... for row in reader.readrows(): pprint(row) <<< Output >>> Output: Streaming (generator) of {'assigned_ip': '192.168.84.10', 'id.orig_h': '192.168.84.10', Python dictionaries with the 'id.orig_p': 68, proper type conversions. 'id.resp_h': '192.168.84.1', 'id.resp_p': 67, 'lease_time': datetime.timedelta(49710, 23000), 'mac': '00:20:18:eb:ca:54', 'trans_id': 495764278, 'ts': datetime.datetime(2012, 7, 20, 3, 14, 12, 219654), 'uid': 'CJsdG95nCNF1RXuN5'}

  12. What’s a Pandas? Talk Outline ● Big Picture ● Software Bridges ○ Bro to Python ○ Bro to Pandas ○ Pandas to Scikit-Learn ● Example: Anomaly Detection ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  13. Pandas DataFrames “Pandas is a Python package providing fast, flexible, and expressive data structures designed to make working with relational or labeled data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world data analysis in Python.” Demo: Bro To Pandas

  14. Scikit whatcha? Talk Outline ● Big Picture ● Software Bridges ○ Bro to Python ○ Python to Pandas ○ Pandas to Scikit-Learn ● Example: Anomaly Detection ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  15. Scikit-Learn “Scikit-learn is a free software machine learning library for the Python programming language. It features various classification, regression and clustering algorithms including support vector machines, random forests, gradient boosting, k-means and DBSCAN, and is designed to interoperate with the Python numerical and scientific libraries NumPy and SciPy.” ● We create numpy ndarrays with proper handling of both categorical and numeric types. Our DataFrameToMatrix class supports fit, fit_transform, and transform methods. ● Internal maps for categorical ‘one-hot’ encoding and numerical normalization means that serialization and train/evaluate use cases are supported. Demo: Bro To Scikit

  16. Talk Outline One fish is red.. You don’t need machine learning for that! ● Big Picture ● Software Bridges ○ Bro to Python ○ Python to Pandas ○ Pandas to Scikit-Learn ● Example: Anomaly Detection ○ Bro DNS and HTTP logs ○ Categorical and Numeric Data ○ Clustering ○ Isolation Forests

  17. Anomaly Detection Popular Mental Images Popular Misconception: It’s going to show me ‘bad’ stuff

  18. Anomaly Detection Just gets you to base camp... ~.01%: Possibly Malicious (Recommender System) ~1%: Interesting traffic (Organization + User Feedback) Interesting ~5%: Anomalous traffic (Anomaly Detection) Anomalous Base Camp ~95%: Normal network traffic that can Normal Network be filtered out early in the pipeline Traffic Raw Network Traffic 100%: All Traffic (unknown mix)

  19. Normal to Anomalous Anomaly Detection Bro IDS Output Anomalous DataFrame Normal Network Example: 1M HTTP Logs to Traffic Matrix Conversion 10k anomalous rows * Challenges: I-Forests ● Streaming Data Output: ● Data Volume Anomalous ● Categorical and Numerical Types ● 1-5% of data DNS/HTTP ● Efficient DataFrame/Matrix conversions ● Uncommon (by def) ● Good Base Camp * http://github.com/Kitware/bat/blob/master/notebooks/Anomaly_Detection.ipynb

  20. Isolation Forests: Anomaly Detection 4 Divisions (anomalous) 9 Divisions (not anomalous) https://github.com/Kitware/bat/blob/master/notebooks/Anomaly_Detection.ipynb

  21. Anomalous to Interesting Organization + User Feedback Anomalous Example: 10k rows clustered and DNS/HTTP organized for displayed to user * Interesting Organization and Anomalous Clustering Display and Challenges: Feedback* ● Streaming Data ● Organization and Clustering Interesting Output: ● Engaging the Human ● User Interface and Feedback* ● Fraction of 1%-5% ● Clustered/organized * Feedback will be used in the next phase of the pipeline ● Ready for Feedback* * http://github.com/Kitware/bat/blob/master/notebooks/Anomaly_Detection.ipynb

  22. Demo: Anomaly Detection https://github.com/Kitware/bat/blob/master/notebooks/Bro_to_Scikit.ipynb https://github.com/Kitware/bat/blob/master/notebooks/Anomaly_Detection.ipynb

  23. Demo: Bro to Kafka to Spark https://github.com/Kitware/bat/blob/master/notebooks/Bro_to_Kafka_to_Spark.ipynb

  24. Demo: Bro to Parquet to Spark https://github.com/Kitware/bat/blob/master/notebooks/Bro_to_Parquet_to_Spark.ipynb

  25. Questions/Comments?

Recommend

Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data

Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data

Machine Learning Anders Holst SICS Big Data Analytics Analysis Big Data Big Value Big Data Analytics Analysis Big Data Big Value Real world Question Data Model Conclusion Machine Learning Use real data to train a model, which can

625 views • 27 slides
CMSC320 Introduction to Data One thing we might want to What data is available? What is the

CMSC320 Introduction to Data One thing we might want to What data is available? What is the

An Illustrative Analysis Business First Data Science in Society Abstracting the analysis Abstracting the analysis Data Science in Society: Data Journalism Data Science in Society: Machine Learning Data Science in Society: Machine Learning

921 views • 69 slides
Machine learning for CalabiYau manifolds Harold Erbin Asc , Lmu (Germany) Machine Learning

Machine learning for CalabiYau manifolds Harold Erbin Asc , Lmu (Germany) Machine Learning

Machine learning for CalabiYau manifolds Harold Erbin Asc , Lmu (Germany) Machine Learning Landscape, Ictp , Trieste 12th December 2018 1 / 35 Outline: 1. Motivations Motivations Machine learning CalabiYau 3-folds Data analysis ML

500 views • 46 slides
Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine

CS573 Data Privacy and Security Differential Privacy Machine Learning Li Xiong Big Data + Machine Learning + Machine Learning Under Adversarial Settings Data privacy/confidentiality attacks membership attacks, model inversion

3.44k views • 63 slides
Introduction to machine learning COMS 4721 Learning from data Machine learning : the study

Introduction to machine learning COMS 4721 Learning from data Machine learning : the study

Introduction to machine learning COMS 4721 Learning from data Machine learning : the study of computational mechanisms that learn from data in order to make predictions and decisions. Example 1: image classification A birdwatcher

932 views • 14 slides
An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning http://www.cs.iastate.edu/~cs573x/bbsilab.html Machine Learning Software Preparing Data Building Classifiers Interpreting Results Machine Learning Software

496 views • 26 slides
Machine Learning Track Data Analytics, Machine Learning and HPC in todays changing

Machine Learning Track Data Analytics, Machine Learning and HPC in todays changing

Intel HPC Developer Convention Salt Lake City 2016 Machine Learning Track Data Analytics, Machine Learning and HPC in todays changing application environment Franz J. Kirly (practical) An overview of data analytics DATA Scientific

550 views • 27 slides
Better Machine Learning Through Data Sa Saleema ema Amershi shi Machine T eaching Group

Better Machine Learning Through Data Sa Saleema ema Amershi shi Machine T eaching Group

Better Machine Learning Through Data Sa Saleema ema Amershi shi Machine T eaching Group Microsoft Research August 14, 2016 Making better sense of data. Better data makes better machine learning. Data + Algorithm = Model Data Algorithm

1.16k views • 81 slides
MACHINE LEARNING Kernel Canonical Correlation Analysis 1 ADVANCED MACHINE LEARNING ADVANCED

MACHINE LEARNING Kernel Canonical Correlation Analysis 1 ADVANCED MACHINE LEARNING ADVANCED

ADVANCED MACHINE LEARNING ADVANCED MACHINE LEARNING MACHINE LEARNING Kernel Canonical Correlation Analysis 1 ADVANCED MACHINE LEARNING ADVANCED MACHINE LEARNING Structure of todays and next weeks class 1) Briefly go through one

613 views • 28 slides
Machine Learning Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Analysis What kind

Machine Learning Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Analysis What kind

Data Summarization and Machine Learning Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Analysis What kind of analysis is best for your application? Counting how many times does something happen? Probabilities how

853 views • 58 slides
x ? Machine Learning 5/4/20 Tim Althoff, UW CS547: Machine Learning for Big Data,

x ? Machine Learning 5/4/20 Tim Althoff, UW CS547: Machine Learning for Big Data,

? ? x ? Machine Learning 5/4/20 Tim Althoff, UW CS547: Machine Learning for Big Data, http://www.cs.washington.edu/cse547 2 ? ? ? ? Machine Learning ? Node classification 5/4/20 Tim Althoff, UW CS547: Machine Learning for Big Data,

755 views • 53 slides
Machine learning for machine data David Andrzejewski - @davidandrzej

Machine learning for machine data David Andrzejewski - @davidandrzej

Machine learning for machine data David Andrzejewski - @davidandrzej Data Sciences, Sumo Logic Strata Conference Machine Data Track February 13, 2014 1

1.1k views • 72 slides
ONLINE MACHINE LEARNING AND DATA MINING EDO LIBERTY STANDARD MACHINE LEARNING SETTING =

ONLINE MACHINE LEARNING AND DATA MINING EDO LIBERTY STANDARD MACHINE LEARNING SETTING =

ONLINE MACHINE LEARNING AND DATA MINING EDO LIBERTY STANDARD MACHINE LEARNING SETTING = call = ? = crawl Training Test Data Data Train call Apply Model Label 2 STANDARD MACHINE LEARNING SETTING Predicting the future

746 views • 51 slides
Machine Learning and Econometrics Hal Varian Jan 2014 Definitions Machine learning, data

Machine Learning and Econometrics Hal Varian Jan 2014 Definitions Machine learning, data

Machine Learning and Econometrics Hal Varian Jan 2014 Definitions Machine learning, data mining, predictive analytics, etc. all use data to predict some variable as a function of other variables. May or may not care about insight,

609 views • 44 slides
Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is

Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is

Machine Learning for Malware Analysis Andrew Davis Data Scientist Introduction - What is Malware? - Software intended to cause harm or inflict damage on computer systems - Many different kinds: - Viruses - Adware/Spyware - Backdoors -

904 views • 30 slides
Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is

Machine Learning for Malware Analysis Mike Slawinski Data Scientist Introduction - What is Malware? - Software intended to cause harm or inflict damage on computer systems - Many different kinds: - Adware/Spyware - Backdoors - Viruses

383 views • 26 slides
Topological Data Analysis A Framework for Machine Learning Samarth Bansal (11630) Deepak

Topological Data Analysis A Framework for Machine Learning Samarth Bansal (11630) Deepak

Topological Data Analysis A Framework for Machine Learning Samarth Bansal (11630) Deepak Choudhary (11234) Motivation Ayasdi was started in 2008 to bring a groundbreaking new approach to solving the worlds most complex problems after a

420 views • 17 slides
Symbolic Differentiation for Rapid Model Prototyping in Machine Learning and Data Analysis a

Symbolic Differentiation for Rapid Model Prototyping in Machine Learning and Data Analysis a

Symbolic Differentiation for Rapid Model Prototyping in Machine Learning and Data Analysis a Hands-on Tutorial Yarin Gal yg279@cam.ac.uk November 13th, 2014 A TALK IN TWO ACTS , based on the online tutorial

555 views • 51 slides
Natural Analysts in Adaptive Data Analysis Tijana Zrnic joint with Moritz Hardt Adaptivity

Natural Analysts in Adaptive Data Analysis Tijana Zrnic joint with Moritz Hardt Adaptivity

Natural Analysts in Adaptive Data Analysis Tijana Zrnic joint with Moritz Hardt Adaptivity in Machine Learning Adaptivity in Machine Learning data analyst with training data Adaptivity in Machine Learning model data analyst with

819 views • 81 slides
Modeling and Representing Negation in Data-driven Machine Learning-based Sentiment Analysis

Modeling and Representing Negation in Data-driven Machine Learning-based Sentiment Analysis

Modeling and Representing Negation in Data-driven Machine Learning-based Sentiment Analysis Robert Remus rremus@informatik.uni-leipzig.de Natural Language Processing Group Department of Computer Science University of Leipzig, Germany

357 views • 16 slides
MACHINE LEARNING Slide adapted from learning from data book and course, and Berkeley cs188 by Dan

MACHINE LEARNING Slide adapted from learning from data book and course, and Berkeley cs188 by Dan

MACHINE LEARNING Slide adapted from learning from data book and course, and Berkeley cs188 by Dan Klein, and Pieter Abbeel Machine Learning ?? Learning from data Tasks: Prediction Classification Recognition Focus on

691 views • 36 slides
Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar,

Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar,

Machine Learning Techniques for HEP Data Analysis with T MVA Andreas Hoecker ( * ) (CERN) Seminar, LAL Orsay, June 21, 2007 ( * ) On behalf of the author team: A. Hoecker, P. Speckmayer, J. Stelzer, F. Tegenfeldt, H. Voss, K. Voss And the

700 views • 48 slides
Effectiveness of Deep Learning Vs. Machine Learning in a Health Care Use Case RxToDx A Data

Effectiveness of Deep Learning Vs. Machine Learning in a Health Care Use Case RxToDx A Data

Effectiveness of Deep Learning Vs. Machine Learning in a Health Care Use Case RxToDx A Data Science Machine Learning/Deep Learning Show Case Dima Rekesh/Julie Zhu/Ravi Rajagopalan Optum Technology November, 2017 Analytics Machine

483 views • 32 slides
Big Data Analytics 1. Rapid development: HEP at new level of Big Data Analysis 2. Education:

Big Data Analytics 1. Rapid development: HEP at new level of Big Data Analysis 2. Education:

deep learning in particle &amp; astroparticle physics Big Data Analytics 1. Rapid development: HEP at new level of Big Data Analysis 2. Education: Anchoring machine learning in curriculum 3. Funding: Competence networks of various disciplines

542 views • 24 slides

More recommend