Abstract: Enterprise network defense is providing great opportunities for the development and deployment of statistical and machine learning methods. Such methods are intended to complement existing defenses, such as firewalls, virus scanners, and intrusion detection systems – which are predominantly signature-based. The role of data analysis methods is to provide enhanced situation awareness, by providing monitoring and alerting mechanisms to detect departures from “normal” behavior. In developing analytics in this context, a variety of challenging problems need to be addressed, including the volume and velocity of the data, high levels of heterogeneity, temporal variation, and more. We review aspects of the problem and characteristics of the various data sources. At present, the vision of jointly modelling various data sources at different levels of network abstraction, appears out of reach due to data volume and timeliness concerns. Instead, we describe a set of novel, and often simple, analytics that operate within different levels of the abstract hierarchy.
Bio: Niall Adams is Professor of Statistics, and head of the Statistics section, in the Department of Mathematics at Imperial College. His research focusses on statistical methodology, particularly streaming data and pattern recognition. His primary application focus relates to statistical monitoring and anomaly detection for enterprise cyber-security.
From 2011-2016, he acted as team lead for the data mining group at the Heilbronn Institute for Mathematical Research (HIMR) at the University of Bristol. This involved methodological work on cyber-security problems related to national security. He continues to act as a consultant to HIMR. In 2010, he was awarded the Winton research prize for his work on streaming data analysis.
Adams has been associate editor for a number of journals and served, until recently, as editor-in-chief of Statistical Analysis and Data Mining - the official data science journal of the American Statistical Association. He has published 80 papers in refereed journals and conferences, and edited 8 volumes