SlideShare a Scribd company logo

Cyber Attacks Spatial Analysis

Download as PPTX, PDF
S
Shwetha Narayanan

This document summarizes a project analyzing cyber attack hotspots in real time from streaming data. It discusses using anti-virus company data at 4000-6000 events per minute, scaling up using augmented data, and calculating Getis-Ord scores to identify statistically significant clusters of attacks. It also covers implementing a data pipeline using Kafka streams, handling different data formats with custom serializers, and addressing errors like inability to create internal topics. Screenshots show examples of visualizing hotspots and trends.

Data & Analytics
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Cyber Attacks Analysis Shwetha Narayanan Insight Data Engineering Fellow New York – Summer 2017 Real Time Analysis of Cyber Attack Hotspots
Motivation
Streaming Data Source • Anti-virus software companies • Augmented data to scale • 4000 - 6000 events per minute • Scaled up to 100,000 events per minute
Streaming Data Source • Content –Attack Type •Malware •DDOS •Backdoor –Location Information of victim and attacker
Metric for Hotspot Analysis Getis - Ord
Getis - Ord • Used when you have geospatial data • Calculates statistical significant clusters based on a feature • Estimate a Gi Score for every space in the region – Higher Gi score => Significant Hotspot • Compares the feature score of current cell and it’s neighbors with sum of all feature values
Getis Ord – Gi Score • Steps to Calculate – Divide the space into cells – Accumulate attack counts in each cell – Calculate Gi Score • Blue vs Green – Blue is surrounded by cells of higher attack count 5 3 2 4 1 5 10 14 9 9 10 1 2
Interactive Query • Find events within a radius of 10 miles – Calculate Bounding box Bounding box • min(x), max(x), min(y), max(y) • Based on earth’s spherical radius at that point
Data Pipeline Cyber Attacks Streaming Data Source
Demo
Kafka Streams Technical Challenges • Streams application should provide Serializers and Deserializers to materialize the data – Read input from stream / Write to stream • Built in serializers are: String, Integer, Long, Double
How to work with other data formats?
Deserializer for other data formats
Creating a Serde - SerializerDeserializer
Kafka Streams Technical Challenges • Kafka Streams Errors – Internal Topic Error - Cannot create internal topics • User permissions to create topics - Stack Overflow • Set Group ID and Application ID • Used for co-ordinating between instances
About Me - Shwetha Narayanan • Recently graduated with Masters in Computer Science • Worked for 2 years as a Software Engineer • Co-authored a paper on “Enabling Real time crime intelligence using mobile GIS and prediction methods”, EISIC, 2013
Screenshots - Hotspots
Screenshots - Cyber Attack Trends
Getis Score - Calculation
Bounding Box calculation acos(sin(input_lat) * sin(Lat) + cos(input_lat) * cos(Lat) * cos(Lon - (input_lon))) * 6371 <= 1000;

More Related Content

PPTX
mcubed london - data science at the edge
Simon Elliston Ball
 
PDF
Large Scale Stream Analytics using a Resource-constrained Edge
Gabriele Di Bernardo
 
PPTX
Oozma kappa
Sahara Ali
 
DOCX
Enabling Efficient and Geometric Range Query with Access Control over Encrypt...
JAYAPRAKASH JPINFOTECH
 
PPTX
Final ppt
dikshagupta111
 
PPTX
Building Scalable Aggregation Systems
Jared Winick
 
PPTX
Solving Cyber at Scale
DataWorks Summit/Hadoop Summit
 
PPTX
Apache Spot
Austin Leahy
 
mcubed london - data science at the edge
Simon Elliston Ball
 
Large Scale Stream Analytics using a Resource-constrained Edge
Gabriele Di Bernardo
 
Oozma kappa
Sahara Ali
 
Enabling Efficient and Geometric Range Query with Access Control over Encrypt...
JAYAPRAKASH JPINFOTECH
 
Final ppt
dikshagupta111
 
Building Scalable Aggregation Systems
Jared Winick
 
Solving Cyber at Scale
DataWorks Summit/Hadoop Summit
 
Apache Spot
Austin Leahy
 

What's hot (19)

PDF
Khan farhan cv
farhan0039
 
PDF
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Databricks
 
PDF
Lakesh_resume_02-07
LakeshBiyala
 
PPTX
Event streaming pipeline with Windows Azure and ArcGIS Geoevent extension
Roberto Messora
 
DOCX
Dynamic Multi-Keyword Ranked Search Based on Bloom Filter Over Encrypted Clou...
JAYAPRAKASH JPINFOTECH
 
PDF
Deep Learning for Public Safety in Chicago and San Francisco
Sri Ambati
 
PDF
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
 
PPT
Complex Event Processing with Esper
Matthew McCullough
 
PPTX
Deploy Deep Learning Models with TensorFlow + Lambda
Greg Werner
 
PPT
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
PPTX
Trend-Based Networking Driven by Big Data Telemetry for Sdn and Traditional N...
ijngnjournal
 
PPTX
Random4 and hirshberg algorithm
nishant kumar
 
PDF
Large-Scale Malicious Domain Detection with Spark AI
Databricks
 
PPTX
Bioinformatics Data Pipelines built by CSIRO on AWS
Lynn Langit
 
PPTX
XGSN: An Open-source Semantic Sensing Middleware for the Web of Things
Jean-Paul Calbimonte
 
PDF
Distributed Near Real-Time Processing of Sensor Network Data Flows for Smart ...
Otávio Carvalho
 
PPTX
Event Processing Using Semantic Web Technologies
Mikko Rinne
 
PDF
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
Evan Lin
 
PDF
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Khan farhan cv
farhan0039
 
Deep Learning in Security—An Empirical Example in User and Entity Behavior An...
Databricks
 
Lakesh_resume_02-07
LakeshBiyala
 
Event streaming pipeline with Windows Azure and ArcGIS Geoevent extension
Roberto Messora
 
Dynamic Multi-Keyword Ranked Search Based on Bloom Filter Over Encrypted Clou...
JAYAPRAKASH JPINFOTECH
 
Deep Learning for Public Safety in Chicago and San Francisco
Sri Ambati
 
October 2014 Webinar: Cybersecurity Threat Detection
Sqrrl
 
Complex Event Processing with Esper
Matthew McCullough
 
Deploy Deep Learning Models with TensorFlow + Lambda
Greg Werner
 
VeriSign iDefense Security Intelligence Services
TechBiz Forense Digital
 
Trend-Based Networking Driven by Big Data Telemetry for Sdn and Traditional N...
ijngnjournal
 
Random4 and hirshberg algorithm
nishant kumar
 
Large-Scale Malicious Domain Detection with Spark AI
Databricks
 
Bioinformatics Data Pipelines built by CSIRO on AWS
Lynn Langit
 
XGSN: An Open-source Semantic Sensing Middleware for the Web of Things
Jean-Paul Calbimonte
 
Distributed Near Real-Time Processing of Sensor Network Data Flows for Smart ...
Otávio Carvalho
 
Event Processing Using Semantic Web Technologies
Mikko Rinne
 
iThome Cloud Summit: The next generation of data center: Machine Intelligent ...
Evan Lin
 
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Ad

Similar to Cyber Attacks Spatial Analysis (20)

PDF
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
PPTX
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
 
PDF
System Support for Internet of Things
HarshitParkar6677
 
PDF
Solving Cybersecurity at Scale
DataWorks Summit
 
PDF
SPEC-1_Deteksi Situs Judi Online_sys1_drat_ENGLISH.pdf
Deddy Ratnanto
 
PDF
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
PDF
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Priyanka Aash
 
PPTX
Intrusion detection using data mining
balbeerrawat
 
PDF
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
PDF
SPAR 2015 - Civil Maps Presentation by Sravan Puttagunta
Sravan Puttagunta
 
PDF
Using Data Science for Cybersecurity
VMware Tanzu
 
PDF
Approximation Data Structures for Streaming Applications
Debasish Ghosh
 
PPTX
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Graeme Jenkinson
 
PPSX
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
PDF
Bertenthal
Jesse Lingeman
 
PPTX
SVA-Review-final-pjhjhfhjhsjdshublic.pptx
DevuDevugowda
 
PPTX
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
CREST
 
PDF
High Availability HPC ~ Microservice Architectures for Supercomputing
inside-BigData.com
 
PDF
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
Splend
 
PPTX
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit
 
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty
 
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
 
System Support for Internet of Things
HarshitParkar6677
 
Solving Cybersecurity at Scale
DataWorks Summit
 
SPEC-1_Deteksi Situs Judi Online_sys1_drat_ENGLISH.pdf
Deddy Ratnanto
 
DataStax and Esri: Geotemporal IoT Search and Analytics
DataStax Academy
 
Transfer Learning: Repurposing ML Algorithms from Different Domains to Cloud ...
Priyanka Aash
 
Intrusion detection using data mining
balbeerrawat
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Big Data Spain
 
SPAR 2015 - Civil Maps Presentation by Sravan Puttagunta
Sravan Puttagunta
 
Using Data Science for Cybersecurity
VMware Tanzu
 
Approximation Data Structures for Streaming Applications
Debasish Ghosh
 
Applying Provenance in APT Monitoring and Analysis Practical Challenges for S...
Graeme Jenkinson
 
Secure and Privacy-Preserving Big-Data Processing
Shantanu Sharma
 
Bertenthal
Jesse Lingeman
 
SVA-Review-final-pjhjhfhjhsjdshublic.pptx
DevuDevugowda
 
Mining Software Repositories for Security: Data Quality Issues Lessons from T...
CREST
 
High Availability HPC ~ Microservice Architectures for Supercomputing
inside-BigData.com
 
DHPA Techday 2015 - Maciej Korczyński - Reputation Metrics Design to Improve ...
Splend
 
Building the High Speed Cybersecurity Data Pipeline Using Apache NiFi
DataWorks Summit
 
Ad

Recently uploaded (20)

PDF
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
PDF
Lecture1 pattern recognition............
ZafriFarid
 
PPTX
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
PPT
ISS -ESG Data flows What is ESG and HowHow
lucandthemachine
 
PDF
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PDF
Business Analytics and business intelligence.pdf
khalidisah4750
 
PPTX
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PDF
Introduction to the R Programming Language
Suraj Patil
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PPTX
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
PPTX
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
ngaviet5
 
Lecture1 pattern recognition............
ZafriFarid
 
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
ISS -ESG Data flows What is ESG and HowHow
lucandthemachine
 
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
Business Analytics and business intelligence.pdf
khalidisah4750
 
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
Introduction to the R Programming Language
Suraj Patil
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
Supervised vs unsupervised machine learning algorithms
agarwal18harsh08
 
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 

Cyber Attacks Spatial Analysis

  • 1. Cyber Attacks Analysis Shwetha Narayanan Insight Data Engineering Fellow New York – Summer 2017 Real Time Analysis of Cyber Attack Hotspots
  • 3. Streaming Data Source • Anti-virus software companies • Augmented data to scale • 4000 - 6000 events per minute • Scaled up to 100,000 events per minute
  • 4. Streaming Data Source • Content –Attack Type •Malware •DDOS •Backdoor –Location Information of victim and attacker
  • 6. Getis - Ord • Used when you have geospatial data • Calculates statistical significant clusters based on a feature • Estimate a Gi Score for every space in the region – Higher Gi score => Significant Hotspot • Compares the feature score of current cell and it’s neighbors with sum of all feature values
  • 7. Getis Ord – Gi Score • Steps to Calculate – Divide the space into cells – Accumulate attack counts in each cell – Calculate Gi Score • Blue vs Green – Blue is surrounded by cells of higher attack count 5 3 2 4 1 5 10 14 9 9 10 1 2
  • 8. Interactive Query • Find events within a radius of 10 miles – Calculate Bounding box Bounding box • min(x), max(x), min(y), max(y) • Based on earth’s spherical radius at that point
  • 10. Demo
  • 11. Kafka Streams Technical Challenges • Streams application should provide Serializers and Deserializers to materialize the data – Read input from stream / Write to stream • Built in serializers are: String, Integer, Long, Double
  • 12. How to work with other data formats?
  • 13. Deserializer for other data formats
  • 14. Creating a Serde - SerializerDeserializer
  • 15. Kafka Streams Technical Challenges • Kafka Streams Errors – Internal Topic Error - Cannot create internal topics • User permissions to create topics - Stack Overflow • Set Group ID and Application ID • Used for co-ordinating between instances
  • 16. About Me - Shwetha Narayanan • Recently graduated with Masters in Computer Science • Worked for 2 years as a Software Engineer • Co-authored a paper on “Enabling Real time crime intelligence using mobile GIS and prediction methods”, EISIC, 2013
  • 18. Screenshots - Cyber Attack Trends
  • 19. Getis Score - Calculation
  • 20. Bounding Box calculation acos(sin(input_lat) * sin(Lat) + cos(input_lat) * cos(Lat) * cos(Lon - (input_lon))) * 6371 <= 1000;