For information on winter intensives that are being delivered partially or fully on campus, please refer to the COVID-19 page.
|Fees||Look up fees|
As we become more dependent on networks in every aspect of our lives the task of protecting those networks becomes harder. The sheer quantity of data and sophistication of the attacks is rapidly making manual analysis infeasible. Security Analytics will examine how we can automate the analysis of such data to better detect and predict security incidents and vulnerabilities within our networks and organisations.
The subject will first introduce the types of data sources that are relevant to detecting different types of security threats in practice. Indicative examples are operating system logs, web server logs, packet traces, flow records and deep packet inspection traces. The second part of the subject will introduce methods from machine learning that are widely used for cyber security analysis. Specific unsupervised machine learning techniques will be covered in more detail, which include methods for anomaly detection, alarm correlation and intrusion detection. The third part of the subject will introduce some of the theoretical challenges and emerging issues for security analytics research, based on recent trends in the evolution of security threats.
Indicative examples of the emerging challenges and issues that will be studied are privacy‐preserving analytics, adversarial machine learning, concept drift and new applications in monitoring critical infrastructure.
Intended learning outcomes
On completion of the subject, students should be able to:
- Evaluate the suitability of different types ofmonitoring data for detecting security incidents
- Describe and implement a range of pattern recognition and machine learning algorithms for use in security analytics
- Select algorithms appropriate to a given security analysis task
- Apply pattern recognition and machine learning techniques to non‐trivial security analysis tasks
- Evaluate computational techniques for security analytics to solve real‐world problems, based on their accuracy and efficiency
- Discuss theoretical challenges and emerging trends for security analytics research
- Ability to undertake problem identification, formulation and solution
- Ability to utilise a systems approach to complex problems
- Capacity for creativity and innovation
- Ability to communicate the results of complex analysis effectively to both technical audiences and the community at large
Last updated: 29 April 2020