data science ops in practice
play

DATA SCIENCE OPS IN PRACTICE Learn How Splunk Enables Fast Science - PowerPoint PPT Presentation

Dec 05, 2023 •50 likes •360 views

DATA SCIENCE OPS IN PRACTICE Learn How Splunk Enables Fast Science for Cybersecurity Operations OLISA STEPHENSBAILEY DAVID BRENMAN Innovation center, Washington, D.C. SEPTEMBER 2017 DATA SCIENCE OPS IN PRACTICE LEARN HOW TO: ADDRESS

  1. DATA SCIENCE OPS IN PRACTICE Learn How Splunk Enables Fast Science for Cybersecurity Operations OLISA STEPHENSBAILEY DAVID BRENMAN Innovation center, Washington, D.C. SEPTEMBER 2017

  2. DATA SCIENCE OPS IN PRACTICE LEARN HOW TO: ADDRESS CULTURAL CHALLENGES ENSURE YOUR DATA SCIENCE SOLUTIONS GET USED HARNESS THE FULL POWER OF PYTHON WITHIN SPLUNK AGENDA SECTION 1: UNDERSTANDING THE CORE NEED SECTION 2: CROSSING THE ANALYSIS CHASM SECTION 3: ANALYSIS WORKFLOW DEMONSTRATION SECTION 4: ACTION ITEMS FOR YOUR PROJECTS 1

  3. UNDERSTANDING THE CORE NEED 2

  4. THE ROLE OF DATA SCIENCE IN CYBER OPERATIONS • The rate of data growth is outpacing human capabilities • We must optimize impact of the people we do have • Data Science is a powerful tool to reduce the scale of the problem • In response to these needs, Booz Allen Hamilton was tasked with integrating Data Science into the Watchfloor [1] 3

  5. CYBER OPERATIONS ANALYSTS & DATA SCIENTISTS POINTS OF VIEW Cyber Operations Analysts Data Scientists • Are evaluated on quantity of output • Like to understand what the Analyst is trying to do rather than fit existing solution to problem • Have a clearly defined SOP • Are evaluated on development of novel • Will lose productivity every time they invest in methods learning a new tool • Gain honor and reputation from implementing • Do not need new tools to be effective cutting edge algorithms • Are leery of buggy prototype code • Do not like supporting legacy software • Have a distrust of the black box Machine • Have an unwavering trust in mathematics Learning algorithm I must meet my quota, The old way is out of date, I don ’ t have time for toys we must improve 4

  6. APPRECIATING YOUR ROLE FOUNDATIONAL KEY TO SUCCESS • The most important lesson learned Analysts are fully capable of meeting their current objectives without Data Science • Analysts are in a power position: - They are needed - They own the domain knowledge - They own the tradecraft - They own the accesses - They own the data • It is the responsibility of the Data Scientist to show respect and learn - The Data Scientist is intruding into the Analyst's domain [2] 5

  7. CROSSING THE ANALYSIS CHASM 6

  8. BRIDGING THE GAP BETWEEN ANALYSTS & DATA SCIENTISTS IN OPERATIONS • Many Analysts do not understand applied statistics or machine Minimize Number of Tools learning and do not understand how it can be applied to their domain Provide Evidence • Data Scientists wishing to make an impact should: - Minimize the number of new widgets an analyst needs to learn - Provide all results with meaningful supporting evidence Ensure Interpretability - Weight clarity as much as performance in algorithm selection - Appreciate that reporting there are no results is far better than false positives Silence Is a Virtue • Host your end-solutions in the tool environment they use If Analysts Use Splunk, You Use Splunk 7

  9. LEVERAGING THE POWER & FLEXIBILITY WITH PYTHON & SPLUNK Python Splunk • Pros • Pros - Provides developers with access to wide array - Single unified system for collecting, of data processing libraries digesting and querying data - Object-Oriented program design - Attractive 2D plotting - Rapid prototype scripting language - Users able to seamlessly navigate to rawdata behind plots • Cons - Must be able to code • Cons - Developed projects tend to be individual - Query language narrows findings objects - Lacks flexibility of programing language - Steep learning gap for users - Limited python library within SDK Combine the development flexibility of Python with the consistency of Splunk to benefit Analysts 8

  10. STEP #1 - WORK DIRECTLY WITH ANALYSTS TO SOURCE A USE CASE • Our Data Science team works directly with Analysts to work together on analytic objectives - To identify malicious or aberrant behavior within a new batch of log data - To detect suspicious URLs • Their work flow consisted of: 1. Digest log files into Splunk 2. Label fields 3. Explore the data with SMEs and via Splunk queries 4. Report any new Splunk queries of value We expedite Analysts’ Splunking by • Grouping similar observations • Highlighting suspicious outliers • Unlocking new features [4] 9

  11. STEP #2 – SELECT METHOD FOR INTEGRATING DATA SCIENCE CAPABILITIES METHOD 1 • This method has proven capable in rapid delivery situations • Identify a linking field and export the data out of Splunk • Process the data with any Data Science Software • Create a new CSV and use previous linking field to enrich original data Splunk Data Identify Run Splunk Enriched Data Data Raw Import CSV as Formatted & Linking Processing In Ready For Exported to Data Lookup Table Indexed Filed Query Use CSV External Software Import Print CSV Run Any Software Any With Linking Application Libraries Field 10

  12. STEP #2 – SELECT METHOD FOR INTEGRATING DATA SCIENCE CAPABILITIES METHOD 2 • Slower to set up first time, but highly effective after that • Use your own Python environment • Able to leverage any library; Scikit-Learn, Tensor Flow, Theano, Scrapy, etc. Splunk Data Your App Starts Call Your Raw Your App Returns Run Standard Formatted & External Python Splunk/Python Data Results to Splunk Splunk Queries Indexed Session App External Python Import Run Any Software Any Application Libraries 11

  13. STEP #3 – EXECUTE MACHINE LEARNING ALGORITHM DEVELOPMENT PROCESS • Splunk is a powerful asset in many stages of the Machine Learning process Data Collection & Aggregation Splunk makes it easy! Feature Post Analysis of Raw Extraction & Results Data Vectorization Apply ML Raw Pre-Processing & Splunk really Algorithm Data Cleaning External software shines when it needed for comes time to Raw advanced feature present your Data calculations results 12

  14. ANALYSIS WORKFLOW DEMONSTRATION 13

  15. LOOK FAMILIAR? 14

  16. STEP #4 – SHOW EVIDENCE TO SUPPORT ANALYSIS RESULTS JUST BELIEVE ME ‘CAUSE I’M AWESOME! THE NOTORIOUS BLACK BOX 15

  17. BEFORE BETTER APPS… Classic Wireshark Good ‘Ol Excel 16

  18. OUR NEW FEATURE EXTRACTION APPLICATION BRINGS NEW INSIGHTS TO ANALYSIS We added 46 new Our New Feature Examples - Make Better Use of ML Toolkit features!!!! Numeric duration Statistical num_bytes_cli2srv, num_bytes_srv2cli, num_packets_cli2srv, num_packets_srv2cli, packet_deltat_avg_cli2srv, packet_deltat_avg_srv2cli, packet_deltat_entropy_2way, New Stream App Feature Examples – Avoid Basic Summary Table Overhead packet_deltat_entropy_cli2srv, packet_deltat_entropy_srv2cli Avg IP, port, time Statistical sum(bytes), sum(bytes_in), sum(bytes_out), sum(packets_in), sum(packets_out), sum(response_time), sum(time_taken) 17

  19. NEW STREAM APP ENABLES DIRECT ACCESS TO RAW PCAP IN SPLUNK 18

  20. NEW STREAM APP GIVE ANALYSTS MORE INFORMATION 19

  21. ML TOOLKIT ENABLES EXPLORATORY DATA ANALYSIS IN SPLUNK 20

  22. STOCK SPLUNK ML TOOLKIT HAS LIMITED FEATURES AVAILABLE FOR ANALYSIS 90% of ML is Pre-Processing & Feature Extraction Crafting Features is Necessary Before Feeding The MLTK 21

  23. DATA SCIENTISTS CAN ADD NEW FEATURES DIRECTLY INTO SPLUNK FOR EDA 22

  24. USER EXPERIENCE AND SUPPORTING EVIDENCE FOR DATA SCIENTISTS 23

  25. USER EXPERIENCE AND SUPPORTING EVIDENCE FOR ANALYSTS 24

  26. LIVE DEMO 25

  27. ACTION ITEMS FOR YOUR PROJECTS 26

  28. CULTURAL HURDLES & SUCCESSES • Tactics used to overcome cultural barriers - You must go to the analyst; they will show you their analysis process AND grant you keys to their data troves - You must be willing to explain what analysis techniques you are using simply using their terminology as much as possible - Someone on your team has to be willing to talk to the customers and their customers- this helps establish a new, collaborative tribe - Your work must role up into a story that tells the why and so what of the work- sometimes this is the closest one gets to ROI - Marketing & branding extremely important for breaking entrenched thinking and coaxing participation to something new & shiny • Build an interdisciplinary team - Unicorns are hard to find and the best solutions often are a product of divergent thought - Data analysis is a pipeline, journey of sorts…it takes domain experts from fields other than just computer science or mathematics - Having data scientists that have expertise in Cyber Operations mission space will accelerate success 27

  29. FOUR STEPS TO APPLYING DATA SCIENCE WITHIN CYBER OPERATIONS • STEP #1 - WORK DIRECTLY WITH ANALYSTS TO SOURCE A USE CASE • STEP #2 – SELECT METHOD FOR INTEGRATING DATA SCIENCE CAPABILITIES • STEP #3 – EXECUTE MACHINE LEARNING ALGORITHM DEVELOPMENT PROCESS • STEP #4 – SHOW EVIDENCE TO SUPPORT ANALYSIS RESULTS 28

  30. TAKE AWAYS 1) Your data science team must go to the analyst 2) Populate your results where the user checks 3) Develop self-contained limited size products that can be iteratively updated and delivered 4) Data Scientists must be concerned with justifying their claims 5) Splunk can be enhanced by leveraging external scripting 29

  31. INNOVATING THE CYBER DOMAIN THROUGH THE APPLICATION OF DATA SCIENCE 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 133 - Introduction to Computational and Data Science Instructor: Renzhi Cao Computer Science

CS 133 - Introduction to Computational and Data Science Instructor: Renzhi Cao Computer Science

1 CS 133 - Introduction to Computational and Data Science Instructor: Renzhi Cao Computer Science Department Pacific Lutheran University Spring 2017 Announcement Quiz #2 Form group for projects Solutions for eval practice

650 views • 16 slides
Introduction to Data Science using R Lecture 1 2 58M Aims The aim of this module is to enable

Introduction to Data Science using R Lecture 1 2 58M Aims The aim of this module is to enable

1 Introduction to Data Science using R Lecture 1 2 58M Aims The aim of this module is to enable you to: to develop skills in some specific types of data analysis by providing supported practice in workshops and opportunities to

471 views • 19 slides
Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER

Data Science: Statistics or Computer Science? 9/15/2015 DATA SCIENCE: STATISTICS OR COMPUTER SCIENCE? DATA SCIE DA SCIENCE: ST STATIS ISTICS TICS OR OR CO COMPU MPUTER ER SCIEN SCIENCE? IMPLICATIONS FOR STATISTICS EDUCATION IMPLIC ICATION

608 views • 24 slides
11 Data Collection and MEP Y7 Practice Book A Presentation This unit deals with data - how we

11 Data Collection and MEP Y7 Practice Book A Presentation This unit deals with data - how we

11 Data Collection and MEP Y7 Practice Book A Presentation This unit deals with data - how we collect, organise and display it. 11.1 Types of Data Qualitative data is data that is not given numerically; e.g. favourite colour, place of birth,

129 views • 11 slides
Training session 2 How does practice compare to the data? What is the the data? What is the

Training session 2 How does practice compare to the data? What is the the data? What is the

Training session 2 How does practice compare to the data? What is the the data? What is the triangulation? Presenters Name X X . X X . X X 1 Rationale We have already carefully reviewed what the data shows about the performance in

137 views • 12 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data Set Overview Date,Block,Primary Type,Description, Location Description,Arrest,Domestic, District 05/23/2016 05:35:00 PM,024XX W DIVISION ST,ASSAULT,SIMPLE,

430 views • 13 slides
Large-Scale Click- stream and transaction log mining in practice Uwe Mayer, Nish Parikh, Gyanit

Large-Scale Click- stream and transaction log mining in practice Uwe Mayer, Nish Parikh, Gyanit

Large-Scale Click- stream and transaction log mining in practice Uwe Mayer, Nish Parikh, Gyanit Singh October 6-9, 2013. BIG DATA SCIENCE Best Practices Key Ideas Big Data Sets Big Data Properties Challenges in working

777 views • 73 slides
EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science

EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science

EMIS/DS 1300: A Practical Introduction to Data Science Slides by Michael Hahsler Data + Science = Results? Data Science ? Data Sources Results What is Data Science? Data science is a concept to unify statistics, data analysis, machine

635 views • 30 slides
Some Ideas for Best Practice in Scientific Computing Dr Owain Kenway, (@owainkenway)

Some Ideas for Best Practice in Scientific Computing Dr Owain Kenway, (@owainkenway)

Some Ideas for Best Practice in Scientific Computing Dr Owain Kenway, (@owainkenway) UCL/ISD/RITS/RCAS/Team Leader Scientific Computing? Doing science with computers Generating data Simulation Analysing data

515 views • 29 slides
DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type

DataCamp Data Types for Data Science DataCamp Data Types for Data Science Data types Data type system sets the stage for the capabilities of the language Understanding data types empowers you as a data scientist DataCamp Data Types for Data

526 views • 23 slides
INPUT / OUTPUT PRACTICE Fundamentals of Computer Science I Outline File Input Practice

INPUT / OUTPUT PRACTICE Fundamentals of Computer Science I Outline File Input Practice

INPUT / OUTPUT PRACTICE Fundamentals of Computer Science I Outline File Input Practice Reading configuration files Graphics Practice Background Images Animation Input from Files What if.. There are too many

323 views • 14 slides
Causal Data Science Roman Kern Knowledge Discovery and Data Mining 2 (Version 1.0.4) Roman Kern,

Causal Data Science Roman Kern Knowledge Discovery and Data Mining 2 (Version 1.0.4) Roman Kern,

www.tugraz.at > Motivation : With purely observational data we are not able Causal Data Science to answer many questions that one would expect data science to deliver. Taking into the causal perspective , one may (with SCIENCE assumptions, or

464 views • 24 slides
Transplantation Society development of the science and clinical practice Transplantation

Transplantation Society development of the science and clinical practice Transplantation

9/28/2016 Transplantation Society development of the science and clinical practice Transplantation Building Bridges scientific communication to Excellence continuing education guidance on the ethical practice How can we use our

401 views • 9 slides
NO Bassel F. El-Rayes 1 Basic Principles Clinical practice should be Clinical practice

NO Bassel F. El-Rayes 1 Basic Principles Clinical practice should be Clinical practice

Role of radiation in resectable and locally advanced pancreatic cancer? NO Bassel F. El-Rayes 1 Basic Principles Clinical practice should be Clinical practice should not be based on data showing benefit based on absence of data of

476 views • 22 slides
Data science for business Sebastian Sauer

Data science for business Sebastian Sauer

10.5.2019 Data science for business Data science for business Sebastian Sauer file:///Users/sebastiansaueruser/Documents/Publikationen/blog_ses/data_se/public/slides/data-science-business/intro-data-science-talk-2019-05-14.html#31 1/27

302 views • 27 slides
Data science methods for online teaching Matthew Brett What is data science not? The

Data science methods for online teaching Matthew Brett What is data science not? The

Data science methods for online teaching Matthew Brett What is data science not? The now-contemplated field of Data Science amounts to a superset of the fields of statistics and machine learning which adds some technol- ogy for scaling

216 views • 3 slides
Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim

Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim

Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim Senior Software Engineer, Maintainer @ RHEV Red Hat IL, Raanana August 2015, CloudOpen Europe CloudOpen 2015 Agenda Introducing Open-Source

1.26k views • 93 slides
Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim

Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim

Integrating oVirt, Foreman And Katello To Empower Your Data-Center Utilization Yaniv Bronhaim Senior Software Engineer, Maintainer @ RHEV Red Hat IL, Raanana August 2015, CloudOpen NA CloudOpen, August 2015 Abstract Agenda:

1.52k views • 79 slides
Rancher Provider The Rancher provider is used to interact with the resources supported by Rancher.

Rancher Provider The Rancher provider is used to interact with the resources supported by Rancher.

Rancher Provider The Rancher provider is used to interact with the resources supported by Rancher. The provider needs to be congured with the URL of the Rancher server at minimum and API credentials if access control is enabled on the server.

2.04k views • 178 slides
Unit D1: Welfare Impacts of Intl Trade Policies Li List of Trade policies f T d li i

Unit D1: Welfare Impacts of Intl Trade Policies Li List of Trade policies f T d li i

Dr. Shida Henneberry, AGEC4343 Unit D1: Welfare Impacts of Intl Trade Policies Li List of Trade policies f T d li i 1 Dr. Shida Henneberry, AGEC4343 T Trade Policies of d P li i f I Importing and i d E Exporting i

334 views • 8 slides
Multiple distortions and second best environmental policy Economics 573 Brian Copeland 1. The

Multiple distortions and second best environmental policy Economics 573 Brian Copeland 1. The

Multiple distortions and second best environmental policy Economics 573 Brian Copeland 1. The model with only one distortion Preferences: Representative consumer Expenditure function E(p,u,z), E z is Marginal damage Assume E z (p,u,z) >

528 views • 17 slides
LECTURE 28 REGULAR EXPRESSIONS MCS 260 Fall 2020 David Dumas / REMINDERS If you haven't

LECTURE 28 REGULAR EXPRESSIONS MCS 260 Fall 2020 David Dumas / REMINDERS If you haven't

LECTURE 28 REGULAR EXPRESSIONS MCS 260 Fall 2020 David Dumas / REMINDERS If you haven't started Project 3, you are behind! Worksheet 10 available Quiz 10 coming Thursday, due Nov 2 Nov 3: All UIC courses canceled (Elecon day) Nov 5:

168 views • 14 slides
Analyzing 750 billion events and 46 TB of code What you can learn from GitHub's shared data on

Analyzing 750 billion events and 46 TB of code What you can learn from GitHub's shared data on

Analyzing 750 billion events and 46 TB of code What you can learn from GitHub's shared data on BigQuery Felipe Hoffa Developer Advocate @felipehoffa @felipehoffa @felipehoffa @felipehoffa @felipehoffa @felipehoffa DATA @felipehoffa Who

810 views • 60 slides
Core Advocacy Group December 11, 2017 3:00 4:00 PM ET 1 2 AGENDA Chinese Waste

Core Advocacy Group December 11, 2017 3:00 4:00 PM ET 1 2 AGENDA Chinese Waste

Core Advocacy Group December 11, 2017 3:00 4:00 PM ET 1 2 AGENDA Chinese Waste Restrictions NSPS/EG Rules Update EPA GHG Inventory Other Updates MA-33 Communications Local/State/Provincial Update 3 Chinese Waste

400 views • 11 slides

More recommend