Unsupervised Streaming Cyber-Analytics

  • Niall Adams | Imperial College London

The supervised learning approach to cyber-analytics has proven rather successful. However, there are challenges with this approach, including a frequent dearth of labelled data, the issue of temporal variation, and fundamentally, problems of data volume and velocity. In this talk, we describe simple unsupervised analytics intended to complement and enhance supervised methods. These approaches are based on detecting departures from normal behaviour, under a variety of definitions of normal. In particular we are concerned with streaming analytics, procedures which analyse and update on the fly, as data arrives. We describe adaptive estimation and change point methods for reasoning about a variety of objects, including multinomial distributions and Markov Chains. Examples of such methods operating on enterprise network data are provided.

Speaker Details

Professor Niall Adams is Professor of Statistics, and head of the Statistics section, in the Mathematics Department at Imperial College London. His primary research focus is the development of statistical and machine learning methodology for cyber-security. From 2011 to 2016, he was seconded to the Heilbronn Institute for Mathematical Research at the University of Bristol, to lead the cyber-security data mining team on problems related to national security. Streaming analytics are an area of particular methodological focus, and he has developed a variety of methods for streaming classification and change-point detection.

Series: Microsoft Research Talks