Report Open Access
Data Study Group team
Data Study Groups are week-long events at The Alan Turing Institute bringing together some of the country’s top talent from data science, artificial intelligence, and wider fields, to analyse real-world data science challenges.
Imperial College London, Los Alamos National Laboratory, Heilbronn Institute: Developing data science tools for improving enterprise cyber-security
This Data Study Group (DSG) challenge aims to carry out a preliminary investigation of some statistical and machine learning tools for analysing certain types of cyber-relevant data sources. Specifically, we consider a unified repository released by Los Alamos National Laboratory (LANL) comprising both network flow records and process-level Windows service logs collected on the same enterprise computer network over a three-month period.
Three aspects tackled in this challenge include anomaly detection, data fusion, and visualisation. Within the DSG week, we have aimed to consider if fusion of the data sources can give a more coherent view of this network’s behaviour and what visualisations can be used to aid a prioritisation of of potential threats for analysts. Other explorations developed during this study group have been provided and the potential applications or limitations described. This report does not provide a ‘white paper’ on cyber-security tools, but rather aims to detail the methods attempted by different groups of participants in this DSG.
The Alan Turing Institute Data Study Group Final Report - Imperial, Los Alamos, Heilbronn.pdf