Computer security, information security and event management (SIEM) and non-event based raw data (NERD) is a feed activity for modern cyber domain network architecture. Each type of cyber domain such as Software Defined Networks, Virtualization, Service Orchestration or Cloud/Elastic computers, essential carryover characteristics. Each cyber domain might have slightly different properties. Enrichment NERD and SIEM models with Raw Activity Event Data allowed transformation the raw sensor flowing through the system into enriched data elements that are both descriptive and predictive in nature. This paper detail some scenarios for evidence collection, parsing, enrichment, the implementation k-Nearest Neighbor (kNN) classifier as a proof of concept (POC) for Apache Metron cyber security framework. For anomaly detection on Hadoop, utilizing Data Lake, data science and machine learning algorithm indicate this is a viable approach towards collecting, analyzing sensor data and analytical grid processing in a complex and ambiguous environment.
Conference Presentations are recordings of oral presentations given at SPIE conferences and published as part of the conference proceedings. They include the speaker's narration along with a video recording of the presentation slides and animations. Many conference presentations also include full-text papers. Search and browse our growing collection of more than 12,000 conference presentations, including many plenary and keynote presentations.