Data Science techniques are increasingly being applied to security challenges such as malware detection, intrusion detection, and phishing, among others. However, a serious problem in the cybersecurity domain is the presence of an active attacker, who is trying to defeat the methods being deployed. There are other challenges as well such as: availability and quality of datasets, the base-rate fallacy, time-scale of attacks, asymmetrical costs of misclassification, and potential data poisoning.

A recent survey of the literature on phishing detection has showed that very few researchers have considered these challenges [1]. Similarly, other researchers had observed that much of the machine learning work on intrusion detection is not being deployed [2]. In this tutorial, we give a brief introduction to cybersecurity and discuss several problems that require data science solutions. We then cover how data science techniques can be adapted to cybersecurity problems and provide some examples from a range of applications. Throughout, we will emphasize tools and techniques that have the potential to help in winning the war against an active attacker.

[1] Rakesh M. Verma, Murat Kantarcioglu, David J. Marchette, Ernst L. Leiss, and Thamar Solorio. Security analytics: Essential data analytics knowledge for cybersecurity professionals and students. IEEE Security & Privacy, 13(6):60–65, 2015.

[2] Robin Sommer and Vern Paxson. Outside the closed world: On using machine learning for network intrusion detection. In 31st IEEE Symp. on Security and Privacy, S&P 2010, 16-19 May 2010, pages 305–316. IEEE, 2010.