Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI

Big Data Security Analytics (Wintersemester 2017/2018)

Dozent: Dr. Feng Cheng (Internet-Technologien und -Systeme)
Tutoren: Pejman Najafi

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 27.10.2017
  • Lehrform: Seminar / Projekt
  • Belegungsart: Wahlpflichtmodul
  • Lehrsprache: Deutsch

Studiengänge, Modulgruppen & Module

IT-Systems Engineering BA


Nowadays, the majority of organizations, collect and store event logs generated by different components in the organization's premises, e.g., proxy servers, DNS servers, firewalls, workstations, etc. Analyzing these enormous quantities of event logs possess the potential to detect advanced cyber threats. This introduces the necessity for advanced analytics to derive security value from this “Big Security Data”.

In this seminar, students will be introduced to the valuable security related data and have hands on experience, performing various analytics to derive security value.


  • Introduction to Big (Security) Data
  • Big Data Technology Stack (e.g., Spark, Hadoop, etc.)
  • Data Preparation and ETL
  • High Performance Event Analysis
  • Introduction to Log Analysis and SIEM
  • Event Logs for Intrusion Detection
  • Events and Alerts Correlation
  • Machine Learning and Big Data Analytics
  • Graph Analytics for Big Data


  • Logs of Interest → The 6 Categories of Critical Log Information (Available online)
  • Log Analysis in Security → "Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks." Proceedings of the 29th Annual Computer Security Applications Conference. ACM, 2013 (Available online)
  • DNS Logs → "EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis." NDSS 2011 (Available online)
  • Windows Event Logs → Spotting the Adversary with Windows Event Log Monitoring (Available online)
  • Windows Audit Logs → "Malicious behavior detection using windows audit logs." Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security. ACM, 2015 (Available online)
  • ML in Security → "SoK: Applying Machine Learning in Security-A Survey." (2016), (Available online)
  • Graph  Inference → "Polonium: Tera-scale graph mining for malware detection." ACM SIGKDD conference on knowledge discovery and data mining. 2010 (Available online)
  • Security Knowledge Graph → "Developing an ontology for cyber security knowledge graphs." Proceedings of the 10th Annual Cyber and Information Security Research Conference. ACM, 2015 (Available Online)


  • Presentation (with demonstration) and technical report


  • 16.10.2017 13:00pm Introductory Session, H-2.57
    • You can find the slides here: WYvWay/tYvoi5GbUHUmog+Tfw0v0JRXmBM1qjmwO2bs= (drop us a line when you get or cannot get it)
  • 27.10.2017 Subscription Deadline
  • 30.10.2017 Team Building: Topic Introduction and Assignment (Individual Meeting)
  • The detailed plan comes soon