Big Data Security Analytics (Wintersemester 2018/2019)

Dozent: Dr. Feng Cheng (Internet-Technologien und -Systeme) , Pejman Najafi (Internet-Technologien und -Systeme)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 26.10.2018
  • Lehrform: Seminar / Projekt
  • Belegungsart: Wahlpflichtmodul
  • Lehrsprache: Englisch

Studiengänge & Module

IT-Systems Engineering BA
  • ISAE-Grundlagen
  • ISAE-Vertiefung
  • OSIS-Grundlagen
  • OSIS-Vertiefung


Nowadays, the majority of organizations, collect and store event logs generated by different components in the organization's premises, e.g., proxy servers, DNS servers, firewalls, workstations, etc. Analyzing these enormous quantities of event logs possess the potential to detect advanced cyber threats. This introduces the necessity for advanced analytics to derive security value from this “Big Security Data”.

In this seminar, students will be introduced to the valuable security related data and have hands on experience, performing various analytics to derive security value.


  • Introduction to Big (Security) Data
  • Big Data Technology Stack (e.g., Spark, Hadoop, etc.)
  • Data Preparation and ETL
  • High Performance Event Analysis
  • Introduction to Log Analysis and SIEM
  • Event Logs for Intrusion Detection
  • Events and Alerts Correlation
  • Machine Learning and Big Data Analytics
  • Graph Analytics for Big Data


  • Logs of Interest → The 6 Categories of Critical Log Information (Available online)
  • Log Analysis in Security → "Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks." Proceedings of the 29th Annual Computer Security Applications Conference. ACM, 2013 (Available online)
  • DNS Logs → "EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis." NDSS 2011 (Available online)
  • Windows Event Logs → Spotting the Adversary with Windows Event Log Monitoring (Available online)
  • Windows Audit Logs → "Malicious behavior detection using windows audit logs." Proceedings of the 8th ACM Workshop on Artificial Intelligence and Security. ACM, 2015 (Available online)
  • ML in Security → "SoK: Applying Machine Learning in Security-A Survey." (2016), (Available online)
  • Graph  Inference → "Polonium: Tera-scale graph mining for malware detection." ACM SIGKDD conference on knowledge discovery and data mining. 2010 (Available online)
  • Security Knowledge Graph → "Developing an ontology for cyber security knowledge graphs." Proceedings of the 10th Annual Cyber and Information Security Research Conference. ACM, 2015 (Available Online)

Lern- und Lehrformen

  • 15.10.2018 13:30pm Introductory Session, H-2.57 (Please subscribe the seminar by registering here)
  • 26.10.2018 Subscription Deadline (by Studienreferat)
  • The detailed plan (see the Milestones & Timelines in the Introductory Slides-deck)


  • Presentation (with demonstration) and technical report