Introduction to Naïve Bayes in Cybersecurity

With the increasing threat of cybersecurity attacks, we are seeing the rise of security analytics, and where systems such as Splunk, QRadar and HPE Arcsight are used to collect, analyse and detect threats. Normally human analysts are used to make sense of the alerts created, but they are often increasingly overloaded by the number of alerts and possible threats. Thus machine learning can be used to make sense of the alerts and correlate these together, and then pass the results onto human analysts.

Machine Learning

For Machine Learning (ML) there are typically two main phases: training and testing, with a common set of steps of defining the features and classes within the training data set. Next a subset of attributes is located for classification, and a learning model applied on the training data. With the learning model, the rest of the data is then fitted back, and the success rate determined. The basic process that we have in applying machine learning to cyber security is:

• Information sources. This involves defining the sources of information that would be required to capture the right information.
• Data capturing tools. This involves creating the software agents required to the required data.
• Data pre-processing. This involves processing the data into…