MapR Technologies, profile picture
Uploaded byMapR Technologies
PPTX, PDF1,567 views

Realistic Synthetic Generation Allows Secure Development

The document features a presentation by Ted Dunning, Chief Applications Architect at MapR Technologies, discussing techniques for anomaly detection and fraud analytics in complex systems. It highlights the challenges of secure development and collaboration on detection algorithms while sharing methods for generating realistic data for testing. Key topics include the simulation of failure signatures, performance metrics, and data generation methods using various statistical distributions.

Technology
Related topics:
Data Science Insights

Embed presentation

Downloaded 10 times
© 2014 MapR Technologies 1© 2014 MapR Technologies
© 2014 MapR Technologies 2 Who am I? Ted Dunning, Chief Applications Architect MapR Technologies Email tdunning@mapr.com tdunning@apache.org Twitter @Ted_Dunning
© 2014 MapR Technologies 3 Short Books by Ted Dunning & Ellen Friedman • Published by O’Reilly in 2014 and 2015 • For sale from Amazon or O’Reilly • Free e-books currently available courtesy of MapR http://bit.ly/ebook-real- world-hadoop http://bit.ly/mapr-tsdb- ebook http://bit.ly/ebook- anomaly http://bit.ly/recommend ation-ebook
© 2014 MapR Technologies 4
© 2014 MapR Technologies 5 The basic idea
© 2014 MapR Technologies 6 Anomaly Detection and Fraud Analytics • Financial customer wants to identify zero-day attacks • And advanced persistent threats • By sophisticated adversaries who don’t use known vectors • Must keep logs and other data secret – But must also collaborate on detection algorithms
© 2014 MapR Technologies 7 Secure Development is Hard System knowledge Observed data Training algorithm Model New measurements Model Anomaly scores Model deployment
© 2014 MapR Technologies 8 Secure Development is Hard System knowledge Observed data Training algorithm Model New measurements Model Anomaly scores Model deployment Outside collaborators are outside the security perimeter They can’t see the data and they can’t tune new algorithms to fit reality
© 2014 MapR Technologies 9 How To Make Realistic Data System under test Live data Failure signatures Fake data Failure signatures
© 2014 MapR Technologies 10 Parametric Simulation Match here Live data System under test Failure signatures Fake data Failure signatures Fake data System under test Failure signatures Parametric matching of failure signatures allows emulation of complex data properties Matching on KPI’s and failure modes guarantees practical fidelity
© 2014 MapR Technologies 11 Do’s and Don’ts • Do match the KPI’s and failure modes – Speed – Score distribution – False positive rates versus score • Don’t try to match the actual data distribution precisely – Good enough is good enough and we want to imitate failures, not create new life forms – Probably impossible to do precisely – Even if possible, it is vastly harder to match distributions
© 2014 MapR Technologies 12 Methods for Generating Numbers • Well-known distributions – Uniform, normal, gamma, Poisson – Truncations • Cumulations – Random walk v1 • Mixture distributions • Hyper-parameters – Random walk v2
© 2014 MapR Technologies 13 Normal data = data.frame(x=rnorm(10000), y=rnorm(10000))
© 2014 MapR Technologies 14 Mixture of Normals
© 2014 MapR Technologies 15 Random Walk y = cumsum(rnorm(10000))
© 2014 MapR Technologies 16 Pick Mean from Multinomial
© 2014 MapR Technologies 17 Random Walk with Variable Standard Deviation y = cumsum(rt(10000, df=0.9))
© 2014 MapR Technologies 18 Methods for Generating Symbols • Symbols are really just integers with a dictionary • Well-known distributions – Multinomial – Dirichlet processes – Rich-get-richer, Pittman-Yor • Mixture distributions • Hyper-parameters • Lookup tables!!! – Simple tables – Data table joins for correlated components
© 2014 MapR Technologies 19 Skewed Integers 207 3 203 0 198 7 196 4 195 12 193 10 189 2 187 1 185 13 179 6 178 9 177 5 177 25 174 21 173 8 173 14 170 18 [ {"name":"x", "class":"int", "skew":1} ]
© 2014 MapR Technologies 20 Methods for Generating Behaviors • Use structured data! – Generate user meta-data – Generate list of transactions • Only flatten if necessary • See Apache Drill for post-processing
© 2014 MapR Technologies 21 Methods for Generating Databases • Use integers (see previous) as foreign keys • Normalized form implies (approximate) independence of tables
© 2014 MapR Technologies 22
© 2014 MapR Technologies 23 Go get log-synth https://github.com/tdunning/log-synth
© 2014 MapR Technologies 24 A worked example...
© 2014 MapR Technologies 25 Simulation Setup 0 20 40 60 80 100 0100300500 day count Compromise period Exploit period compromises frauds
© 2014 MapR Technologies 26
© 2014 MapR Technologies 27
© 2014 MapR Technologies 28 Questions?
© 2014 MapR Technologies 29 Thank You @mapr maprtech tdunning@mapr.com tdunning@apache.org Ted Dunning, ChiefApplicationArchitect MapRTechnologies maprtech mapr-technologies

More Related Content

PPTX
NoSQL Application Development with JSON and MapR-DB
byMapR Technologies
 
PPTX
Figuras semelhantes
byDosvaldo Alves
 
PPTX
Practical Computing with Chaos
byMapR Technologies
 
PPTX
(Lidar) Pan Australia Topo Mapping Q1 2018
byBrett Johnson
 
PDF
Is Spark Replacing Hadoop
byMapR Technologies
 
PPTX
Apache flink 1.0.0 overview
byMapR Technologies
 
PPTX
Matemática 9º a relação coeficientes e raízes
byDosvaldo Alves
 
PPTX
Aula de matemática
byDosvaldo Alves
 
NoSQL Application Development with JSON and MapR-DB
byMapR Technologies
 
Figuras semelhantes
byDosvaldo Alves
 
Practical Computing with Chaos
byMapR Technologies
 
(Lidar) Pan Australia Topo Mapping Q1 2018
byBrett Johnson
 
Is Spark Replacing Hadoop
byMapR Technologies
 
Apache flink 1.0.0 overview
byMapR Technologies
 
Matemática 9º a relação coeficientes e raízes
byDosvaldo Alves
 
Aula de matemática
byDosvaldo Alves
 

Viewers also liked

PPTX
Zeta Architecture: The Next Generation Big Data Architecture
byMapR Technologies
 
PPTX
Putting Apache Drill into Production
byMapR Technologies
 
PDF
MapR 5.2: Getting More Value from the MapR Converged Data Platform
byMapR Technologies
 
PPTX
Free Code Friday: Drill 101 - Basics of Apache Drill
byMapR Technologies
 
PPTX
Deep Learning vs. Cheap Learning
byMapR Technologies
 
PPTX
How Spark is Enabling the New Wave of Converged Applications
byMapR Technologies
 
PDF
IoT Use Cases with MapR
byMapR Technologies
 
PPTX
Rethinking SQL for Big Data with Apache Drill
byMapR Technologies
 
PPTX
Drilling into Data with Apache Drill
byMapR Technologies
 
Zeta Architecture: The Next Generation Big Data Architecture
byMapR Technologies
 
Putting Apache Drill into Production
byMapR Technologies
 
MapR 5.2: Getting More Value from the MapR Converged Data Platform
byMapR Technologies
 
Free Code Friday: Drill 101 - Basics of Apache Drill
byMapR Technologies
 
Deep Learning vs. Cheap Learning
byMapR Technologies
 
How Spark is Enabling the New Wave of Converged Applications
byMapR Technologies
 
IoT Use Cases with MapR
byMapR Technologies
 
Rethinking SQL for Big Data with Apache Drill
byMapR Technologies
 
Drilling into Data with Apache Drill
byMapR Technologies
 

Similar to Realistic Synthetic Generation Allows Secure Development

PPTX
Deep Learning for Fraud Detection
byDataWorks Summit/Hadoop Summit
 
PPTX
ML Workshop 2: Machine Learning Model Comparison & Evaluation
byMapR Technologies
 
PPTX
T digest-update
byTed Dunning
 
PPTX
Which Algorithms Really Matter
byTed Dunning
 
PPTX
Time Series Anomaly Detection for .net and Azure
byMarco Parenzan
 
PPTX
Anomaly Detection - New York Machine Learning
byTed Dunning
 
PPTX
How to find what you didn't know to look for, oractical anomaly detection
byDataWorks Summit
 
PPTX
How to Determine which Algorithms Really Matter
byDataWorks Summit
 
PPTX
Ted Dunning, Chief Application Architect, MapR at MLconf ATL - 9/18/15
byMLconf
 
PPTX
Cheap learning-dunning-9-18-2015
byTed Dunning
 
PPTX
Anomaly Detection: How to find what you didn’t know to look for
byTed Dunning
 
PPTX
How to tell which algorithms really matter
byDataWorks Summit
 
PDF
Strata 2014-tdunning-anomaly-detection-140211162923-phpapp01
byMapR Technologies
 
PDF
Strata 2014 Anomaly Detection
byTed Dunning
 
PDF
Mathematical bridges From Old to New
byMapR Technologies
 
PDF
Anomaly Detection in Telecom with Spark - Tugdual Grall - Codemotion Amsterda...
byCodemotion
 
PPTX
Finding Changes in Real Data
byTed Dunning
 
PPTX
Cmu Lecture on Hadoop Performance
byTed Dunning
 
PDF
Data Data Everywhere: Not An Insight to Take Action Upon
byArun Kejariwal
 
PPTX
Deep Dive Time Series Anomaly Detection in Azure with dotnet
byMarco Parenzan
 
Deep Learning for Fraud Detection
byDataWorks Summit/Hadoop Summit
 
ML Workshop 2: Machine Learning Model Comparison & Evaluation
byMapR Technologies
 
T digest-update
byTed Dunning
 
Which Algorithms Really Matter
byTed Dunning
 
Time Series Anomaly Detection for .net and Azure
byMarco Parenzan
 
Anomaly Detection - New York Machine Learning
byTed Dunning
 
How to find what you didn't know to look for, oractical anomaly detection
byDataWorks Summit
 
How to Determine which Algorithms Really Matter
byDataWorks Summit
 
Ted Dunning, Chief Application Architect, MapR at MLconf ATL - 9/18/15
byMLconf
 
Cheap learning-dunning-9-18-2015
byTed Dunning
 
Anomaly Detection: How to find what you didn’t know to look for
byTed Dunning
 
How to tell which algorithms really matter
byDataWorks Summit
 
Strata 2014-tdunning-anomaly-detection-140211162923-phpapp01
byMapR Technologies
 
Strata 2014 Anomaly Detection
byTed Dunning
 
Mathematical bridges From Old to New
byMapR Technologies
 
Anomaly Detection in Telecom with Spark - Tugdual Grall - Codemotion Amsterda...
byCodemotion
 
Finding Changes in Real Data
byTed Dunning
 
Cmu Lecture on Hadoop Performance
byTed Dunning
 
Data Data Everywhere: Not An Insight to Take Action Upon
byArun Kejariwal
 
Deep Dive Time Series Anomaly Detection in Azure with dotnet
byMarco Parenzan
 

More from MapR Technologies

PDF
Live Machine Learning Tutorial: Churn Prediction
byMapR Technologies
 
PDF
An Introduction to the MapR Converged Data Platform
byMapR Technologies
 
PPTX
3 Benefits of Multi-Temperature Data Management for Data Analytics
byMapR Technologies
 
PPTX
Data Warehouse Modernization: Accelerating Time-To-Action
byMapR Technologies
 
PPTX
Evolving from RDBMS to NoSQL + SQL
byMapR Technologies
 
PPTX
Machine Learning Success: The Key to Easier Model Management
byMapR Technologies
 
PPTX
Geo-Distributed Big Data and Analytics
byMapR Technologies
 
PDF
Live Tutorial – Streaming Real-Time Events Using Apache APIs
byMapR Technologies
 
PPTX
ML Workshop 1: A New Architecture for Machine Learning Logistics
byMapR Technologies
 
PPTX
Machine Learning for Chickens, Autonomous Driving and a 3-year-old Who Won’t ...
byMapR Technologies
 
PPTX
How to Leverage the Cloud for Business Solutions | Strata Data Conference Lon...
byMapR Technologies
 
PPTX
Self-Service Data Science for Leveraging ML & AI on All of Your Data
byMapR Technologies
 
PPTX
MapR Product Update - Spring 2017
byMapR Technologies
 
PPTX
Evolving Beyond the Data Lake: A Story of Wind and Rain
byMapR Technologies
 
PPTX
MapR and Cisco Make IT Better
byMapR Technologies
 
PPTX
Best Practices for Data Convergence in Healthcare
byMapR Technologies
 
PPTX
Converging your data landscape
byMapR Technologies
 
PPTX
Enabling Real-Time Business with Change Data Capture
byMapR Technologies
 
PPTX
Cisco & MapR bring 3 Superpowers to SAP HANA Deployments
byMapR Technologies
 
PPTX
Bringing Structure, Scalability, and Services to Cloud-Scale Storage
byMapR Technologies
 
Live Machine Learning Tutorial: Churn Prediction
byMapR Technologies
 
An Introduction to the MapR Converged Data Platform
byMapR Technologies
 
3 Benefits of Multi-Temperature Data Management for Data Analytics
byMapR Technologies
 
Data Warehouse Modernization: Accelerating Time-To-Action
byMapR Technologies
 
Evolving from RDBMS to NoSQL + SQL
byMapR Technologies
 
Machine Learning Success: The Key to Easier Model Management
byMapR Technologies
 
Geo-Distributed Big Data and Analytics
byMapR Technologies
 
Live Tutorial – Streaming Real-Time Events Using Apache APIs
byMapR Technologies
 
ML Workshop 1: A New Architecture for Machine Learning Logistics
byMapR Technologies
 
Machine Learning for Chickens, Autonomous Driving and a 3-year-old Who Won’t ...
byMapR Technologies
 
How to Leverage the Cloud for Business Solutions | Strata Data Conference Lon...
byMapR Technologies
 
Self-Service Data Science for Leveraging ML & AI on All of Your Data
byMapR Technologies
 
MapR Product Update - Spring 2017
byMapR Technologies
 
Evolving Beyond the Data Lake: A Story of Wind and Rain
byMapR Technologies
 
MapR and Cisco Make IT Better
byMapR Technologies
 
Best Practices for Data Convergence in Healthcare
byMapR Technologies
 
Converging your data landscape
byMapR Technologies
 
Enabling Real-Time Business with Change Data Capture
byMapR Technologies
 
Cisco & MapR bring 3 Superpowers to SAP HANA Deployments
byMapR Technologies
 
Bringing Structure, Scalability, and Services to Cloud-Scale Storage
byMapR Technologies
 

Recently uploaded

PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
December Patch Tuesday
byIvanti
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Day 5 - Red Team + Blue Team in the Cloud - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
software-security-intro in information security.ppt
byismaeelsahib032
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
December Patch Tuesday
byIvanti
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Kanban India 2025 | Daksh Gupta | Modeling the Models, Generative AI & Kanban
byLeanKanbanIndia
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 

Realistic Synthetic Generation Allows Secure Development

  • 1.
    © 2014 MapRTechnologies 1© 2014 MapR Technologies
  • 2.
    © 2014 MapRTechnologies 2 Who am I? Ted Dunning, Chief Applications Architect MapR Technologies Email tdunning@mapr.com tdunning@apache.org Twitter @Ted_Dunning
  • 3.
    © 2014 MapRTechnologies 3 Short Books by Ted Dunning & Ellen Friedman • Published by O’Reilly in 2014 and 2015 • For sale from Amazon or O’Reilly • Free e-books currently available courtesy of MapR http://bit.ly/ebook-real- world-hadoop http://bit.ly/mapr-tsdb- ebook http://bit.ly/ebook- anomaly http://bit.ly/recommend ation-ebook
  • 4.
    © 2014 MapRTechnologies 4
  • 5.
    © 2014 MapRTechnologies 5 The basic idea
  • 6.
    © 2014 MapRTechnologies 6 Anomaly Detection and Fraud Analytics • Financial customer wants to identify zero-day attacks • And advanced persistent threats • By sophisticated adversaries who don’t use known vectors • Must keep logs and other data secret – But must also collaborate on detection algorithms
  • 7.
    © 2014 MapRTechnologies 7 Secure Development is Hard System knowledge Observed data Training algorithm Model New measurements Model Anomaly scores Model deployment
  • 8.
    © 2014 MapRTechnologies 8 Secure Development is Hard System knowledge Observed data Training algorithm Model New measurements Model Anomaly scores Model deployment Outside collaborators are outside the security perimeter They can’t see the data and they can’t tune new algorithms to fit reality
  • 9.
    © 2014 MapRTechnologies 9 How To Make Realistic Data System under test Live data Failure signatures Fake data Failure signatures
  • 10.
    © 2014 MapRTechnologies 10 Parametric Simulation Match here Live data System under test Failure signatures Fake data Failure signatures Fake data System under test Failure signatures Parametric matching of failure signatures allows emulation of complex data properties Matching on KPI’s and failure modes guarantees practical fidelity
  • 11.
    © 2014 MapRTechnologies 11 Do’s and Don’ts • Do match the KPI’s and failure modes – Speed – Score distribution – False positive rates versus score • Don’t try to match the actual data distribution precisely – Good enough is good enough and we want to imitate failures, not create new life forms – Probably impossible to do precisely – Even if possible, it is vastly harder to match distributions
  • 12.
    © 2014 MapRTechnologies 12 Methods for Generating Numbers • Well-known distributions – Uniform, normal, gamma, Poisson – Truncations • Cumulations – Random walk v1 • Mixture distributions • Hyper-parameters – Random walk v2
  • 13.
    © 2014 MapRTechnologies 13 Normal data = data.frame(x=rnorm(10000), y=rnorm(10000))
  • 14.
    © 2014 MapRTechnologies 14 Mixture of Normals
  • 15.
    © 2014 MapRTechnologies 15 Random Walk y = cumsum(rnorm(10000))
  • 16.
    © 2014 MapRTechnologies 16 Pick Mean from Multinomial
  • 17.
    © 2014 MapRTechnologies 17 Random Walk with Variable Standard Deviation y = cumsum(rt(10000, df=0.9))
  • 18.
    © 2014 MapRTechnologies 18 Methods for Generating Symbols • Symbols are really just integers with a dictionary • Well-known distributions – Multinomial – Dirichlet processes – Rich-get-richer, Pittman-Yor • Mixture distributions • Hyper-parameters • Lookup tables!!! – Simple tables – Data table joins for correlated components
  • 19.
    © 2014 MapRTechnologies 19 Skewed Integers 207 3 203 0 198 7 196 4 195 12 193 10 189 2 187 1 185 13 179 6 178 9 177 5 177 25 174 21 173 8 173 14 170 18 [ {"name":"x", "class":"int", "skew":1} ]
  • 20.
    © 2014 MapRTechnologies 20 Methods for Generating Behaviors • Use structured data! – Generate user meta-data – Generate list of transactions • Only flatten if necessary • See Apache Drill for post-processing
  • 21.
    © 2014 MapRTechnologies 21 Methods for Generating Databases • Use integers (see previous) as foreign keys • Normalized form implies (approximate) independence of tables
  • 22.
    © 2014 MapRTechnologies 22
  • 23.
    © 2014 MapRTechnologies 23 Go get log-synth https://github.com/tdunning/log-synth
  • 24.
    © 2014 MapRTechnologies 24 A worked example...
  • 25.
    © 2014 MapRTechnologies 25 Simulation Setup 0 20 40 60 80 100 0100300500 day count Compromise period Exploit period compromises frauds
  • 26.
    © 2014 MapRTechnologies 26
  • 27.
    © 2014 MapRTechnologies 27
  • 28.
    © 2014 MapRTechnologies 28 Questions?
  • 29.
    © 2014 MapRTechnologies 29 Thank You @mapr maprtech tdunning@mapr.com tdunning@apache.org Ted Dunning, ChiefApplicationArchitect MapRTechnologies maprtech mapr-technologies