Skip to content

Data Science for Cybersecurity: Identifying and mitigating threats with RapidMiner

Data science meets cybersecurity to protect your web application from bots.

Presented by Rodrigo Fuentealba Cartes, The Pegasus Group

In this video, Rodrigo explains a proof of concept architecture he uses to score HTTP requests, detect attackers and block them using RapidMiner Real Time Scoring, making use of open source tools such as rsyslog, a small agent written in Python and iptables.

The Problem? A major network suffered a DDoS attack. Being a DDoS attack, there was no way to trace the where the attack is coming from. The company was under a time crunch to protect itself from the attack and get services back up and running for their regular customers.

The Solution? Using the logs of port map data, the team was able to utilize RapidMiner to fix this from an alternate route. By using stratified sampling, they were able to identify what packets were legitimate vs which where part of the DDoS attack.

Watch the full presentation below.

Related Resources. Take a Look!