Tom Davies

Ph.D. Student in Electrical and Computer Engineering

Topological data analysis for anomaly detection in host-based logs

Lightning Talk


Detecting malicious behaviour in computer logs can be challenging as a group of actions that individually are not indicative of compromise can become so when considered together. Topological Data Analysis (TDA) provides a mathematical toolset to consider the global shape of data, enabling embeddings of host-based logs that captures their topological structure across many actions. In this talk I'll introduce TDA, discuss how we can create such embeddings, and show experimental results that suggest the topology of host-based logs is a useful indicator of anomalous activity.