Worcester Polytechnic Institute

Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks

Thursday, Nov. 14 at 4 pm in AK-219:
Beehive: Large-Scale Log Analysis for Detecting Suspicious Activity in Enterprise Networks
Presenter: Dr. Alina Oprea (RSA Laboratories)

Currently, many organizations keep large volumes of log data collected by various security products. This data is mostly used today for forensic analysis once an attack has been discovered or an incident triggered through some external mechanism. We present a novel system called Beehive that mines and automatically extracts knowledge from these various data sources available in our enterprise. Beehive profiles the typical behavior of hosts over extended periods of time, extracts features representative of different aspects of host behavior and identifies hosts that deviate from normal activity. By using a behavior-based approach to detecting security incidents, Beehive improves on signature-based techniques prevalent in industry products. We have evaluated Beehive on several months of log data collected in our enterprise and show that Beehive is able to identify malicious events and policy violations within the enterprise network which would otherwise go undetected.

Alina Oprea is a Consultant Research Scientist at RSA Laboratories, the security division of EMC. Her research interests span multiple areas in computer and communications security including data analysis for security applications, cloud and storage security, foundations of cybersecurity and detection of advanced attacks. Alina holds a B.S. degree in Mathematics and Computer Science from University of Bucharest, Romania, and has obtained M.Sc. and Ph.D. degrees in Computer Science from Carnegie Mellon University in 2003 and 2007, respectively. She is the recipient of the 2011 TR35 award for her research in cloud security.

Applied Cryptology Seminar
The seminar features presentations of hot topics within the
interdisciplinary field of cyber-security.
All are welcome!
For current information on the seminar, please visit: