Book chapter on real-time threat detection used for a short course on the subject presented at the SBRC’2018.
In this chapter, we focus on stream processing architectures for real-time threat detection in networks. We present and compare Apache Storm, Apache Spark Streaming, and Apache Flink. The most used feature selection techniques and machine learning algorithms for threat detection are described. We present the common datasets targeted for evaluating the performance of threat detection architectures. Finally, we evaluate proposals based on the lambda architecture, with previous or adaptive training, and zero-day threat detection. The CATRACA real-time threat detection tool, which uses the Apache Spark Streaming platform, is presented.
Slides in portuguese.