Let's use LANL Cyber-Security data to detect fishy workstation processes.
Source data taken from A. D. Kent, “Comprehensive, Multi-Source Cybersecurity Events,” Los Alamos National Laboratory, http://dx.doi.org/10.17021/1179829, 2015. Data dictionary for enriched data can be found here. Enriched data generated using the Scala code found in this project.
- Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz with 16GB of RAM and 1TB of pure, spinning rust.
- Fedora Core 23 GNU/Linux with a 4.3.5 kernel.
- Clone this repository locally with
git clone git@github.com:woodrad/lanl-cyber.git
. - If you have a copy of LANL's Cyber-Security data already, copy or link the tarballs to
data/
. build.sh
will check your environment, download data if you do not have it, resolve dependencies, and build the model.- If you are missing
pyenv
, installpyenv
. - If you are missing
javac
, install Oracle or OpenJDK. - If you are missing
sbt
, installsbt
. build.sh
will now download the data needed with./src/main/python/download.py
. This will take some time.- After you have the data,
build.sh
will run the model.
Documentation for this model is in MODEL.md
.
GPLv3 as in respects your GNU/Freedom. Can't tivoize this.