SlideShare a Scribd company logo

Machine Learning in Action

Download as PPTX, PDF
Splunk
Splunk

This document provides an agenda for a presentation on machine learning in action and how to derive meaningful business insights from data. The presentation will include an introduction to machine learning and anomaly detection theory. It will cover an anomaly detection use case from TalkTalk on detecting anomalies in broadband access. It will also cover a predictive analytics use case on predicting student outcomes. The presentation will conclude with a wrap up and Q&A section.

Technology
1 of 50
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Machine Learning in Action How to derive meaningful and actionable business insights from your data Philipp Drieger | Staff Machine Learning Architect Tony Read | Staff Sales Engineer Greg Ainslie-Malik | Senior Sales Engineer London | June 13, 2019
© 2019 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC. Agenda
© 2019 SPLUNK INC. 1. Quick Intro to Machine Learning and a bit of theory about Anomaly Detection 2. Anomaly Detection Use Case: How TalkTalk detects anomalies in broadband access 3. Predictive Analytics Use Case: Predicting Student Outcomes 4. Wrap Up, Q&A Agenda
© 2019 SPLUNK INC. A Bit Theory First
© 2019 SPLUNK INC. Splunk Customers Want Answers from their Data ► Deviation from past behavior ► Deviation from peers ► (aka Multivariate AD or Cohesive AD) ► Unusual change in features ► ITSI MAD Anomaly Detection ► Predict Service Health Score Predicting Churn ► Predicting Events ► Trend Forecasting ► Detecting influencing entities ► Early warning of failure – predictive maintenance ► Identify peer groups ► Event Correlation ► Reduce alert noise ► Behavioral Analytics ► ITSI Event Analytics Anomaly detection Predictive Analytics Clustering
© 2019 SPLUNK INC. ▶ From Latin anomalia, from Ancient Greek ἀνωμαλία (anōmalía, “irregularity, anomaly”), from ἀνώμαλος (anṓmalos, “irregular, uneven”), negating the meaning of ὁμαλός (homalós, “even”), from ὁμός (homós, “same”). ▶ A deviation from a rule or from what is regarded as normal; an outlier. Synonyms: abnormality, deviance, deviation, exception, inconsistency, irregularity, phenomenon ▶ In the natural sciences, especially in atmospheric and Earth sciences involving applied statistics, an anomaly is the deviation in a quantity from its expected value, e.g., the difference between a measurement and a mean or a model prediction. […] Perspectives on Anomalies https://en.wiktionary.org/wiki/anomaly and https://en.wikipedia.org/wiki/Anomaly and https://en.wikipedia.org/wiki/Anomaly_(natural_sciences)
© 2019 SPLUNK INC. ▶ Only 72 pages ▶ A comprehensive report of most common classic methodologies and algorithmic approaches http://cucis.ece.northwestern.edu/projects/DMS/publications/AnomalyDetection.pdf
© 2019 SPLUNK INC. Why Anomalies Matter
© 2019 SPLUNK INC. • Network traffic • Access pattern • … • Service outages • Infrastructure problems • … • Equipment degradation • Preventative Maintenance • … • Fraud Detection • Insider Threats • … Interesting Anomalies Across Your Business Security – IT Operations – IoT/OT – Business Analytics
© 2019 SPLUNK INC. How to Spot Anomalies
© 2019 SPLUNK INC. ▶ “Can Splunk detect anomalies in my data?” ▶ “Can Splunk help me identify unknown things?” ▶ “Can Splunk find answers for questions that I don’t know?” ▶ Ask yourself what questions you are asking! Questions… there are so many questions…
© 2019 SPLUNK INC. Search Processing Language (SPL) Machine Learning Toolkit (MLTK) Cheat Sheet for Anomaly Detection in Splunk Command Description analyzefields, af Analyze numerical fields for their ability to predict another discrete field. anomalies Computes an "unexpectedness" score for an event. anomalousvalue Finds and summarizes irregular, or uncommon, search results. anomalydetection Identifies anomalous events by computing a probability for each event and then detecting unusually small probabilities. cluster Clusters similar events together. kmeans Performs k-means clustering on selected fields. outlier Removes outlying numerical values. rare Displays the least common values of a field. Method / Algorithm Description DensityFunction The DensityFunction algorithm provides a consistent and streamlined workflow to create and store density functions and utilize them for anomaly detection… LocalOutlierFactor The LocalOutlierFactor algorithm measures the local deviation of density of a given sample with respect to its neighbors… OneClassSVM The OneClassSVM algorithm fits a model from a set of features or fields for detecting anomalies and outliers… Clustering Algorithms Spot point anomalies or anomaleous clusters. Inspect e.g. cluster_distance with KMeans, cluster=-1 with DBSCAN… Classifiers and Regressors Inspect strong residuals when applying your well fitted model to new incoming data points. ML SPL API Wrap your own algorithms of choice https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Commandsbycategory#Find_anomalies https://docs.splunk.com/Documentation/MLApp/4.2.0/User/Algorithms
© 2019 SPLUNK INC. Customer Use Case: TalkTalk
© 2019 SPLUNK INC. TalkTalk Circa 100,000 Access Nodes connect millions of broadband customers to the internet. Extensive Monitoring. But customers still experience broadband issues. Call Centre experience often culminates in dispatch new router / engineer. Expensive! Financially and NPS. And no chance of fixing the issue. Continuously emit START, STOP, INTERIM_UPDATE events (RADIUS data). Hypothesis…”Each of those Access Nodes should emit a similar number of each event at any time of day”. We want to know which are behaving uncharacteristically?
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC. TalkTalk 2 phase approach: 1. Use historic data to establish a baseline for the upcoming week 2. As the upcoming week progresses compare each interval with the baseline.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC.
© 2019 SPLUNK INC. Predictive Analytics for Student Success
© 2019 SPLUNK INC. Classification So what is it anyway? Duck? ..or Rabbit?
© 2019 SPLUNK INC. • Predicting the presence of a botnet • Identifying potential DGAs/malware • … • Predicting outage conditions • Predicting root cause of IT incidents • … • Identifying potential part failures • Assuring quality in manufacturing • … • Predicting customer churn • Grouping customers by attribute and activity • … Prediction in Action Security – IT Operations – IoT/OT – Business Analytics
© 2019 SPLUNK INC. Student Success Predicting Student Outcomes
© 2019 SPLUNK INC. Student Success Analysing and Predicting Dropouts
© 2019 SPLUNK INC. Student Success Tracking Progress
© 2019 SPLUNK INC. Wrap up
© 2019 SPLUNK INC. consider your ML dataset’s dimensional and computational complexity computational complexity dimensional complexity Machine Learning Toolkit In general: for most common ML tasks: use MLTK + MLSPL API extensibility Case #1: need for specific algo / framework Case #2: need for distributed / gpu compute extensibility Recommendation Matrix
© 2019 SPLUNK INC. I want to learn more!
© 2019 SPLUNK INC. Where Can I Learn More About Anomaly Detection? 4 must read blog posts – don’t miss them!
© 2019 SPLUNK INC. • DGA App for Splunk • Sec. Essentials • UBA • MLTK • ITSI • Splunk Essentials for Predictive Maintenance • Splunk Security Essentials for Fraud Detection Where to Find Ready Made Apps… … for my business area of interest? https://splunkbase.splunk.com
© 2019 SPLUNK INC. 4 Days of Innovation 350 Education Sessions 20 Hours of Networking “Hands down the most beneficial and attendee focused conference I have attended!” – Michael Mills, Senior Consultant, Booz Allen Hamilton sign up for notifications @ conf.splunk.com .conf19 October 21-24, 2019 Splunk University October 19-21, 2019 Las Vegas, NV The Venetian Sands Expo
© 2019 SPLUNK INC. Splunk Machine Learning Advisory Program
© 2019 SPLUNK INC. Your Logo Here? Get started on your specific use case with the guidance of Splunk Data Scientists Consider the ML Advisory Program
© 2018 SPLUNK INC. ▶ Early access to new and enhanced Machine Learning features ▶ Opportunity to shape the development of the product ▶ Complimentary assistance in operationalizing a production quality ML model What is the ML Advisory Program? Complimentary support of Splunk data science resources to help build a ML use case resulting in a public reference
© 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You.

Recommended

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDK
Phil Wilkins
 
Logging and observability
Logging and observabilityLogging and observability
Logging and observability
Anton Drukh
 
App Dynamics
App DynamicsApp Dynamics
App Dynamics
Dealmaker Media
 
OWASP Top 10 Proactive Controls
OWASP Top 10 Proactive ControlsOWASP Top 10 Proactive Controls
OWASP Top 10 Proactive Controls
Katy Anton
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
Nadeesha Gamage
 

Recommended

Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
Mohammed Adam
 
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software VendorsBecoming Secure By Design: Questions You Should Ask Your Software Vendors
Becoming Secure By Design: Questions You Should Ask Your Software Vendors
SolarWinds
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDK
Phil Wilkins
 
Logging and observability
Logging and observabilityLogging and observability
Logging and observability
Anton Drukh
 
App Dynamics
App DynamicsApp Dynamics
App Dynamics
Dealmaker Media
 
OWASP Top 10 Proactive Controls
OWASP Top 10 Proactive ControlsOWASP Top 10 Proactive Controls
OWASP Top 10 Proactive Controls
Katy Anton
 
Extending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google CloudExtending Twitter's Data Platform to Google Cloud
Extending Twitter's Data Platform to Google Cloud
DataWorks Summit
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
Nadeesha Gamage
 
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
Mohammed Adam
 
How to use 23c AHF AIOPS to protect Oracle Databases 23c
How to use 23c AHF AIOPS to protect Oracle Databases 23c How to use 23c AHF AIOPS to protect Oracle Databases 23c
How to use 23c AHF AIOPS to protect Oracle Databases 23c
Sandesh Rao
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
Abdul Wahid
 
Virtualization Basics
Virtualization BasicsVirtualization Basics
Virtualization Basics
SrikantMishra12
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
Abdelkrim Hadjidj
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018
Imola Informatica
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
MITRE - ATT&CKcon
 
Aneka
AnekaAneka
Aneka
Ankit Mulani
 
scaling in cluod computing
scaling in cluod computingscaling in cluod computing
scaling in cluod computing
alireza irani
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
MITRE ATT&CK
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data Engine
Swiss Big Data User Group
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
Erik Van Buggenhout
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections Collector
MITRE ATT&CK
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
Michael Gough
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
NGINX, Inc.
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
kunwaratul hax0r
 
Appdynamics Training Session
Appdynamics Training SessionAppdynamics Training Session
Appdynamics Training Session
CodvaTech Labs
 
Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
Splunk
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
Splunk
 

More Related Content

What's hot

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
MITRE ATT&CK
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
Abdul Wahid
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
MITRE ATT&CK
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections Collector
MITRE ATT&CK
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
NGINX, Inc.
 

What's hot (20)

Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CKTracking Noisy Behavior and Risk-Based Alerting with ATT&CK
Tracking Noisy Behavior and Risk-Based Alerting with ATT&CK
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
How to use 23c AHF AIOPS to protect Oracle Databases 23c
How to use 23c AHF AIOPS to protect Oracle Databases 23c How to use 23c AHF AIOPS to protect Oracle Databases 23c
How to use 23c AHF AIOPS to protect Oracle Databases 23c
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Virtualization Basics
Virtualization BasicsVirtualization Basics
Virtualization Basics
 
Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2Disaster Recovery and High Availability with Kafka, SRM and MM2
Disaster Recovery and High Availability with Kafka, SRM and MM2
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018Secure Software Development Lifecycle - Devoxx MA 2018
Secure Software Development Lifecycle - Devoxx MA 2018
 
State of the ATTACK
State of the ATTACKState of the ATTACK
State of the ATTACK
 
Aneka
AnekaAneka
Aneka
 
scaling in cluod computing
scaling in cluod computingscaling in cluod computing
scaling in cluod computing
 
The ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT PlaybookThe ATT&CK Latin American APT Playbook
The ATT&CK Latin American APT Playbook
 
Introducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data EngineIntroducing Splunk – The Big Data Engine
Introducing Splunk – The Big Data Engine
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Automating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections CollectorAutomating the mundanity of technique IDs with ATT&CK Detections Collector
Automating the mundanity of technique IDs with ATT&CK Detections Collector
 
Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1Sandbox vs manual malware analysis v1.1
Sandbox vs manual malware analysis v1.1
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEAModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 
Appdynamics Training Session
Appdynamics Training SessionAppdynamics Training Session
Appdynamics Training Session
 

Similar to Machine Learning in Action

Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
Splunk
 

Similar to Machine Learning in Action (20)

Machine Learning in Action
Machine Learning in ActionMachine Learning in Action
Machine Learning in Action
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
 
Machine Learning in Action
Machine Learning in Action Machine Learning in Action
Machine Learning in Action
 
Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML Get more from your Machine Data with Splunk AI and ML
Get more from your Machine Data with Splunk AI and ML
 
Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML Get more from your Machine Date with Splunk AI and ML
Get more from your Machine Date with Splunk AI and ML
 
Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...
Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...
Mit Splunk Artificial Intelligence und Machine Learning mehr aus Ihren Daten ...
 
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSIVorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
Vorausschauendes, proaktives und collaboratives Machine Learning mit Splunk ITSI
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
 
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence Predictive, Proactive, and Collaborative ML with iT Service Intelligence
Predictive, Proactive, and Collaborative ML with iT Service Intelligence
 
Get More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + MLGet More From Your Data with Splunk AI + ML
Get More From Your Data with Splunk AI + ML
 
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
SplunkLive! Paris 2018: Delivering New Visibility And Analytics For IT Operat...
 
Splunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning WebinarSplunk Artificial Intelligence & Machine Learning Webinar
Splunk Artificial Intelligence & Machine Learning Webinar
 
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics MethodsSpliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
Spliunk Discovery Köln - 17-01-2020 - Intro to Security Analytics Methods
 
Turning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk PlatformTurning Data Into Business Outcomes with the Splunk Platform
Turning Data Into Business Outcomes with the Splunk Platform
 
Sec1391
Sec1391Sec1391
Sec1391
 
Accelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & AutomationAccelerate Incident Response with Orchestration & Automation
Accelerate Incident Response with Orchestration & Automation
 
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident ResponseSplunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
Splunk Discovery Köln - 17-01-2020 - Accelerate Incident Response
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation Accelerate incident Response Using Orchestration and Automation
Accelerate incident Response Using Orchestration and Automation
 
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
SEC1671/ Attack range/Splunk SIEMulator splunkconf2019
 

More from Splunk

SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
Splunk
 

More from Splunk (20)

.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine.conf Go 2023 - Data analysis as a routine
.conf Go 2023 - Data analysis as a routine
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica).conf Go 2023 - Navegando la normativa SOX (Telefónica)
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
 
.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International.conf Go 2023 - Raiffeisen Bank International
.conf Go 2023 - Raiffeisen Bank International
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett .conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär).conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu....conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever....conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex).conf go 2023 - De NOC a CSIRT (Cellnex)
.conf go 2023 - De NOC a CSIRT (Cellnex)
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
 
Splunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk - BMW connects business and IT with data driven operations SRE and O11y
Splunk - BMW connects business and IT with data driven operations SRE and O11y
 
Splunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go KölnSplunk x Freenet - .conf Go Köln
Splunk x Freenet - .conf Go Köln
 
Splunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go KölnSplunk Security Session - .conf Go Köln
Splunk Security Session - .conf Go Köln
 
Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London Data foundations building success, at city scale – Imperial College London
Data foundations building success, at city scale – Imperial College London
 
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...
 
SOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security WebinarSOC, Amore Mio! | Security Webinar
SOC, Amore Mio! | Security Webinar
 
.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session.conf Go 2022 - Observability Session
.conf Go 2022 - Observability Session
 
.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote.conf Go Zurich 2022 - Keynote
.conf Go Zurich 2022 - Keynote
 
.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session.conf Go Zurich 2022 - Platform Session
.conf Go Zurich 2022 - Platform Session
 
.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session.conf Go Zurich 2022 - Security Session
.conf Go Zurich 2022 - Security Session
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Machine Learning in Action

  • 1. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Machine Learning in Action How to derive meaningful and actionable business insights from your data Philipp Drieger | Staff Machine Learning Architect Tony Read | Staff Sales Engineer Greg Ainslie-Malik | Senior Sales Engineer London | June 13, 2019
  • 2. © 2019 SPLUNK INC. During the course of this presentation, we may make forward-looking statements regarding future events or the expected performance of the company. We caution you that such statements reflect our current expectations and estimates based on factors currently known to us and that actual events or results could differ materially. For important factors that may cause actual results to differ from those contained in our forward-looking statements, please review our filings with the SEC. The forward-looking statements made in this presentation are being made as of the time and date of its live presentation. If reviewed after its live presentation, this presentation may not contain current or accurate information. We do not assume any obligation to update any forward-looking statements we may make. In addition, any information about our roadmap outlines our general product direction and is subject to change at any time without notice. It is for informational purposes only and shall not be incorporated into any contract or other commitment. Splunk undertakes no obligation either to develop the features or functionality described or to include any such feature or functionality in a future release. Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners. © 2019 Splunk Inc. All rights reserved. Forward-Looking Statements
  • 7. © 2019 SPLUNK INC. Agenda
  • 8. © 2019 SPLUNK INC. 1. Quick Intro to Machine Learning and a bit of theory about Anomaly Detection 2. Anomaly Detection Use Case: How TalkTalk detects anomalies in broadband access 3. Predictive Analytics Use Case: Predicting Student Outcomes 4. Wrap Up, Q&A Agenda
  • 9. © 2019 SPLUNK INC. A Bit Theory First
  • 10. © 2019 SPLUNK INC. Splunk Customers Want Answers from their Data ► Deviation from past behavior ► Deviation from peers ► (aka Multivariate AD or Cohesive AD) ► Unusual change in features ► ITSI MAD Anomaly Detection ► Predict Service Health Score Predicting Churn ► Predicting Events ► Trend Forecasting ► Detecting influencing entities ► Early warning of failure – predictive maintenance ► Identify peer groups ► Event Correlation ► Reduce alert noise ► Behavioral Analytics ► ITSI Event Analytics Anomaly detection Predictive Analytics Clustering
  • 11. © 2019 SPLUNK INC. ▶ From Latin anomalia, from Ancient Greek ἀνωμαλία (anōmalía, “irregularity, anomaly”), from ἀνώμαλος (anṓmalos, “irregular, uneven”), negating the meaning of ὁμαλός (homalós, “even”), from ὁμός (homós, “same”). ▶ A deviation from a rule or from what is regarded as normal; an outlier. Synonyms: abnormality, deviance, deviation, exception, inconsistency, irregularity, phenomenon ▶ In the natural sciences, especially in atmospheric and Earth sciences involving applied statistics, an anomaly is the deviation in a quantity from its expected value, e.g., the difference between a measurement and a mean or a model prediction. […] Perspectives on Anomalies https://en.wiktionary.org/wiki/anomaly and https://en.wikipedia.org/wiki/Anomaly and https://en.wikipedia.org/wiki/Anomaly_(natural_sciences)
  • 12. © 2019 SPLUNK INC. ▶ Only 72 pages ▶ A comprehensive report of most common classic methodologies and algorithmic approaches http://cucis.ece.northwestern.edu/projects/DMS/publications/AnomalyDetection.pdf
  • 13. © 2019 SPLUNK INC. Why Anomalies Matter
  • 14. © 2019 SPLUNK INC. • Network traffic • Access pattern • … • Service outages • Infrastructure problems • … • Equipment degradation • Preventative Maintenance • … • Fraud Detection • Insider Threats • … Interesting Anomalies Across Your Business Security – IT Operations – IoT/OT – Business Analytics
  • 15. © 2019 SPLUNK INC. How to Spot Anomalies
  • 16. © 2019 SPLUNK INC. ▶ “Can Splunk detect anomalies in my data?” ▶ “Can Splunk help me identify unknown things?” ▶ “Can Splunk find answers for questions that I don’t know?” ▶ Ask yourself what questions you are asking! Questions… there are so many questions…
  • 17. © 2019 SPLUNK INC. Search Processing Language (SPL) Machine Learning Toolkit (MLTK) Cheat Sheet for Anomaly Detection in Splunk Command Description analyzefields, af Analyze numerical fields for their ability to predict another discrete field. anomalies Computes an "unexpectedness" score for an event. anomalousvalue Finds and summarizes irregular, or uncommon, search results. anomalydetection Identifies anomalous events by computing a probability for each event and then detecting unusually small probabilities. cluster Clusters similar events together. kmeans Performs k-means clustering on selected fields. outlier Removes outlying numerical values. rare Displays the least common values of a field. Method / Algorithm Description DensityFunction The DensityFunction algorithm provides a consistent and streamlined workflow to create and store density functions and utilize them for anomaly detection… LocalOutlierFactor The LocalOutlierFactor algorithm measures the local deviation of density of a given sample with respect to its neighbors… OneClassSVM The OneClassSVM algorithm fits a model from a set of features or fields for detecting anomalies and outliers… Clustering Algorithms Spot point anomalies or anomaleous clusters. Inspect e.g. cluster_distance with KMeans, cluster=-1 with DBSCAN… Classifiers and Regressors Inspect strong residuals when applying your well fitted model to new incoming data points. ML SPL API Wrap your own algorithms of choice https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Commandsbycategory#Find_anomalies https://docs.splunk.com/Documentation/MLApp/4.2.0/User/Algorithms
  • 18. © 2019 SPLUNK INC. Customer Use Case: TalkTalk
  • 19. © 2019 SPLUNK INC. TalkTalk Circa 100,000 Access Nodes connect millions of broadband customers to the internet. Extensive Monitoring. But customers still experience broadband issues. Call Centre experience often culminates in dispatch new router / engineer. Expensive! Financially and NPS. And no chance of fixing the issue. Continuously emit START, STOP, INTERIM_UPDATE events (RADIUS data). Hypothesis…”Each of those Access Nodes should emit a similar number of each event at any time of day”. We want to know which are behaving uncharacteristically?
  • 26. © 2019 SPLUNK INC. TalkTalk 2 phase approach: 1. Use historic data to establish a baseline for the upcoming week 2. As the upcoming week progresses compare each interval with the baseline.
  • 35. © 2019 SPLUNK INC. Predictive Analytics for Student Success
  • 36. © 2019 SPLUNK INC. Classification So what is it anyway? Duck? ..or Rabbit?
  • 37. © 2019 SPLUNK INC. • Predicting the presence of a botnet • Identifying potential DGAs/malware • … • Predicting outage conditions • Predicting root cause of IT incidents • … • Identifying potential part failures • Assuring quality in manufacturing • … • Predicting customer churn • Grouping customers by attribute and activity • … Prediction in Action Security – IT Operations – IoT/OT – Business Analytics
  • 38. © 2019 SPLUNK INC. Student Success Predicting Student Outcomes
  • 39. © 2019 SPLUNK INC. Student Success Analysing and Predicting Dropouts
  • 40. © 2019 SPLUNK INC. Student Success Tracking Progress
  • 41. © 2019 SPLUNK INC. Wrap up
  • 42. © 2019 SPLUNK INC. consider your ML dataset’s dimensional and computational complexity computational complexity dimensional complexity Machine Learning Toolkit In general: for most common ML tasks: use MLTK + MLSPL API extensibility Case #1: need for specific algo / framework Case #2: need for distributed / gpu compute extensibility Recommendation Matrix
  • 43. © 2019 SPLUNK INC. I want to learn more!
  • 44. © 2019 SPLUNK INC. Where Can I Learn More About Anomaly Detection? 4 must read blog posts – don’t miss them!
  • 45. © 2019 SPLUNK INC. • DGA App for Splunk • Sec. Essentials • UBA • MLTK • ITSI • Splunk Essentials for Predictive Maintenance • Splunk Security Essentials for Fraud Detection Where to Find Ready Made Apps… … for my business area of interest? https://splunkbase.splunk.com
  • 46. © 2019 SPLUNK INC. 4 Days of Innovation 350 Education Sessions 20 Hours of Networking “Hands down the most beneficial and attendee focused conference I have attended!” – Michael Mills, Senior Consultant, Booz Allen Hamilton sign up for notifications @ conf.splunk.com .conf19 October 21-24, 2019 Splunk University October 19-21, 2019 Las Vegas, NV The Venetian Sands Expo
  • 47. © 2019 SPLUNK INC. Splunk Machine Learning Advisory Program
  • 48. © 2019 SPLUNK INC. Your Logo Here? Get started on your specific use case with the guidance of Splunk Data Scientists Consider the ML Advisory Program
  • 49. © 2018 SPLUNK INC. ▶ Early access to new and enhanced Machine Learning features ▶ Opportunity to shape the development of the product ▶ Complimentary assistance in operationalizing a production quality ML model What is the ML Advisory Program? Complimentary support of Splunk data science resources to help build a ML use case resulting in a public reference
  • 50. © 2019 SPLUNK INC.© 2019 SPLUNK INC. Thank You.