Security Analytics: Adapting Data Science for Security Challenges

Abstract

We review the unique needs of the security domain that necessitate adaptation rather than straightforward application of data science techniques to cyber security. Subsequently, we highlight key data science approaches and best practices, which we believe are more appropriate for the security domain. Unfortunately, the uptake of these approaches and practices has not been satisfactory so far. Hence, we present our reasons and then invite more discussion on why these "seemingly better ideas" are not yet so popular as the basic ideas and techniques. We then discuss our experiences with a course on security analytics that we have been teaching for over three years now.