Databricks, profile picture
Uploaded byDatabricks
PDF, PPTX1,245 views

From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets with Avi Aminov

The document discusses methods for detecting botnets using data analysis techniques, including behavioral pattern analysis and domain blacklisting. It highlights the challenges of model training and implementation in production environments, proposing solutions such as using Scala/Spark pipelines and the predictive model markup language (PMML) for efficient model export. Key lessons learned emphasize the importance of adapting workflows based on scale and utilizing existing frameworks for model management.

Data & Analytics
Related topics:
Apache Spark

Embed presentation

Download as PDF, PPTX
The Road to Uncovering Botnets From Python Scikit-Learn to Scala Spark
whoami • Avi Aminov – ~2 years Security Researcher at Akamai – Physics PhD student • Asaf Nadler – ~1.5 years Security Researcher at Akamai – CS PhD student
Enterprise Threat Protection • Detect malware presence from outbound traffic – Behavioral pattern analysis – Domain blacklisting • Availability – End of June ’17 Akamai Recursive DNS Branch / HQ Enterprise DNS
Data • Akamai Data – 20-30% of internet traffic – Customer ISP/Enterprise logs – 20B DNS queries/day • Third party data – e.g. Authoritative DNS log lines • Open data sources – e.g. WHOIS information
Bot Networks – IP Fluxing • Goal – Evasion – Regular bots: waiting for orders – Proxies: concealing origin server Command & Control server Bots Proxy Bots
Bot Networks Detection • Detect illegitimate IP fluxing • Features – IP dispersity (Geo, systems) – TTL features – Lexical Domain Description #Systems #Countries astro-travels.net PoS CNC Host 157 11
Decision Tree Model Malicious with high confidence • Spread across systems • Unpopular Benign with high confidence • IPs in the same system • Contains meaningful words
Challenge – Going to Production Feature Extraction Scoring Blacklist Feature Extraction Model Training Model Model Evaluation Data Sources
What have we done so far? • Flow – Researcher describes an algorithm (document + Hive query) – Dev rewrites the code in MapReduce (now Scala/Spark) • Problems – Not applicable to ML pipelines – Prone to mistakes – Longer development cycle
Can We Do Better? Option #1 • Research side – Pipeline in Scala/Spark • Dev side – Implement the algorithms • Pros – Greater flexibility – Research scale • Cons – Learning curve – Lose sklearn/R benefits
Can We Do Better? Option #2 • Research side – Train locally and export model • Dev side – Transform data using imported model • Pros – Quick implementation – Unified procedure • Cons – No support for all models
Export scheme • Predictive Model Markup Language • General scheme for ML pipelines – Data transformations – Scoring models • XML format – Readable • Supported by major data science / ML frameworks using jPMML (R, sklearn)
PMML Simple Boilerplate Python (Research side) Scala (Dev side) Credit: jpmml lib http://openscoring.io/ , https://github.com/jpmml/ Maintained by Villu Ruusmann
Lessons Learned • Work process adjusted to the task – Training locally? Export the model – Training on larger scales? Better to use Spark • Use jpmml for model export • When applicable, reduce workload in production – Example – only look at domains with many IPs
Challenge solved Feature Extraction Scoring Blacklist Data Collection Model Training Model Model Evaluation Data Sources PMML
Thank you! @AviBachsh

More Related Content

PDF
Huawei Advanced Data Science With Spark Streaming
byJen Aman
 
PDF
Using SparkML to Power a DSaaS (Data Science as a Service) with Kiran Muglurm...
byDatabricks
 
PDF
SSR: Structured Streaming for R and Machine Learning
byfelixcss
 
PPTX
Spark r under the hood with Hossein Falaki
byDatabricks
 
PDF
Apache Kylin: Speed Up Cubing with Apache Spark with Luke Han and Shaofeng Shi
byDatabricks
 
PDF
Spark Summit EU talk by Kent Buenaventura and Willaim Lau
bySpark Summit
 
PDF
Machine Learning as a Service: Apache Spark MLlib Enrichment and Web-Based Co...
byDatabricks
 
PDF
Apache Spark MLlib's Past Trajectory and New Directions with Joseph Bradley
byDatabricks
 
Huawei Advanced Data Science With Spark Streaming
byJen Aman
 
Using SparkML to Power a DSaaS (Data Science as a Service) with Kiran Muglurm...
byDatabricks
 
SSR: Structured Streaming for R and Machine Learning
byfelixcss
 
Spark r under the hood with Hossein Falaki
byDatabricks
 
Apache Kylin: Speed Up Cubing with Apache Spark with Luke Han and Shaofeng Shi
byDatabricks
 
Spark Summit EU talk by Kent Buenaventura and Willaim Lau
bySpark Summit
 
Machine Learning as a Service: Apache Spark MLlib Enrichment and Web-Based Co...
byDatabricks
 
Apache Spark MLlib's Past Trajectory and New Directions with Joseph Bradley
byDatabricks
 

What's hot

PDF
Random Walks on Large Scale Graphs with Apache Spark with Min Shen
byDatabricks
 
PDF
Overview of Apache Spark 2.3: What’s New? with Sameer Agarwal
byDatabricks
 
PDF
Apache Spark Performance is too hard. Let's make it easier
byDatabricks
 
PDF
Resource-Efficient Deep Learning Model Selection on Apache Spark
byDatabricks
 
PDF
Dynamic DDL: Adding Structure to Streaming Data on the Fly with David Winters...
byDatabricks
 
PDF
Experiences Migrating Hive Workload to SparkSQL with Jie Xiong and Zhan Zhang
byDatabricks
 
PDF
A Journey into Databricks' Pipelines: Journey and Lessons Learned
byDatabricks
 
PDF
Building, Debugging, and Tuning Spark Machine Leaning Pipelines-(Joseph Bradl...
bySpark Summit
 
PDF
Building a Unified Data Pipeline with Apache Spark and XGBoost with Nan Zhu
byDatabricks
 
PDF
Getting Ready to Use Redis with Apache Spark with Dvir Volk
bySpark Summit
 
PDF
Deep Learning on Apache® Spark™ : Workflows and Best Practices
byJen Aman
 
PDF
Build, Scale, and Deploy Deep Learning Pipelines with Ease Using Apache Spark
byDatabricks
 
PPTX
Spark Summit EU talk by Kaarthik Sivashanmugam
bySpark Summit
 
PDF
Performance Optimization Case Study: Shattering Hadoop's Sort Record with Spa...
byDatabricks
 
PDF
Spark Summit EU talk by Shay Nativ and Dvir Volk
bySpark Summit
 
PDF
Spark Streaming and MLlib - Hyderabad Spark Group
byPhaneendra Chiruvella
 
PDF
Spark Summit EU talk by Jakub Hava
bySpark Summit
 
PDF
Use of Spark MLib for Predicting the Offlining of Digital Media-(Christopher ...
bySpark Summit
 
PDF
Spark Summit EU talk by Heiko Korndorf
bySpark Summit
 
PDF
Spark Summit EU talk by Berni Schiefer
bySpark Summit
 
Random Walks on Large Scale Graphs with Apache Spark with Min Shen
byDatabricks
 
Overview of Apache Spark 2.3: What’s New? with Sameer Agarwal
byDatabricks
 
Apache Spark Performance is too hard. Let's make it easier
byDatabricks
 
Resource-Efficient Deep Learning Model Selection on Apache Spark
byDatabricks
 
Dynamic DDL: Adding Structure to Streaming Data on the Fly with David Winters...
byDatabricks
 
Experiences Migrating Hive Workload to SparkSQL with Jie Xiong and Zhan Zhang
byDatabricks
 
A Journey into Databricks' Pipelines: Journey and Lessons Learned
byDatabricks
 
Building, Debugging, and Tuning Spark Machine Leaning Pipelines-(Joseph Bradl...
bySpark Summit
 
Building a Unified Data Pipeline with Apache Spark and XGBoost with Nan Zhu
byDatabricks
 
Getting Ready to Use Redis with Apache Spark with Dvir Volk
bySpark Summit
 
Deep Learning on Apache® Spark™ : Workflows and Best Practices
byJen Aman
 
Build, Scale, and Deploy Deep Learning Pipelines with Ease Using Apache Spark
byDatabricks
 
Spark Summit EU talk by Kaarthik Sivashanmugam
bySpark Summit
 
Performance Optimization Case Study: Shattering Hadoop's Sort Record with Spa...
byDatabricks
 
Spark Summit EU talk by Shay Nativ and Dvir Volk
bySpark Summit
 
Spark Streaming and MLlib - Hyderabad Spark Group
byPhaneendra Chiruvella
 
Spark Summit EU talk by Jakub Hava
bySpark Summit
 
Use of Spark MLib for Predicting the Offlining of Digital Media-(Christopher ...
bySpark Summit
 
Spark Summit EU talk by Heiko Korndorf
bySpark Summit
 
Spark Summit EU talk by Berni Schiefer
bySpark Summit
 

Similar to From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets with Avi Aminov

PPTX
Open, Secure & Transparent AI Pipelines
byNick Pentreath
 
PDF
MLflow with Databricks
byLiangjun Jiang
 
PDF
Guiding through a typical Machine Learning Pipeline
byMichael Gerke
 
PDF
Apache ® Spark™ MLlib 2.x: How to Productionize your Machine Learning Models
byDatabricks
 
PDF
Spark DataFrames and ML Pipelines
byDatabricks
 
PPTX
Data Science Salon: A Journey of Deploying a Data Science Engine to Production
byFormulatedby
 
PDF
Mlflow with databricks
byLiangjun Jiang
 
PDF
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
byDatabricks
 
PPTX
Practical data science
byDing Li
 
PDF
"Managing the Complete Machine Learning Lifecycle with MLflow"
byDatabricks
 
PDF
AISF19 - Building Scalable, Kubernetes-Native ML/AI Pipelines with TFX, KubeF...
byBill Liu
 
PPTX
Introduction to Spark ML
byHolden Karau
 
PPTX
Tooling for Machine Learning: AWS Products, Open Source Tools, and DevOps Pra...
bySQUADEX
 
PPTX
Machine learning at scale - Webinar By zekeLabs
byzekeLabs Technologies
 
PPTX
03_aiops-1.pptx
byFarazulHoda2
 
PDF
Getting started with Apache Spark in Python - PyLadies Toronto 2016
byHolden Karau
 
PDF
Introduction to Spark ML Pipelines Workshop
byHolden Karau
 
PDF
An introduction into Spark ML plus how to go beyond when you get stuck
byData Con LA
 
PDF
Ml pipelines with Apache spark and Apache beam - Ottawa Reactive meetup Augus...
byHolden Karau
 
PDF
Introduction to and Extending Spark ML
byHolden Karau
 
Open, Secure & Transparent AI Pipelines
byNick Pentreath
 
MLflow with Databricks
byLiangjun Jiang
 
Guiding through a typical Machine Learning Pipeline
byMichael Gerke
 
Apache ® Spark™ MLlib 2.x: How to Productionize your Machine Learning Models
byDatabricks
 
Spark DataFrames and ML Pipelines
byDatabricks
 
Data Science Salon: A Journey of Deploying a Data Science Engine to Production
byFormulatedby
 
Mlflow with databricks
byLiangjun Jiang
 
How to Productionize Your Machine Learning Models Using Apache Spark MLlib 2....
byDatabricks
 
Practical data science
byDing Li
 
"Managing the Complete Machine Learning Lifecycle with MLflow"
byDatabricks
 
AISF19 - Building Scalable, Kubernetes-Native ML/AI Pipelines with TFX, KubeF...
byBill Liu
 
Introduction to Spark ML
byHolden Karau
 
Tooling for Machine Learning: AWS Products, Open Source Tools, and DevOps Pra...
bySQUADEX
 
Machine learning at scale - Webinar By zekeLabs
byzekeLabs Technologies
 
03_aiops-1.pptx
byFarazulHoda2
 
Getting started with Apache Spark in Python - PyLadies Toronto 2016
byHolden Karau
 
Introduction to Spark ML Pipelines Workshop
byHolden Karau
 
An introduction into Spark ML plus how to go beyond when you get stuck
byData Con LA
 
Ml pipelines with Apache spark and Apache beam - Ottawa Reactive meetup Augus...
byHolden Karau
 
Introduction to and Extending Spark ML
byHolden Karau
 

More from Databricks

PDF
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
PDF
Sawtooth Windows for Feature Aggregations
byDatabricks
 
PDF
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
PDF
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 4
byDatabricks
 
PDF
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
PPTX
DW Migration Webinar-March 2022.pptx
byDatabricks
 
PDF
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 
PDF
Learn to Use Databricks for Data Science
byDatabricks
 
PDF
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
PDF
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
PDF
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
PDF
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
PDF
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
PPT
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 2
byDatabricks
 
PDF
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
PDF
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
PDF
Why APM Is Not the Same As ML Monitoring
byDatabricks
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
Sawtooth Windows for Feature Aggregations
byDatabricks
 
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
Data Lakehouse Symposium | Day 4
byDatabricks
 
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
DW Migration Webinar-March 2022.pptx
byDatabricks
 
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 
Learn to Use Databricks for Data Science
byDatabricks
 
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
Data Lakehouse Symposium | Day 2
byDatabricks
 
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
Why APM Is Not the Same As ML Monitoring
byDatabricks
 

Recently uploaded

PDF
[Redis Released]- FalkorDB - Redis + Graph Agentic Memory’s Secret Sauce
byGuy Korland
 
PPT
SCHMIDVCS OPERATIONAL CNS IN MODERN SYSTEM.ppt
byjimmylal
 
PDF
Comparing Versions in MySQL Key Differences and Insights.pdf
bySQL DBM
 
PPT
store manager keep track of inventory (2).ppt
byaneesahamedmagi
 
PPTX
Toxicity_Detection_Presentation_SID.pptx
bysiddharthraokartik
 
PDF
Advanced Data Automation, Orchestration & Cloud Analytics | Wisecor Transform...
bywisecortransformatio
 
PDF
Mari menyusun kegiatan yang memberikan makna
byMcDonaldPorajow1
 
PPTX
Ritik Jangid Portfolio, a business analyst
byjangidritik851
 
PDF
What the Insurance Industry Considers “High-Risk” Dog Breeds
byBisnar Chase Personal Injury Attorneys
 
PPTX
new dvor problems new and old NMDVOR.pptx
byjimmylal
 
PPTX
Advanced Python Course With Certification
byinderjeetsingh0589
 
PPT
Acids and alkalis ppt.ppt SVfhasvas jhsvdhsvduisa
byleonciaamolato001
 
PDF
2 Data-Privacy-in-the-Digital-Age pro.pdf
bytiyejo2872
 
PDF
IDENTIFICATION OF ARMA MODELSSSSSSSSSSSS
byilgazduman1
 
PPTX
checker air chance hiring.pptxkkkkkkkkkk
bysinghvinaaaay12345
 
PPTX
Holiday Class Agenda Education Presentation in Pink Red and Green Simple Orna...
byAngelDebatian
 
PPTX
Synthesis_of_Elements_with_Final_Speaker_Notesgjkh
bycinhsteachershe
 
PPTX
Presentation2.pptx ai introduction to ai
byvarung3424
 
DOCX
THESIS ABSTRACT ABOUT CHALLENGES ENCOUNTERED BY POLICE OFFICERS.docx
byssuser6a111b
 
PPTX
Ayurveda_Communication_Canva_Design.Ayurveda_Communication_Canva_Design.pptxA...
bypw6949168
 
[Redis Released]- FalkorDB - Redis + Graph Agentic Memory’s Secret Sauce
byGuy Korland
 
SCHMIDVCS OPERATIONAL CNS IN MODERN SYSTEM.ppt
byjimmylal
 
Comparing Versions in MySQL Key Differences and Insights.pdf
bySQL DBM
 
store manager keep track of inventory (2).ppt
byaneesahamedmagi
 
Toxicity_Detection_Presentation_SID.pptx
bysiddharthraokartik
 
Advanced Data Automation, Orchestration & Cloud Analytics | Wisecor Transform...
bywisecortransformatio
 
Mari menyusun kegiatan yang memberikan makna
byMcDonaldPorajow1
 
Ritik Jangid Portfolio, a business analyst
byjangidritik851
 
What the Insurance Industry Considers “High-Risk” Dog Breeds
byBisnar Chase Personal Injury Attorneys
 
new dvor problems new and old NMDVOR.pptx
byjimmylal
 
Advanced Python Course With Certification
byinderjeetsingh0589
 
Acids and alkalis ppt.ppt SVfhasvas jhsvdhsvduisa
byleonciaamolato001
 
2 Data-Privacy-in-the-Digital-Age pro.pdf
bytiyejo2872
 
IDENTIFICATION OF ARMA MODELSSSSSSSSSSSS
byilgazduman1
 
checker air chance hiring.pptxkkkkkkkkkk
bysinghvinaaaay12345
 
Holiday Class Agenda Education Presentation in Pink Red and Green Simple Orna...
byAngelDebatian
 
Synthesis_of_Elements_with_Final_Speaker_Notesgjkh
bycinhsteachershe
 
Presentation2.pptx ai introduction to ai
byvarung3424
 
THESIS ABSTRACT ABOUT CHALLENGES ENCOUNTERED BY POLICE OFFICERS.docx
byssuser6a111b
 
Ayurveda_Communication_Canva_Design.Ayurveda_Communication_Canva_Design.pptxA...
bypw6949168
 

From Python Scikit-learn to Scala Apache Spark—The Road to Uncovering Botnets with Avi Aminov

  • 1.
    The Road toUncovering Botnets From Python Scikit-Learn to Scala Spark
  • 2.
    whoami • Avi Aminov –~2 years Security Researcher at Akamai – Physics PhD student • Asaf Nadler – ~1.5 years Security Researcher at Akamai – CS PhD student
  • 3.
    Enterprise Threat Protection •Detect malware presence from outbound traffic – Behavioral pattern analysis – Domain blacklisting • Availability – End of June ’17 Akamai Recursive DNS Branch / HQ Enterprise DNS
  • 4.
    Data • Akamai Data –20-30% of internet traffic – Customer ISP/Enterprise logs – 20B DNS queries/day • Third party data – e.g. Authoritative DNS log lines • Open data sources – e.g. WHOIS information
  • 5.
    Bot Networks –IP Fluxing • Goal – Evasion – Regular bots: waiting for orders – Proxies: concealing origin server Command & Control server Bots Proxy Bots
  • 6.
    Bot Networks Detection •Detect illegitimate IP fluxing • Features – IP dispersity (Geo, systems) – TTL features – Lexical Domain Description #Systems #Countries astro-travels.net PoS CNC Host 157 11
  • 7.
    Decision Tree Model Maliciouswith high confidence • Spread across systems • Unpopular Benign with high confidence • IPs in the same system • Contains meaningful words
  • 8.
    Challenge – Goingto Production Feature Extraction Scoring Blacklist Feature Extraction Model Training Model Model Evaluation Data Sources
  • 9.
    What have wedone so far? • Flow – Researcher describes an algorithm (document + Hive query) – Dev rewrites the code in MapReduce (now Scala/Spark) • Problems – Not applicable to ML pipelines – Prone to mistakes – Longer development cycle
  • 10.
    Can We DoBetter? Option #1 • Research side – Pipeline in Scala/Spark • Dev side – Implement the algorithms • Pros – Greater flexibility – Research scale • Cons – Learning curve – Lose sklearn/R benefits
  • 11.
    Can We DoBetter? Option #2 • Research side – Train locally and export model • Dev side – Transform data using imported model • Pros – Quick implementation – Unified procedure • Cons – No support for all models
  • 12.
    Export scheme • PredictiveModel Markup Language • General scheme for ML pipelines – Data transformations – Scoring models • XML format – Readable • Supported by major data science / ML frameworks using jPMML (R, sklearn)
  • 13.
    PMML Simple Boilerplate Python(Research side) Scala (Dev side) Credit: jpmml lib http://openscoring.io/ , https://github.com/jpmml/ Maintained by Villu Ruusmann
  • 14.
    Lessons Learned • Workprocess adjusted to the task – Training locally? Export the model – Training on larger scales? Better to use Spark • Use jpmml for model export • When applicable, reduce workload in production – Example – only look at domains with many IPs
  • 15.
  • 16.