TU Delft
print this page print this page     
2016/2017 Electrical Engineering, Mathematics and Computer Science Master Computer Science
Cyber Data Analytics
Responsible Instructor
Name E-mail
Dr.ir. S.E. Verwer    S.E.Verwer@tudelft.nl
Contact Hours / Week x/x/x/x
Education Period
Start Education
Exam Period
Course Language
Course Contents
The course provides theoretical and practical background for applying data analytics in the field of cyber security. Cyber data analytics is a huge field with a great diversity of techniques and applications. The course is centered on a selection of five such techniques:

behavioral profiling and anomaly detection;
data stream mining and distributed data processing;
web-crawling and text mining;
software fuzzing and protocol reverse-engineering; and
information fusion and collaborative knowledge discovery.

Anomaly detection is one of the main topics in cyber security. Specific difficulties that the student will learn to handle are the huge amounts of data and the large number of false positives. Behavioral profiling applies to both people and software processes. Different techniques will be taught to handle the different kinds of input data used to construct these profiles such as websites and software logs. In addition to the traditional sample data sets, software code and implementations form an important source of information for cyber data analytics. In addition to training from execution logs, the student will learn how to use this information source by actively providing input and learning from the returned output.
Study Goals
The student will be able to:

Develop and analyze algorithms that learn models from large data streams;
Detect anomalies in system logs, e.g., for fraud detection;
Construct behavioral profiles of both people and software;
Learn insightful models from multiple data sources (e.g., websites, network traces, software code);
Apply knowledge fusion and collaborative knowledge discovery methods;
Use machine learning to discover and analyze threats in software components.
Education Method
There will be two lectures for each of the five topics, and a large lab exercise in which teams of two students will work on a use-case of one of these topics. Each team is free to choose their own topic from a selection of recent research in cyber data analytics.
One large lab assignment in teams of two students resulting in a written report (50%) and an individual summative exam on selected content (50%).