My Security Analytics Portfolio
★
SVC Log analysis
For this project, I processed SVC logs in Kibana to analyze login events and system activities across various workstations. I focused on identifying successful and unsuccessful login attempts, tracking the source IP addresses, and evaluating the security events recorded by Microsoft-Windows-Security-Auditing. This allowed me to visualize patterns in user access, including potentially suspicious logon attempts from different machines within the network.
★
Netflow Log analysis
In this project, I analyzed Netflow logs using Kibana to monitor network traffic between IP addresses and ports. By reviewing traffic flow data, I identified the source and destination of network packets, bandwidth usage, and connections that timed out. This analysis helped uncover potential anomalies, such as irregular traffic patterns between internal and external IP addresses.
★
SSL Log analysis
For the SSL logs project, I used Kibana to visualize and track SSL certificate information, including the certificate issuers, expiration dates, and common names (CNs) for various organizations like Netflix, Google, and Microsoft. By reviewing the logs, I identified self-signed certificates and SSL certificates with short validity periods, which could indicate potential security risks such as man-in-the-middle attacks.
★
Machine Learning Part 1
In this machine learning project, I conducted a comparison of classifiers using two datasets to evaluate performance for phishing detection. First, I applied logistic regression to a dataset and generated ROC curves to compare true positives and false positives, finding that the dataset without normalization performed significantly better than the normalized set. I also tested the RandomForestClassifier, adjusting the number of trees to find the optimal configuration, and compared the results to a neural network, discovering that both models reached performance plateaus after a certain number of iterations.
★
Machine Learning Part2
In the third part of the machine learning project, I evaluated three different machine learning algorithms—Random Forest, Logistic Regression, and a Neural Network—for phishing detection using performance metrics like AUC and 10-fold cross-validation. The Random Forest algorithm showed the highest AUC score of 0.95 and outperformed the other models with an average 10-fold validation score of 0.9269. While the neural network demonstrated a slight improvement after normalization, Random Forest consistently performed best across the various evaluation criteria.
★
Graduate Project Report
For my Graduate Project in IT Security Operations, I evaluated ChatGPT v4 for its ability to analyze SOC security logs like DNS, SVC, SSL, and Netflow logs. Using Visual Studio Code to preprocess JSON logs, I tested ChatGPT’s performance in identifying suspicious activities across small and large datasets. ChatGPT excelled in detecting anomalies in smaller logs but struggled with larger datasets, impacting accuracy. This showed its potential for assisting SOC analysts in flagging threats, though human oversight and supplementary tools are necessary for processing larger data volumes effectively. The project also revealed opportunities for improving scalability.