Adobe's One-Stop Anomaly Shop (OSAS), now available on GitHub, has been developed to make the detection of abnormalities in datasets easier, as well as to improve the processing and format of security log data.
According to Adobe, OSAS combines the vendor's past security research and other open source projects to offer an 'out of the box' system for dataset experimentation, processing, and to allow developers to explore ways to "shorten the path to finding a balanced solution for detecting security threats."
This includes leveraging Hubble, an open source compliance monitoring tool.
Security logs can be complicated and messy and may not fit well with machine learning (ML)-based analysis tools, creating data sparsity and problems in turning unstructured data into structured, usable sets.
The command-line interface (CLI) toolset applies two processes to datasets to try and make sense of security logs. The first is the tagging of raw data with field types such as "multinomial, text, and numeric values," the team says, and it is also possible to label content based on set rules.
During the second stage, the labels are used as input features for generic (unsupervised) or targeted (supervised) ML algorithms. At present there are three standard options, but more are planned for the future.
Adobe has released the OSAS code in full and has also provided a Docker version.