A Review of Topological Data Analysis for Cybersecurity
It addresses the problem of detecting complex threats in cybersecurity for researchers, but is incremental as it reviews existing work.
The paper reviews how Topological Data Analysis (TDA) can be applied to cybersecurity to detect malicious activity by combining weak indicators, highlighting its potential for improving data science in this domain.
In cybersecurity it is often the case that malicious or anomalous activity can only be detected by combining many weak indicators of compromise, any one of which may not raise suspicion when taken alone. The path that such indicators take can also be critical. This makes the problem of analysing cybersecurity data particularly well suited to Topological Data Analysis (TDA), a field that studies the high level structure of data using techniques from algebraic topology, both for exploratory analysis and as part of a machine learning workflow. By introducing TDA and reviewing the work done on its application to cybersecurity, we hope to highlight to researchers a promising new area with strong potential to improve cybersecurity data science.