big data analytics for cyber securitydownloads.hindawi.com/journals/scn/2019/4109836.pdf ·...
Post on 21-May-2020
12 Views
Preview:
TRANSCRIPT
EditorialBig Data Analytics for Cyber Security
Pelin Angin ,1 Bharat Bhargava,2 and Rohit Ranchal 3
1Department of Computer Engineering, Middle East Technical University, Ankara, Turkey2Department of Computer Science, Purdue University, West Lafayette, IN, USA3IBM Watson Health Cloud, Cambridge, MA, USA
Correspondence should be addressed to Pelin Angin; pangin@ceng.metu.edu.tr
Received 4 August 2019; Accepted 8 August 2019; Published 8 September 2019
Copyright © 2019 Pelin Angin et al. �is is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
�e era of Internet of �ings with billions of connecteddevices has created an ever larger surface for cyber attackers toexploit, which has resulted in the need for fast and accuratedetection of those attacks. �e developments in mobilecomputing, communications, and mass storage architecturesin the past decade have brought about the phenomenon of bigdata, which involves unprecedented amounts of valuable datagenerated in various forms at a high speed. �e ability toprocess these massive amounts of data in real time using bigdata analytics tools brings along many benets that could beutilized in cyber threat analysis systems. By making use of bigdata collected from networks, computers, sensors, and cloudsystems, cyber threat analysts and intrusion detection/pre-vention systems can discover useful information in real time.�is information can help detect system vulnerabilities andattacks that are becoming prevalent and develop securitysolutions accordingly.
Big data analytics will be a must-have component of anye�ective cyber security solution due to the need of fastprocessing of the high-velocity, high-volume data fromvarious sources to discover anomalies and/or attack patternsas fast as possible to limit the vulnerability of the systems andincrease their resilience. Even though many big data ana-lytics tools have been developed in the past few years, theirusage in the eld of cyber security warrants new approachesconsidering many aspects including (a) unied data rep-resentation, (b) zero-day attack detection, (c) data sharingacross threat detection systems, (d) real time analysis, (e)sampling and dimensionality reduction, (f ) resource-con-strained data processing, and (g) time series analysis foranomaly detection.
�is special issue has attracted original contributionsthat utilize and build big data analytics solutions for cyber
security in a variety of elds. All submissions underwent ameticulous review process, and nine papers were acceptedfor publication in this special issue. �e following is a shortsummary of the ndings of each of these papers.
Cyber Physical Power Systems (CPPS) are a criticalinfrastructure and therefore a favorable target of cyber-attacks. In “VHDRA: A Vertical and Horizontal IntelligentDataset Reduction Approach for Cyber-Physical PowerAware Intrusion Detection Systems,” the authors proposedthe use of the Nonnested Generalized Exemplars (NNGE)algorithm and showed that it is among themost accurate andsuitable classication methods for developing an intrusiondetection system for CPPS because of its ability to classifymulticlass scenarios and handle heterogeneous datasets.Furthermore, VHDRA proposed mechanisms to improvethe classication accuracy and speed of the NNGE algorithmand reduce the computational resource consumption. Itachieves this by vertical reduction of the dataset features byselecting only the most signicant features and horizontallyreduces the size of data while preserving original key eventsand patterns within the datasets using the State Tracking andExtraction Method approach.
In “Integrating Tra�cs with Network Device Logs forAnomaly Detection,” the authors presented Tra�c-LogCombined Detection (TLCD), which is a multistage in-trusion analysis system that overcomes the ine�cacy ofexisting anomaly detection systems that search logs ortra�cs alone for evidence of attacks but do not performfurther analysis of attack processes. TLCD correlates log datawith tra�c characteristics to re�ect the attack process andconstruct a federated detection platform. Specically, it candiscover the process steps of a cyberattack, re�ect the currentnetwork status, and reveal the behaviors of normal users.
HindawiSecurity and Communication NetworksVolume 2019, Article ID 4109836, 2 pageshttps://doi.org/10.1155/2019/4109836
Experiments with different cyberattacks demonstrated thatTLCD provides high accuracy and a low false positive rate.
Role-based access control (RBAC) is a predominantaccess control model and is widely used in both commercialand research settings. A key requirement of RBAC is toidentify appropriate roles that capture business needs. Rolemining is a common approach to discover user roles fromexisting datasets using data mining. "e interdependentrelationships between user permissions must be consideredto prevent security vulnerabilities. In “RMMDI: A NovelFramework for Role Mining Based on the Multi-DomainInformation,” the authors proposed a role mining frame-work based on multi-domain information. It utilizes theinformation from multiple domains such as physical, net-work, and digital, to find the relationships and similaritybetween user permissions, and aggregates the in-terdependent permissions under the same role using multi-view community detection methods.
Governments and enterprises are frequently exposed tocoordinated cyberattacks such as advanced persistent threat(APT). Such attacks require exploiting multiple systemswithin an organization to gain unauthorized access to datafor an extended period by staying undetected. Detection andprevention of such attacks requires classifying the disparatedata from multiple systems based on its semantics andcorrelating it through a comprehensive analysis. "e articletitled “HeteMSD: A Big Data Analytics Framework forTargeted Cyber-Attacks Detection Using HeterogeneousMultisource Data” addresses these gaps by complementingthe analysis using human security experts. It presents amultilayer design of the framework and discusses theidentification of security related characteristics in the data,classification of data based on degree of security semantics,and different types of correlation analysis.
In “Optimizing Computer Worm Detection Using En-sembles,” the authors addressed the problem of detectingcomputer worms in networks. "ey focused particularly onthe problem of detecting sophisticated computer worms thatuse code obfuscation techniques and developed a behavioralmachine learning model to detect computer worms. "eachieved results are promising in terms of accuracy andgeneralization to new datasets.
In “Malware Detection on Byte Streams of PDF FilesUsing Convolutional Neural Networks,” the authorsdesigned a convolutional neural network to tackle malwaredetection on PDF files. "ey collected malicious and benignPDF files and manually labeled the byte sequences withinthem."e proposed network was designed to interpret high-level patterns among collectable spatial clues, predictingwhether the given byte sequence has malicious actions ornot. "e experimental results showed that the proposedapproach outperforms several machine learning models.
Due to the numerous benefits of cloud computing, it isbecoming the go-to technology for hosting services andstoring data. However, the utilization of cloud brings in-herent risks and uncertainty due to lack of visibility into thecloud and loss of control over operations applied to shareddata. A key requirement in cloud-based data storage andsharing is to ensure the integrity of shared data. In “Integrity
Audit of Shared Cloud Data with Identity Tracking,” theauthors proposed a public auditing scheme for dynamicgroup-oriented data sharing in cloud environments. "eyintroduced a new role called Rights Distribution Center(RDC) to track the membership and identity of users. "eapproach enables performing third party audits to verifydata integrity while protecting the privacy of user identity.
Automated data mining can help in extracting importantinformation from unstructured text for various cyberse-curity use cases. However, lack of a high-quality large labeleddataset has been a hindrance for information security re-search. Crowdsourcing can be an effective way to quicklyobtain a large labeled dataset at low cost, but the crowdannotations may be of lower quality than those of experts. In“Multifeature Named Entity Recognition in InformationSecurity Based on Adversarial Learning,” the authors pro-posed solutions by first identifying the common features incrowdsourced annotations using generative adversarialnetworks. Due to the diversity and specificity of the entitycategories in cybersecurity, only the basic word and char-acter features can be used, but these features alone are notsufficient for effective named entity recognition. To addressthis, the domain dictionary and sentence dependency fea-tures were used as additional features to again identify theentities and improve the quality of crowdsourcingannotations.
"e rise of cloud computing has resulted in data storageand computation being delegated to the untrusted cloud,leading to a series of challenging security and privacy threats.While fully homomorphic encryption can be used to protectthe privacy of cloud data and solve the trust problem of athird party, the key problem of achieving fully homomor-phic encryption is reducing the increasing noise during theciphertext evaluation. In “Generalized BootstrappingTechnique Based on Block Equality Test Algorithm,” theauthors investigated the bootstrapping procedure used toconstruct a fully homomorphic encryption scheme. "eyproposed a new block homomorphic equality test algorithmand gave an instance based on the FH-SIMD scheme. Boththeoretical analysis and experiment simulation demon-strated the high performance of the proposed bootstrappingalgorithm.
Conflicts of Interest
"e Editors declare that there are no conflicts of interest.
Pelin AnginBharat Bhargava
Rohit Ranchal
2 Security and Communication Networks
International Journal of
AerospaceEngineeringHindawiwww.hindawi.com Volume 2018
RoboticsJournal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Active and Passive Electronic Components
VLSI Design
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Shock and Vibration
Hindawiwww.hindawi.com Volume 2018
Civil EngineeringAdvances in
Acoustics and VibrationAdvances in
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Electrical and Computer Engineering
Journal of
Advances inOptoElectronics
Hindawiwww.hindawi.com
Volume 2018
Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com
The Scientific World Journal
Volume 2018
Control Scienceand Engineering
Journal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com
Journal ofEngineeringVolume 2018
SensorsJournal of
Hindawiwww.hindawi.com Volume 2018
International Journal of
RotatingMachinery
Hindawiwww.hindawi.com Volume 2018
Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Chemical EngineeringInternational Journal of Antennas and
Propagation
International Journal of
Hindawiwww.hindawi.com Volume 2018
Hindawiwww.hindawi.com Volume 2018
Navigation and Observation
International Journal of
Hindawi
www.hindawi.com Volume 2018
Advances in
Multimedia
Submit your manuscripts atwww.hindawi.com
top related