ebook img

Big Data Analytics in Cybersecurity PDF

353 Pages·2017·26.503 MB·English
by  DengJuliaSavasOnur
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Big Data Analytics in Cybersecurity

Big Data Analytics in Cybersecurity Data Analytics Applications Series Editor: Jay Liebowitz PUBLISHED Actionable Intelligence for Healthcare by Jay Liebowitz, Amanda Dawson ISBN: 978-1-4987-6665-4 Data Analytics Applications in Latin America and Emerging Economies by Eduardo Rodriguez ISBN: 978-1-4987-6276-2 Sport Business Analytics: Using Data to Increase Revenue and Improve Operational Efficiency by C. Keith Harrison, Scott Bukstein ISBN: 978-1-4987-6126-0 Big Data and Analytics Applications in Government: Current Practices and Future Opportunities by Gregory Richards ISBN: 978-1-4987-6434-6 Data Analytics Applications in Education by Jan Vanthienen and Kristoff De Witte ISBN: 978-1-4987-6927-3 Big Data Analytics in Cybersecurity by Onur Savas and Julia Deng ISBN: 978-1-4987-7212-9 FORTHCOMING Data Analytics Applications in Law by Edward J. Walters ISBN: 978-1-4987-6665-4 Data Analytics for Marketing and CRM by Jie Cheng ISBN: 978-1-4987-6424-7 Data Analytics in Institutional Trading by Henri Waelbroeck ISBN: 978-1-4987-7138-2 Big Data Analytics in Cybersecurity Edited by Onur Savas Julia Deng CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2017 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-1-4987-7212-9 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, trans- mitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright .com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Contents Preface ...............................................................................................................vii About the Editors .............................................................................................xiii Contributors ......................................................................................................xv SeCtion i A PPLYinG BiG DAtA into DiFFeRent CYBeRSeCURitY ASPeCtS 1 The Power of Big Data in Cybersecurity ................................................3 SONG LUO, MALEK BEN SALEM, AND YAN ZHAI 2 Big Data for Network Forensics ...........................................................23 YI CHENG, TUNG THANH NGUYEN, HUI ZENG, AND JULIA DENG 3 Dynamic Analytics-Driven Assessment of Vulnerabilities and Exploitation ...................................................................................53 HASAN CAM, MAGNUS LJUNGBERG, AKHILOMEN ONIHA, AND ALEXIA SCHULZ 4 Root Cause Analysis for Cybersecurity ................................................81 ENGIN KIRDA AND AMIN KHARRAZ 5 Data Visualization for Cybersecurity ...................................................99 LANE HARRISON 6 Cybersecurity Training ......................................................................115 BOB POKORNY 7 Machine Unlearning: Repairing Learning Models in Adversarial Environments .....................................................................................137 YINZHI CAO v vi ◾ Contents SeCtion ii B iG DAtA in eMeRGinG CYBeRSeCURitY DoMAinS 8 Big Data Analytics for Mobile App Security ......................................169 DOINA CARAGEA AND XINMING OU 9 Security, Privacy, and Trust in Cloud Computing .............................185 YUHONG LIU, RUIWEN LI, SONGJIE CAI, AND YAN (LINDSAY) SUN 10 Cybersecurity in Internet of Things (IoT) ..........................................221 WENLIN HAN AND YANG XIAO 11 Big Data Analytics for Security in Fog Computing ...........................245 SHANHE YI AND QUN LI 12 Analyzing Deviant Socio-Technical Behaviors Using Social Network Analysis and Cyber Forensics-Based Methodologies ...........263 SAMER AL-KHATEEB, MUHAMMAD HUSSAIN, AND NITIN AGARWAL SeCtion iii tooLS AnD DAtASetS FoR CYBeRSeCURitY 13 Security Tools .....................................................................................283 MATTHEW MATCHEN 14 Data and Research Initiatives for Cybersecurity Analysis .................309 JULIA DENG AND ONUR SAVAS Index ...........................................................................................................329 Preface Cybersecurity is the protection of information systems, both hardware and soft- ware, from the theft, unauthorized access, and disclosure, as well as intentional or accidental harm. It protects all segments pertaining to the Internet, from networks themselves to the information transmitted over the network and stored in data- bases, to various applications, and to devices that control equipment operations via network connections. With the emergence of new advanced technologies such as cloud, mobile computing, fog computing, and the Internet of Things (IoT), the Internet has become and will be more ubiquitous. While this ubiquity makes our lives easier, it creates unprecedented challenges for cybersecurity. Nowadays it seems that not a day goes by without a new story on the topic of cybersecurity, either a security incident on information leakage, or an abuse of an emerging technology such as autonomous car hacking, or the software we have been using for years is now deemed to be dangerous because of the newly found security vulnerabilities. So, why can’t these cyberattacks be stopped? Well, the answer is very com- plicated, partially because of the dependency on legacy systems, human errors, or simply not paying attention to security aspects. In addition, the changing and increasing complex threat landscape makes traditional cybersecurity mechanisms inadequate and ineffective. Big data is further making the situation worse, and pres- ents additional challenges to cybersecurity. For an example, the IoT will generate a staggering 400 zettabytes (ZB) of data a year by 2018, according to a report from Cisco. Self-driving cars will soon create significantly more data than people— 3 billion people’s worth of data, according to Intel. The averagely driven car will churn out 4000 GB of data per day, and that is just for one hour of driving a day. Big data analytics, as an emerging analytical technology, offers the capability to collect, store, process, and visualize BIG data; therefore, applying big data ana- lytics in cybersecurity becomes critical and a new trend. By exploiting data from the networks and computers, analysts can discover useful information from data using analytic techniques and processes. Then the decision makers can make more informative decisions by taking advantage of the analysis, including what actions need to be performed, and improvement recommendations to policies, guidelines, procedures, tools, and other aspects of the network processes. vii viii ◾ Preface This book provides a comprehensive coverage of a wide range of complementary topics in cybersecurity. The topics include but are not limited to network forensics, threat analysis, vulnerability assessment, visualization, and cyber training. In addi- tion, emerging security domains such as the IoT, cloud computing, fog computing, mobile computing, and the cyber-social networks are studied. The target audience of this book includes both starters and more experienced security professionals. Readers with data analytics but no cybersecurity or IT experience, or readers with cybersecu- rity but no data analytics experience will hopefully find the book informative. The book consists of 14 chapters, organized into three parts, namely “Applying Big Data into Different Cybersecurity Aspects,” “Big Data in Emerging Cybersecurity Domains,” and “Tools and Datasets for Cybersecurity.” The first part includes Chapters 1–7, focusing on how big data analytics can be used in differ- ent cybersecurity aspects. The second part includes Chapters 8–12, discussing big data challenges and solutions in emerging cybersecurity domains, and the last part, Chapters 13 and 14, present the tools and datasets for cybersecurity research. The authors are experts in their respective domains, and are from academia, govern- ment labs, and the industry. Chapter 1, “The Power of Big Data in Cybersecurity,” is written by Song Luo, Malek Ben Salem, from Accenture Technology Labs, and Yan Zhai from E8 Security Inc. This chapter introduces big data analytics and highlights the needs and impor- tance of applying big data analytics in cybersecurity to fight against the evolving threat landscape. It also describes the typical usage of big data security analytics including its solution domains, architecture, typical use cases, and the challenges. Big data analytics, as an emerging analytical technology, offers the capability to collect, store, process, and visualize big data, which are so large or complex that traditional data processing applications are inadequate to deal with. Cybersecurity, at the same time, is experiencing the big data challenge due to the rapidly grow- ing complexity of networks (e.g., virtualization, smart devices, wireless connections, Internet of Things, etc.) and increasing sophisticated threats (e.g., malware, multi- stage, advanced persistent threats [APTs], etc.). Accordingly, this chapter discusses how big data analytics technology brings in its advantages, and applying big data analytics in cybersecurity is essential to cope with emerging threats. Chapter 2, “Big Data Analytics for Network Forensics,” is written by scien- tists Yi Cheng, Tung Thanh Nguyen, Hui Zeng, and Julia Deng from Intelligent Automation, Inc. Network forensics plays a key role in network management and cybersecurity analysis. Recently, it is facing the new challenge of big data. Big data analytics has shown its promise of unearthing important insights from large amounts of data that were previously impossible to find, which attracts the atten- tion of researchers in network forensics, and a number of efforts have been initiated. This chapter provides an overview on how to apply big data technologies into net- work forensics. It first describes the terms and process of network forensics, presents current practice and their limitations, and then discusses design considerations and some experiences of applying big data analysis for network forensics. Preface ◾ ix Chapter 3, “Dynamic Analytics-Driven Assessment of Vulnerabilities and Exploitation,” is written by U.S. Army Research Lab scientists Hasan Cam and Akhilomen Oniha, and MIT Lincoln Laboratory scientists Magnus Ljungberg and Alexia Schulz. This chapter presents vulnerability assessment, one of the essential cybersecurity functions and requirements, and highlights how big data analytics could potentially leverage vulnerability assessment and causality analysis of vulnerability exploitation in the detection of intrusion and vulnerabilities so that cyber analysts can investigate alerts and vulnerabilities more effectively and faster. The authors present novel models and data analytics approaches to dynamically building and analyzing relationships, dependencies, and causality reasoning among the detected vulner- abilities, intrusion detection alerts, and measurements. This chapter also describes a detailed description of building an exemplary scalable data analytics system to imple- ment the proposed model and approaches by enriching, tagging, and indexing the data of all observations and measurements, vulnerabilities, detection, and monitoring. Chapter 4, “Root Cause Analysis for Cybersecurity,” is written by Amin Kharraz and Professor Engin Kirda of Northwestern University. Recent years have seen the rise of many classes of cyber attacks ranging from ransomware to advanced persistent threats (APTs), which pose severe risks to companies and enterprises. While static detection and signature-based tools are still useful in detecting already observed threats, they lag behind in detecting such sophisticated attacks where adversaries are adaptable and can evade defenses. This chapter intends to explain how to analyze the nature of current multidimensional attacks, and how to identify the root causes of such security incidents. The chapter also elaborates on how to incorporate the acquired intelligence to minimize the impact of complex threats and perform rapid incident response. Chapter 5, “Data Visualization for Cyber Security,” is written by Professor Lane Harrison of Worcester Polytechnic Institute. This chapter is motivated by the fact that data visualization is an indispensable means for analysis and communication, particularly in cyber security. Promising techniques and systems for cyber data visualization have emerged in the past decade, with applications ranging from threat and vulnerability analysis to forensics and network traffic monitoring. In this chapter, the author revisits several of these milestones. Beyond recounting the past, however, the author uncovers and illustrates the emerging themes in new and ongo- ing cyber data visualization research. The need for principled approaches toward combining the strengths of the human perceptual system is also explored with analytical techniques like anomaly detection, for example, as well as the increas- ingly urgent challenge of combatting suboptimal visualization designs—designs that waste both analyst time and organization resources. Chapter 6, “Cybersecurity Training,” is written by cognitive psychologist Bob Pokorny of Intelligent Automation, Inc. This chapter presents training approaches incorporating principles that are not commonly incorporated into training pro- grams, but should be applied when constructing training for cybersecurity. It should help you understand that training is more than (1) providing information

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.