Studies in Computational Intelligence 691 Izzat M Alsmadi George Karabatis Ahmed AlEroud Editors Information Fusion for Cyber-Security Analytics Studies in Computational Intelligence Volume 691 Serieseditor JanuszKacprzyk,PolishAcademyofSciences,Warsaw,Poland e-mail:[email protected] Moreinformationabout thisseries athttp://www.springer.com/series/7092 AboutthisSeries The series “Studies in Computational Intelligence” (SCI) publishes new develop- ments and advances in the various areas of computational intelligence—quickly andwithahighquality.Theintentistocoverthetheory,applications,anddesign methods of computational intelligence, as embedded in the fields of engineering, computer science, physics and life sciences, as well as the methodologies behind them. The series contains monographs, lecture notes and edited volumes in com- putational intelligence spanning the areas of neural networks, connectionist sys- tems,geneticalgorithms,evolutionarycomputation,artificialintelligence,cellular automata, self-organizing systems, soft computing, fuzzy systems, and hybrid intelligentsystems.Ofparticularvaluetoboththecontributorsandthereadership are the short publication timeframe and the worldwide distribution, which enable bothwideandrapiddisseminationofresearchoutput. Izzat M. Alsmadi (cid:129) George Karabatis Ahmed AlEroud Editors Information Fusion for Cyber-Security Analytics Editors IzzatM.Alsmadi GeorgeKarabatis DepartmentofComputing DepartmentofInformation andCyberSecurity Systems UniversityofTexasA&M UniversityofMaryland SanAntonio,TX,USA BaltimoreCounty(UMBC) Baltimore,MD,USA AhmedAlEroud DepartmentofComputerInformation Systems YarmoukUniversity Irbid,Jordan ISSN1860-949X ISSN1860-9503 (electronic) StudiesinComputationalIntelligence ISBN978-3-319-44256-3 ISBN978-3-319-44257-0 (eBook) DOI10.1007/978-3-319-44257-0 LibraryofCongressControlNumber:2016954920 ©SpringerInternationalPublishingSwitzerland2017 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilarmethodologynowknownorhereafterdeveloped. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publicationdoesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexempt fromtherelevantprotectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthis book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained hereinorforanyerrorsoromissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAG Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland Preface In spite of the increasing efforts in designing preventive security measures, new attack types arise on a regular basis. The reasons for these include: programming errors,designflaws,insiderthreats,andtheinadequatesecuritytoolsbeingusedby organizations. Additionally, attackers keep evolving attack strategies, resulting in new attack variations being undetected at a system’s real-time execution. There- fore,academiceffortswithsupportingmaterialareneededtoadvancetheexisting attack prediction models, recognize the threats and vulnerabilities in the existing techniques,andlearnhowtocreatenewintrusiondetectionsystemsinthefuture. To this end, Internet communications and distributed networked environments havebecomerichmediaforelectronicdatatransfer.Duetoahugeamountofdata transmission,itbecomesvitaltobuildeffectivesecuritypoliciesandthreatdetec- tion systems that are capable of analyzing network data. As such, providing appropriate protection mechanisms and techniques is significant to combat cyber- threats and to preserve information systems’ integrity, confidentiality, and avail- ability. This book discusses several trending topics in the area of information security. Since there is an increase in the volume of malicious cyber-attacks which demands a collaborative effort between security professionals and researchers to design and utilize cyber-defense systems, the first part of this book discussestherecentattackpredictiontechniquesthatinfuseoneormoreaspectsof informationtocreateattackpredictionmodels.Thesecondpartisdedicatedtonew trends on cybersecurity such as graph data analytics for cybersecurity, unwanted trafficdetectionandcontrolbasedontrustmanagementsoftware-definednetworks, securityinwirelesssensornetworksandtheirapplications,andemergingtrendsin securitysystemdesignusingtheconceptofsocialbehavioralbiometric. v vi Preface By creating this book, from the perspective of information-based security systems, we hope to close the gap in most of the existing systems which mainly focus on low-level data analytics to predict attacks. In addition, we hope to make readersgainaclearunderstandingofrecenttechniquesincybersecurity. SanAntonio,TX,USA IzzatM.Alsmadi Baltimore,MD,USA GeorgeKarabatis Irbid,Jordan AhmedAlEroud Acknowledgments Many people have contributed to this book. The authors would like to thank Dr. Yaser Jararweh from Jordan University of Science and Technology who made great suggestions about the topics covered in the book. The authors would alsoliketothankthereviewteamincludingDr.AhmedManasrahfromYarmouk University in Jordan, Dr. Mohammed Akour who is also a faculty member at Yarmouk University, Dr. Josephine Namayanja who is a faculty member at the UniversityofMassachusettsBoston,Dr.MohammedNajiAlkabiwhoisafaculty memberatZarqaPrivateUniversityinJordan,andDr.YanZhengwhoisamember at the University of Espoo, Finland. The authors would like to thank the State of MarylandTEDCO(MII)andNorthropGrummanCorporation,USA. vii Contents 1 UsingContextualInformationtoIdentifyCyber-Attacks. . . . . . . . 1 AhmedAlEroudandGeorgeKarabatis 2 AFrameworkforContextualInformationFusiontoDetect Cyber-Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 AhmedAlEroudandGeorgeKarabatis 3 DetectingUnknownAttacksUsingContextSimilarity. . . . . . . . . . 53 AhmedAlEroudandGeorgeKarabatis 4 UnwantedTrafficDetectionandControlBasedonTrust Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 ZhengYan,RaimoKantola,LifangZhang,andYutanMa 5 CharacterizationofEvolvingNetworksforCybersecurity. . . . . . . 111 JosephineM.NamayanjaandVandanaP.Janeja 6 Cybercrime:Concerns,ChallengesandOpportunities. . . . . . . . . . 129 GeorgeS.OrekuandFredrickJ.Mtenzi 7 IntrusionPredictionSystems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 MohamedAbdlhamed,KashifKifayat,QiShi,andWilliamHurst 8 AnalyticsforNetworkSecurity:ASurveyandTaxonomy. . . . . . . 175 KajGrahn,MagnusWesterlund,andG€oranPulkkis 9 SecurityinWirelessSensorNetworks(WSNs)andTheir Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 C.V.AnchugamandK.Thangadurai 10 EmergingTrendsinSecuritySystemDesignUsing theConceptofSocialBehaviouralBiometrics. . . . .. . . . . .. . . . .. 229 M.L.Gavrilova,F.Ahmed,S.Azam,P.P.Paul, W.Rahman,M.Sultana,andF.T.Zohra ix x Contents 11 EmpiricalEvidencesinSoftware-DefinedNetworkSecurity: ASystematicLiteratureReview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 253 IzzatM.AlsmadiandMohammadZarour 12 SDN-BasedReal-TimeIDS/IPSAlertingSystem. . . . . . . . . . . . . . . 297 IzzatM.AlsmadiandAhmedAlEroud 13 DigitalForensics:ImplementationandAnalysisforGoogle AndroidFramework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 HarleenKaurandKhairajRamChoudhary 14 ASystematicLiteratureReviewonSoftware-Defined Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 IzzatM.Alsmadi,IyadAlAzzam,andMohammedAkour Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371