Machine Learning Algorithms in Network Security

This starred paper aimed to analyze different machine learning algorithms using security log data and to identify the best algorithm, which is both accurate and fastest in detecting the attacks by analyzing security data. In this paper, we reviewed different security risk assessments and machine learning algorithms and code. We brought together the security risk and machine learning algorithms to analyze security data by creating a test environment. For any organization detecting the attacks accurately and quickly is an essential factor in reducing the risk of a security breach. No amount of systems, standards, compliance guidelines can assure a complete hundred percent guarantee of avoiding the security breach. The assumption is security breaches will happen, and the best way to reduce the risk is to detect the attack early and implement the mitigation procedures. The early detection of the attack will provide security professionals the time to reduce the impact and safeguard the organization. We have discussed in risk assessment how different security guidelines are implemented within the organization, which slow and provide more time and increase the effort of hackers in getting access to core organization systems. This will be achieved by making sure the attack is detected early and once creating multiple layers of security so that it becomes difficult for attackers as risk procedures prevent the Kill chain of attackers by slowing and stopping the attack at different level

Visual Security Analytics

Despite the application of increasingly advanced methods and technologies to automate tasks within cyber security, human domain knowledge remains indispensable. Especially monitoring a system’s security posture as well as detecting and analyzing cyber threats requires involvement of security experts. However, the large amount of data relevant for these tasks poses a major impediment for any kind of manual analyses. It is therefore necessary, to enable security experts to efficiently deal with large amounts of data. Visual Security Analytics (VSA) aims to achieve this through generating interactive visual representations of log data or any other data relevant for monitoring, ensuring, and preserving cyber security and covering different ways of analyzing security data using visual approaches (Marty 2009). It is a combination of automated and visual analysis aiming for a “best-of-both” worlds approach. Thus, VSA is a highly interdisciplinary field covering information security, security analytics, information visualization, and human-computer interaction among several others

Visual analytics with decision tree on network traffic flow for botnet detection

Visual analytics (VA) is an integral approach combining visualization, human factors, and data analysis. VA can synthesize information and derive insight from massive, dynamic, ambiguous and often conflicting data. Thus, help discover the expected and unexpected information. Moreover, the visualization could support the assessment in a timely period on which pre-emptive action can be taken. This paper discusses the implementation of visual analytics with decision tree model on network traffic flow for botnet detection. The discussion covers scenarios based on workstation, network traffic ranges and times. The experiment consists of data modeling, analytics and visualization using Microsoft PowerBI platform. Five different VA with different scenario for botnet detection is examined and analysis. From the studies, it may provide visual analytics as flexible approach for botnet detection on network traffic flow by being able to add more information related to botnet, increase path for data exploration and increase the effectiveness of analytics tool. Moreover, learning the pattern of communication and identified which is a normal behavior and abnormal behavior will be vital for security visual analyst as a future reference

Visualization Evaluation for Cyber Security: Trends and Future Directions

The Visualization for Cyber Security research community (VizSec) addresses longstanding challenges in cyber security by adapting and evaluating information visualization techniques with application to the cyber security domain. This research effort has created many tools and techniques that could be applied to improve cyber security, yet the community has not yet established unified standards for evaluating these approaches to predict their operational validity. In this paper, we survey and categorize the evaluation metrics, components and techniques that have been utilized in the past decade of VizSec research literature. We also discuss existing methodological gaps in evaluating visualization in cyber security, and suggest potential avenues for future re- search in order to help establish an agenda for advancing the state-of-the-art in evaluating cyber security visualization

Multi-aspect rule-based AI: Methods, taxonomy, challenges and directions towards automation, intelligence and transparent cybersecurity modeling for critical infrastructures

Critical infrastructure (CI) typically refers to the essential physical and virtual systems, assets, and services that are vital for the functioning and well-being of a society, economy, or nation. However, the rapid proliferation and dynamism of today\u27s cyber threats in digital environments may disrupt CI functionalities, which would have a debilitating impact on public safety, economic stability, and national security. This has led to much interest in effective cybersecurity solutions regarding automation and intelligent decision-making, where AI-based modeling is potentially significant. In this paper, we take into account “Rule-based AI” rather than other black-box solutions since model transparency, i.e., human interpretation, explainability, and trustworthiness in decision-making, is an essential factor, particularly in cybersecurity application areas. This article provides an in-depth study on multi-aspect rule based AI modeling considering human interpretable decisions as well as security automation and intelligence for CI. We also provide a taxonomy of rule generation methods by taking into account not only knowledge-driven approaches based on human expertise but also data-driven approaches, i.e., extracting insights or useful knowledge from data, and their hybridization. This understanding can help security analysts and professionals comprehend how systems work, identify potential threats and anomalies, and make better decisions in various real-world application areas. We also cover how these techniques can address diverse cybersecurity concerns such as threat detection, mitigation, prediction, diagnosis for root cause findings, and so on in different CI sectors, such as energy, defence, transport, health, water, agriculture, etc. We conclude this paper with a list of identified issues and opportunities for future research, as well as their potential solution directions for how researchers and professionals might tackle future generation cybersecurity modeling in this emerging area of study

OwlSight: Platform for Real-time Detection and Visualization of Cyber Threats

ecurity reports published by leading companies reveal the growing number of cyber attacks. Thefts of money or sensitive data, harm the reputation of organizations and sabotage of national critical infrastructures are some of the motivations behind these attacks. The sophistication of these attacks is very high, creating major challenges to the detection and mitigation in useful time. In this context the development of systems to provide situational awareness, to detect cyber threats and alert them in real-time are very important to mitigate the impact of the attacks. In this paper we present a cyber threat platform targeted for real-time detection and visualization of cyber threats. The platform is composed by several building blocks and it is able to collect huge amounts of data from multiple sources, prepare and analyze the data and present the findings through a set of insightful dashboards. A version of the platform is already available and used in a real-context. It collects more than 107 million of malware events daily from different data sources and provides visualization and alerts in real-time for more than 2.7 million of infected unique IPs spread around the world.info:eu-repo/semantics/publishedVersio

Privacy-preserving alert correlation and report retrieval

Intrusion Detection Systems (IDSs) have been widely deployed on both hosts and networks and serve as a second line of defense. Generally, an IDS flags malicious activates as IDS alerts and forwards them to security officers for further responses. The core issue of IDSs is to minimize both false positives and false negatives. Previous research shows that alert correlation is an effective solution. Moreover, alert correlation (in particular, under the cross-domain setting) can fuse distributed information together and thus be able to detect large-scale attacks that local analysis fails to handle. However, in practice the wide usage of alert correlation is hindered by the privacy concern. In this thesis, we propose the TEIRESIAS protocol, which can ensure the privacy-preserving property during the whole process of sharing and correlating alerts, when incorporated with anonymous communication systems. Furthermore, we also take the fairness issue into consideration when designing the procedure of retrieving the results of correlation. More specifically, a contributor can privately retrieve correlated reports in which she involved. The TEIRESIAS protocol is based mainly on searchable encryption, including both symmetric-key encryption with keyword search (SEKS) and public-key encryption with keyword search (PEKS). While designing TEIRESIAS, we identify a new statistical guessing attack against PEKS. To address this problem, we propose the PEKSrand scheme, which is an extension of PEKS and can mitigate both brute-force guessing attacks and statistical guessing attacks. The PEKSrand scheme can either be used independently or be combined with TEIRESIAS to further improve its privacy protection

Diseño de un sistema de información, bajo un enfoque de inteligencia de negocios, para el proceso de toma de decisiones. Caso: Empresa Diafoot

Los sistemas de inteligencia de negocios asisten y potencian los procesos de toma de decisiones, a través de los datos acumulados que las empresas disponen y cuya explotación inadecuada genera inconsistencias, múltiples versiones de la verdad y un desperdicio de tiempo y recursos. El presente trabajo de investigación plantea el diseño de un sistema de información, bajo el enfoque de inteligencia de negocios, el cual mide, dimensiona e interrelaciona los datos que Diafoot dispone y requiere convertir en información de utilidad para medir el desempeño de la empresa de acuerdo a sus objetivos organizacionales. El diseño planteado está plasmado en un modelo de información, elaborado en base a datos que provienen del sistema administrativo, contable y de punto de venta que Diafoot utiliza en la actualidad. Mediante el análisis y diagnóstico de la madurez tecnológica y cultural de la empresa Diafoot se han analizado las particularidades del uso de herramientas tecnológicas y de los procesos de toma de decisiones existentes para así determinarse el nivel de madurez de la empresa en base al modelo de madurez de analíticas de datos de la empresa TDWI. El diseño del sistema de información que se propone en el presente trabajo de investigación tiene como principal objetivo contribuir a la medición de cumplimiento de los objetivos organizacionales, en base a indicadores de desempeño generados a partir de los valores o indicadores de medida de negocio que Diafoot almacena en sus fuentes de información y que reflejan la operatividad diaria de la empresa. Finalmente, se han establecido sugerencias o consideraciones para aplicar el diseño propuesto a través de la implementación de un sistema de analítica de datos o Business Intelligence, manejándose buenas prácticas en la explotación adecuada de datos, en la medición de mejoras alcanzadas, y seleccionando la herramienta adecuada entre las alternativas y soluciones existentes en el mercado considerando el presupuesto y el alcance del proyecto

Electric Light: Automating the Carceral State During the Quantification of Everything

This dissertation traces the rise of digitally-driven policing technologies in order to make sense of how prevailing logics of governance are transformed by ubiquitous computing technology. Beginning in the early 1990s, police departments and theorists began to rely on increasingly detailed sets of metrics to evaluate performance. The adoption of digital technology to streamline quantitative evaluation coincided with a steep decline in measured crime that served as a proof-of-concept for the effectivity of digital police surveillance and analytics systems. During the turbulent first two decades of the 21st century, such digital technologies were increasingly associated with reform projects designed to improve the transparency and accountability of police departments. This dissertation challenges that assertion, and argues that digitization functions to make “numerical” and “mathematical” racial and sexual violence that is internal to policing neoliberal political economy. Rather than transparency and accountability, this dissertation posits that the effect of digitally-driven police technology is the accelerative disentangling of the “human” from “life” and “life” from government. The consequence has been the ossification of a racialized carceral under the aegis of putatively anti-racist technocratic governance