Big data analytics:Computational intelligence techniques and application areas

Big Data has significant impact in developing functional smart cities and supporting modern societies. In this paper, we investigate the importance of Big Data in modern life and economy, and discuss challenges arising from Big Data utilization. Different computational intelligence techniques have been considered as tools for Big Data analytics. We also explore the powerful combination of Big Data and Computational Intelligence (CI) and identify a number of areas, where novel applications in real world smart city problems can be developed by utilizing these powerful tools and techniques. We present a case study for intelligent transportation in the context of a smart city, and a novel data modelling methodology based on a biologically inspired universal generative modelling approach called Hierarchical Spatial-Temporal State Machine (HSTSM). We further discuss various implications of policy, protection, valuation and commercialization related to Big Data, its applications and deployment

Impact and key challenges of insider threats on organizations and critical businesses

The insider threat has consistently been identified as a key threat to organizations and governments. Understanding the nature of insider threats and the related threat landscape can help in forming mitigation strategies, including non-technical means. In this paper, we survey and highlight challenges associated with the identification and detection of insider threats in both public and private sector organizations, especially those part of a nation’s critical infrastructure. We explore the utility of the cyber kill chain to understand insider threats, as well as understanding the underpinning human behavior and psychological factors. The existing defense techniques are discussed and critically analyzed, and improvements are suggested, in line with the current state-of-the-art cyber security requirements. Finally, open problems related to the insider threat are identified and future research directions are discussed

Agent-based Vs Agent-less Sandbox for Dynamic Behavioral Analysis

Malicious software is detected and classified by either static analysis or dynamic analysis. In static analysis, malware samples are reverse engineered and analyzed so that signatures of malware can be constructed. These techniques can be easily thwarted through polymorphic, metamorphic malware, obfuscation and packing techniques, whereas in dynamic analysis malware samples are executed in a controlled environment using the sandboxing technique, in order to model the behavior of malware. In this paper, we have analyzed Petya, Spyeye, VolatileCedar, PAFISH etc. through Agent-based and Agentless dynamic sandbox systems in order to investigate and benchmark their efficiency in advanced malware detection

Artificial Intelligence based Anomaly Detection of Energy Consumption in Buildings: A Review, Current Trends and New Perspectives

Enormous amounts of data are being produced everyday by sub-meters and smart sensors installed in residential buildings. If leveraged properly, that data could assist end-users, energy producers and utility companies in detecting anomalous power consumption and understanding the causes of each anomaly. Therefore, anomaly detection could stop a minor problem becoming overwhelming. Moreover, it will aid in better decision-making to reduce wasted energy and promote sustainable and energy efficient behavior. In this regard, this paper is an in-depth review of existing anomaly detection frameworks for building energy consumption based on artificial intelligence. Specifically, an extensive survey is presented, in which a comprehensive taxonomy is introduced to classify existing algorithms based on different modules and parameters adopted, such as machine learning algorithms, feature extraction approaches, anomaly detection levels, computing platforms and application scenarios. To the best of the authors' knowledge, this is the first review article that discusses anomaly detection in building energy consumption. Moving forward, important findings along with domain-specific problems, difficulties and challenges that remain unresolved are thoroughly discussed, including the absence of: (i) precise definitions of anomalous power consumption, (ii) annotated datasets, (iii) unified metrics to assess the performance of existing solutions, (iv) platforms for reproducibility and (v) privacy-preservation. Following, insights about current research trends are discussed to widen the applications and effectiveness of the anomaly detection technology before deriving future directions attracting significant attention. This article serves as a comprehensive reference to understand the current technological progress in anomaly detection of energy consumption based on artificial intelligence.Comment: 11 Figures, 3 Table

Proficient Approach for Intrusion Detection using Behaviour Profiling Algorithm and Prevention Using Statistical Model in Cloud Networks

Objectives: The objective of the paper is to discuss the proposed dynamic software model to detect and prevent intrusion in the cloud network. Methods: The Behavior Profiling Algorithm (BPA) has been used to detect the intrusion in cloud network. For finding the intruder in the network the Event Log Entries and the network Unique Identification Address (UIA) has been fetched from the server and then the collected attribute values have been transferred to prevention module.  In the prevention module the dynamic statistical approach model has been used to prevent the network systems and data which are available in the Cloud Network. Findings: For testing the proposed model the 100 cloud network systems were taken and based on the loss of packets (in MB) ranges the samples were classified as 0-100, 101-200, 201-300, 301-400, 401-500, 501-600, 601-700 respectively. The range of data loss is assumed to be an interval of 100 Mbps. It is assumed that the higher the data loss ranges, the more data is lost. The mean, variance, and standard deviation were calculated to verify the data loss ranges. The mean (average) of the data loss in the ranges 0-100 is 060.77 and the mean in the ranges 101-200 is 144.714 data losses, which gradually increases in proportion to the data loss ranges, and in the ranges 601-700 it is 665.769 data losses. From the statistical approach model, the differences between mean and variance indicated that the intruder attacked the files during the data transformation in the network. Therefore, the administrator has to monitor the warning message from the proposed IPS model and get data packet losses in the transformation. If the frequency of data loss is low, the administrator can assume that the data flow is low due to network problems. On the other hand, if the frequency of data loss in the network system is high, he can block the transformation and protect the data file. This paper concludes that the behavioral profiling algorithm combined with a statistical model achieves an efficiency of over 96% in wired networks, over 97.6% in wireless networks, and over 98.7% in cloud networks. Novelty: In the previous paper discussed the approach which has been implemented with 40 nodes and the result of the proposed algorithm produced above 90%, 96% and 98% in the wired, wireless and cloud network respectively. Now, the model has been implemented with 100 nodes the result has been increased. This study concluded that, the efficient algorithm to detect the intrusion is behaviour profiling algorithm, while join with the statistical approach model, it produces efficient result

Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise

[EN] Cyber threat intelligence feeds the focus on atomic and computed indicators of compromise. These indicators are the main source of tactical cyber intelligence most organizations benefit from. They are expressed in machine-readable formats, and they are easily loaded into security devices in order to protect infrastructures. However, their usefulness is very limited, specially in terms of time of life. These indicators can be useful when dealing with non-advanced actors, but they are easily avoided by advanced ones. To detect advanced actor¿s activities, an analyst must deal with behavioral indicators of compromise, which represent tactics, techniques and procedures that are not as common as the atomic and computed ones. In this paper, we analyze why these indicators are not widely used, and we identify key requirements for successful behavioral IOC detection, specification and sharing. We follow the intelligence cycle as the arranged sequence of steps for a defensive team to work, thereby providing a common reference for these teams to identify gaps in their capabilities.Villalón-Huerta, A.; Ripoll-Ripoll, I.; Marco-Gisbert, H. (2022). Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise. Electronics. 11(3):1-20. https://doi.org/10.3390/electronics1103041612011