Timely processing of big data in collaborative large-scale distributed systems

Today’s Big Data phenomenon, characterized by huge volumes of data produced at very high rates by heterogeneous and geographically dispersed sources, is fostering the employment of large-scale distributed systems in order to leverage parallelism, fault tolerance and locality awareness with the aim of delivering suitable performances. Among the several areas where Big Data is gaining increasing significance, the protection of Critical Infrastructure is one of the most strategic since it impacts on the stability and safety of entire countries. Intrusion detection mechanisms can benefit a lot from novel Big Data technologies because these allow to exploit much more information in order to sharpen the accuracy of threats discovery. A key aspect for increasing even more the amount of data at disposal for detection purposes is the collaboration (meant as information sharing) among distinct actors that share the common goal of maximizing the chances to recognize malicious activities earlier. Indeed, if an agreement can be found to share their data, they all have the possibility to definitely improve their cyber defenses. The abstraction of Semantic Room (SR) allows interested parties to form trusted and contractually regulated federations, the Semantic Rooms, for the sake of secure information sharing and processing. Another crucial point for the effectiveness of cyber protection mechanisms is the timeliness of the detection, because the sooner a threat is identified, the faster proper countermeasures can be put in place so as to confine any damage. Within this context, the contributions reported in this thesis are threefold * As a case study to show how collaboration can enhance the efficacy of security tools, we developed a novel algorithm for the detection of stealthy port scans, named R-SYN (Ranked SYN port scan detection). We implemented it in three distinct technologies, all of them integrated within an SR-compliant architecture that allows for collaboration through information sharing: (i) in a centralized Complex Event Processing (CEP) engine (Esper), (ii) in a framework for distributed event processing (Storm) and (iii) in Agilis, a novel platform for batch-oriented processing which leverages the Hadoop framework and a RAM-based storage for fast data access. Regardless of the employed technology, all the evaluations have shown that increasing the number of participants (that is, increasing the amount of input data at disposal), allows to improve the detection accuracy. The experiments made clear that a distributed approach allows for lower detection latency and for keeping up with higher input throughput, compared with a centralized one. * Distributing the computation over a set of physical nodes introduces the issue of improving the way available resources are assigned to the elaboration tasks to execute, with the aim of minimizing the time the computation takes to complete. We investigated this aspect in Storm by developing two distinct scheduling algorithms, both aimed at decreasing the average elaboration time of the single input event by decreasing the inter-node traffic. Experimental evaluations showed that these two algorithms can improve the performance up to 30%. * Computations in online processing platforms (like Esper and Storm) are run continuously, and the need of refining running computations or adding new computations, together with the need to cope with the variability of the input, requires the possibility to adapt the resource allocation at runtime, which entails a set of additional problems. Among them, the most relevant concern how to cope with incoming data and processing state while the topology is being reconfigured, and the issue of temporary reduced performance. At this aim, we also explored the alternative approach of running the computation periodically on batches of input data: although it involves a performance penalty on the elaboration latency, it allows to eliminate the great complexity of dynamic reconfigurations. We chose Hadoop as batch-oriented processing framework and we developed some strategies specific for dealing with computations based on time windows, which are very likely to be used for pattern recognition purposes, like in the case of intrusion detection. Our evaluations provided a comparison of these strategies and made evident the kind of performance that this approach can provide

A Modified Anonymisation Algorithm Towards Reducing Information Loss.

The growth of various technologies in the modern digital world results in the col- lection and storage of huge amounts of individual\u27s data. In addition of providing direct services delivery, this data can be used for other non-direct activities known as secondary use. This includes activities such as doing research, analysis, quality and safety measurement, public health, and marketing

On security, once more. Assorted inquiries in aviation

My dissertation seeks to establish a nuanced understanding of security through an empirical account based on research in the field of aviation security. The core of the dissertation consists of 6 articles (published, accepted for publication, or under review) that deal with distinct technologies, knowledges, and practices within aviation security. In detail, the articles are as follows: Leese M (2013) Blurring the Dimensions of Privacy? Law Enforcement and Trusted Traveler Programs. Computer Law & Security Review 29(5): 480-490; Leese M (2014) The New Profiling: Algorithms, Black Boxes, and the Failure of Anti-discriminatory Safeguards in the European Union. Security Dialogue 45(5): 494-511; Leese M (2015) Privacy and Security - On the Evolution of a European Conflict. In Gutwirth S, Leenes R & De Hert P (eds.) Re-forming European Data Protection Law. Dordrecht/Heidelberg/New York/London: Springer, 271-292; Leese M (2015) Body Scanners in Germany: A Case of Failed Securitization. European Journal of Internal Security (forthcoming); Leese M and Koenigseder A (2015) Humor at the Airport? Visualization, Exposure, and Laughter in the “War on Terror”. International Political Sociology (forthcoming); Leese M (under review) Governing airport security: an empirical account between economic rationality and the public good. Criminology & Criminal Justice. These empirical pieces are embedded in a theoretical framework that offers multiple perspectives on security, including security as value, security as transformation, security as securitization, security as future, security as government, security as surveillance, security as technology, security as economy, security as assemblage, and security as normativity. The applied perspectives are arguably linked, leading in their subsequent order to a ‘complication’ of security that in the end culminates in the call for an understanding of security as a normatively charged field that – especially when considering its potentially detrimental impacts on human rights and civil liberties – should be pried away from the notion of threat and exceptionalism and instead be re-politicized