Big data analytics: a predictive analysis applied to cybersecurity in a financial organization

Project Work presented as partial requirement for obtaining the Master’s degree in Information Management, with a specialization in Knowledge Management and Business IntelligenceWith the generalization of the internet access, cyber attacks have registered an alarming growth in frequency and severity of damages, along with the awareness of organizations with heavy investments in cybersecurity, such as in the financial sector. This work is focused on an organization’s financial service that operates on the international markets in the payment systems industry. The objective was to develop a predictive framework solution responsible for threat detection to support the security team to open investigations on intrusive server requests, over the exponentially growing log events collected by the SIEM from the Apache Web Servers for the financial service. A Big Data framework, using Hadoop and Spark, was developed to perform classification tasks over the financial service requests, using Neural Networks, Logistic Regression, SVM, and Random Forests algorithms, while handling the training of the imbalance dataset through BEV. The main conclusions over the analysis conducted, registered the best scoring performances for the Random Forests classifier using all the preprocessed features available. Using the all the available worker nodes with a balanced configuration of the Spark executors, the most performant elapsed times for loading and preprocessing of the data were achieved using the column-oriented ORC with native format, while the row-oriented CSV format performed the best for the training of the classifiers.Com a generalização do acesso à internet, os ciberataques registaram um crescimento alarmante em frequência e severidade de danos causados, a par da consciencialização das organizações, com elevados investimentos em cibersegurança, como no setor financeiro. Este trabalho focou-se no serviço financeiro de uma organização que opera nos mercados internacionais da indústria de sistemas de pagamento. O objetivo consistiu no desenvolvimento uma solução preditiva responsável pela detecção de ameaças, por forma a dar suporte à equipa de segurança na abertura de investigações sobre pedidos intrusivos no servidor, relativamente aos exponencialmente crescentes eventos de log coletados pelo SIEM, referentes aos Apache Web Servers, para o serviço financeiro. Uma solução de Big Data, usando Hadoop e Spark, foi desenvolvida com o objectivo de executar tarefas de classificação sobre os pedidos do serviço financeiros, usando os algoritmos Neural Networks, Logistic Regression, SVM e Random Forests, solucionando os problemas associados ao treino de um dataset desequilibrado através de BEV. As principais conclusões sobre as análises realizadas registaram os melhores resultados de classificação usando o algoritmo Random Forests com todas as variáveis pré-processadas disponíveis. Usando todos os nós do cluster e uma configuração balanceada dos executores do Spark, os melhores tempos para carregar e pré-processar os dados foram obtidos usando o formato colunar ORC nativo, enquanto o formato CSV, orientado a linhas, apresentou os melhores tempos para o treino dos classificadores

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions

Erasure

How does erasure execute knowledge production? The following is a tour through a collection of erasure that provides a glimpse into the many directions that this question may take us, through the lens of a series of artistic interventions, academic research, experiments and artefacts. I present these items from a collector’s point of view. For achieving completion of this collection of erasures would be, in the words of Jean Baudrillard, like death. That is to say that the desire to complete the series, to achieve the perfection of its imaginary ending, is that which creates the elusive object of desire. As such, in the same way that a collection can always extend itself laterally, or spark a new one ([1968] 1996, 113), I am presenting it as an object of desire, fuelled by the impetus of neoliberal growth, which can never be complete and will forever expand into new meanings of execution, always towards the elusive erasure of death

Shrimping under working conditions

We propose that mutated forms of death are emerging with neoliberalism’s biopolitical financialisation of life. Thinking of such forms as commercial extinction and social death, how do we begin to frame these outside of a quantified rhetoric of surplus? These questions aim to provoke a discussion about these terms that can be interpreted as modes of exhaustion, while maintaining particular biological, social or economic conditions of life. When we are confronted with capitalism’s failure to fulfil resource exhaustion, a model of conservation by dispossession1 might emerge within what Rosi Braidotti calls “new and subtler degrees of death and extinction” (2013, 115). In this text we want to think with other conditions of death and extinction that can help to move beyond the missing item of an inventory, a carved rock along a fossil road or a set of pre-emptive actions to be executed beyond a certain threshold. Thus, we ask if there could be figures, which rather than narrating death as a biological or geological concept, open it up to other equally violent forces that are nevertheless materially situated. More importantly, will we ever be able to think of extinction beyond ideas of absence or frame death from social or economic realms as an emerging mode of living? In order to address many of these questions we dissect a critical example of extinction, that of the brown shrimp (Crangon crangon) as it flips between commercial (albeit not yet biotic) death in the ex-fishing grounds of the South East corner of the UK, and the social death embedded in the labour-power of the ex-processing factories of the Special Economic Zones of Tangier and Tetuan in Morocco

Towards more Effective Censorship Resistance Systems

Internet censorship resistance systems (CRSs) have so far been designed in an ad-hoc manner. The fundamentals are unclear and the foundations are shaky. Censors are, more and more, able to take advantage of this situation. Future censorship resistance systems ought to be built from strong theoretical underpinnings and be based on empirical evidence. Our approach is based on systematizing the CRS field and its players. Informed by this systematization we develop frameworks that have broad scope, from which we gain general insight as well as answers to specific questions. We develop theoretical and simulation-based analysis tools 1) for learning how to manipulate censor behavior using game-theoretic tactics, 2) for learning about CRS-client activity levels on CRS networks, and finally 3) for evaluating security parameters in CRS designs. We learn that there are gaps in the CRS designer's arsenal: certain censor attacks go unmitigated and the dynamics of the censorship arms race are not modeled. Our game-theoretic analysis highlights how managing the base rate of CRS traffic can cause stable equilibriums where the censor allows some amount of CRS communication to occur. We design and deploy a privacy-preserving data gathering tool, and use it to collect statistics to help answer questions about the prevalence of CRS-related traffic in actual CRS communication networks. Finally, our security evaluation of a popular CRS exposes suboptimal settings, which have since been optimized according to our recommendations. All of these contributions help support the thesis that more formal and empirically driven CRS designs can have better outcomes than the current state of the art

Data Browser 06: Executing Practices

This collection brings together artists, curators, programmers, theorists and heavy internet browsers whose practices make critical intervention into the broad concept of execution. It draws attention to their political strategies, asking: who and what is involved with those practices, and for whom or what are these practices performed, and how? From the contestable politics of emoji modifier mechanisms and micro-temporalities of computational processes to genomic exploitation and the curating of digital content, the chapters account for gendered, racialised, spatial, violent, erotic, artistic and other embedded forms of execution. Together they highlight a range of ways in which execution emerges and how it participates within networked forms of liveliness

A Novel User Oriented Network Forensic Analysis Tool

In the event of a cybercrime, it is necessary to examine the suspect’s digital device(s) in a forensic fashion so that the culprit can be presented in court along with the extracted evidence(s). But, factors such as existence and availability of anti-forensic tools/techniques and increasing replacement of hard disk drives with solid state disks have the ability to eradicate critical evidences and/or ruin their integrity. Therefore, having an alternative source of evidence with a lesser chance of being tampered with can be beneficial for the investigation. The organisational network traffic can fit into this role as it is an independent source of evidence and will contain a copy of all online user activities. Limitations of prevailing network traffic analysis techniques – packet based and flow based – are reflected as certain challenges in the investigation. The enormous volume and increasing encrypted nature of traffic, the dynamic nature of IP addresses of users’ devices, and the difficulty in extracting meaningful information from raw traffic are among those challenges. Furthermore, current network forensic tools, unlike the sophisticated computer forensic tools, are limited in their capability to exhibit functionalities such as collaborative working, visualisation, reporting and extracting meaningful user-level information. These factors increase the complexity of the analysis, and the time and effort required from the investigator. The research goal was set to design a system that can assist in the investigation by minimising the effects of the aforementioned challenges, thereby reducing the cognitive load on the investigator, which, the researcher thinks, can take the investigator one step closer to the culprit. The novelty of this system comes from a newly proposed interaction based analysis approach, which will extract online user activities from raw network metadata. Practicality of the novel interaction-based approach was tested by designing an experimental methodology, which involved an initial phase of the researcher looking to identify unique signatures for activities performed on popular Internet applications (BBC, Dropbox, Facebook, Hotmail, Google Docs, Google Search, Skype, Twitter, Wikipedia, and YouTube) from the researcher’s own network metadata. With signatures obtained, the project moved towards the second phase of the experiment in which a much larger dataset (network traffic collected from 27 users for over 2 months) was analysed. Results showed that it is possible to extract unique signature of online user activities from raw network metadata. However, due to the complexities of the applications, signatures were not found for some activities. The interaction-based approach was able to reduce the data volume by eliminating the noise (machine to machine communication packets) and to find a way around the encryption issue by using only the network metadata. A set of system requirements were generated, based on which a web based, client-server architecture for the proposed system (i.e. the User-Oriented Network Forensic Analysis Tool) was designed. The system functions in a case management premise while minimising the challenges that were identified earlier. The system architecture led to the development of a functional prototype. An evaluation of the system by academic experts from the field acted as a feedback mechanism. While the evaluators were satisfied with the system’s capability to assist in the investigation and meet the requirements, drawbacks such as inability to analyse real-time traffic and meeting the HCI standards were pointed out. The future work of the project will involve automated signature extraction, real-time processing and facilitation of integrated visualisation

A critical reflection on the construction of the cyberterrorist threat in the United Kingdom of Great Britain and Northern Ireland

Cyberterrorism has not occurred. Furthermore, the definitional parameters of cyberterrorism have not been conclusively defined by either policymakers or academia. However, in 2010 the threat posed by the terrorist application of cyber weaponry to target British critical national infrastructure became a 'Tier One' threat to the UK. This thesis is the first comprehensive mapping and analysis of the official British construction of the threat of cyberterrorism between 12th May 2010 and 24th June 2016. By using interpretive discourse analysis, this thesis identifies 'strands' from a comprehensive corpus of policy documents, statements and speeches from Ministers, MPs and Peers. This thesis examines how the threat of cyberterrorism was constructed in the UK, and what this securitisation has made possible. In addition, this thesis makes novel contributions to the Copenhagen School's 'securitisation theory' framework. Accordingly: this thesis outlines the framework for a 'tiered', rather than monolithic audience; refines the 'temporal' and 'spatial' conditioning of securitisation with reference to the unique characteristics of cyberterrorism; and lastly, details the way in which popular fiction can be ascribed agency in securitising moves to 'fill in' a lack of case studies threat with gripping vicarious fictional narratives. It is identified that the 2010 British Coalition Government's classification of cyberterrorism as a 'Tier One' threat created central strand upon which discursive securitisation was established. Despite the absence of a 'cyberterrorist' incident across period under scrutiny, the securitisation did not recede. The threat posed by cyberterrorism was articulated partially within a 'New Terrorism' frame, and it was deemed by Ministers, MPs Lords to be a threat that was likely to escalate in both severity and possibility over time. A notable finding is the positioning of securitisation against a particular 'cyberterrorist' identity epitomised by social actors using cyberspace, rather than the tangible environments or cyberspace

Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida