Emerging trends around big data analytics and security: panel

This panel will discuss the interplay between key emerging security trends centered around big data analytics and security. With the explosion of big data and advent of cloud computing, data analytics has not only become prevalent but also a critical business need. Internet applications today consume vast amounts of data collected from heterogeneous big data repositories and provide meaningful insights from it. These include applications for business forecasting, investment and finance, healthcare and well-being, science and hi-tech, to name a few. Security and operational intelligence is one of the critical areas where big data analytics is expected to play a crucial role. Security analytics in a big data environment presents a unique set of challenges, not properly addressed by the existing security incident and event monitoring (or SIEM) systems that typically work with a limited set of traditional data sources (firewall, IDS, etc.) in an enterprise network. A big data environment presents both a great opportunity and a challenge due to the explosion and heterogeneity of the potential data sources that extend the boundary of analytics to social networks, real time streams and other forms of highly contextual data that is characterized by high volume and speed. In addition to meeting infrastructure challenges, there remain additional unaddressed issues, including but not limited to development of self-evolving threat ontologies, integrated network and application layer analytics, and detection of low and slow attacks. At the same time, security analytics requires a high degree of data assurance, where assurance implies that the data be trustworthy as well as managed in a privacy preserving manner. Our panelists represent individuals from industry, academia, and government who are at the forefront of big data security analytics. They will provide insights into these unique challenges, survey the emerging trends, and lay out a vision for future

DIDS (Distributed Intrusion Detection System) - Motivation, Architecture, and An Early Prototype

Intrusion detection is the problem of identifying unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. The proliferation of heterogeneous computer networks provides additional implications for the intrusion detection problem. Namely, the increased connectivity of computer systems gives greater access to outsiders, and makes it easier for intruders to avoid detection. IDS's are based on the belief that an intruder's behavior will be noticeably different from that of a legitimate user. We are designing and implementing a prototype Distributed Intrusion Detection System (DIDS) that combines distributed monitoring and data reduction (through individual host and LAN monitors) with centralized data analysis (through the DIDS director) to monitor a heterogeneous network of computers. This approach is unique among current IDS's. A main problem considered in this paper is the Network -user Identification problem, which is concerned ..