Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Slides:

Advertisements

Similar presentations

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Advertisements

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

“High Performing Financial Institutions and the Keys to Success in an Uncertain Environment”

The Relationship between Nuclear Safety, Security and Safeguards

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Introduction to Research Methodology

Process Improvement.

Security Controls – What Works

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 28 Slide 1 Process Improvement.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 28 Slide 1 Process Improvement.

1/22 Project Management The Variables For Success.

By: Ashwin Vignesh Madhu

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Computer Security: Principles and Practice

The 10 Deadly Sins of Information Security Management

Control environment and control activities. Day II Session III and IV.

The big Data security Analytics Era Is Here Reporter ： Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU

Introduction to Systems Analysis and Design Trisha Cummings.

Decision Making Last Update Copyright Kenneth M. Chipps Ph.D

A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,

Chapter 1 Introduction to Simulation

11 Canal Center Plaza, Alexandria, VA T F Enterprise Computing Conference (ECC) Workshop Alma R. Cole,

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

Dart: A Meta-Level Object-Oriented Framework for Task-Specific Behavior Modeling by Domain Experts R. Razavi et al..OOPSLA Workshop DSML‘ Dart:

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 25 Slide 1 Process Improvement l Understanding, Modelling and Improving the Software Process.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Chapter 5: Implementing Intrusion Prevention

Information Security What is Information Security?

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.

Copyright 2003 – Cedar Enterprise Solutions, Inc. All rights reserved. Business Process Redesign & Innovation University of Maryland, University College.

1 9/14/2010 Cloud Network Defense Tom Byrnes Founder & CEO x4242 Cloud Network Defense.

Improving Software Testing by Observing Process -Ossi Taipale -Kari Smolander Lappeenranta University of Technology, Finland Presented by Albert Saryan.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Organisation Development(OD)

MANAGEMENT INFORMATION SYSTEMS (MIS) AND OTHER INFORMATION SYSTEMS.

Australian Department of Defence’s Transition to IPv6. Air Commodore David Richards Director General Information Policy and Plans.

Role Of Network IDS in Network Perimeter Defense.

Six Steps To Problem Solving A simple systematic approach to problems and issues faced by students By MK NKWANE g15N7271 TUESDAY GROUP.

The road less travelled-a reflection on the use of narrative inquiry in nursing N.Radana – Postgraduate candidate C. Engelbrecht- School of Nursing.

INFORMATION AND PROGRESS An analysis of what is happening in the Caribbean with information, decision- making and progress in Education.

1 Current Trends in Enterprise IT Network Security Key Takeaways Based on 100 Survey Responses © 2016 Lumeta Corporation.

1 Software Engineering Muhammad Fahad Khan Software Engineering Muhammad Fahad Khan University Of Engineering.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

 A consciously coordinated social unit composed of people having resources at their command functioning on a continuous basis to achieve common goal.

Introduction To Modeling and Simulation 1. A simulation: A simulation is the imitation of the operation of real-world process or system over time. A Representation.

AUTONOMIC COMPUTING B.Akhila Priya 06211A0504. Present-day IT environments are complex, heterogeneous in terms of software and hardware from multiple.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

By: Surapheal Belay ITEC 6322 / Spring ABSTRACT NIST , guide to intrusion detection and prevention systems (IDPS), discusses four types of.

Some Great Open Source Intrusion Detection Systems (IDSs)

Security Methods and Practice CET4884

Proactive Incident Response

Chapter 25 Process Improvement.

Trends in my profession, Information Technology

INFORMATION AND PROGRESS

Making Information Security Manageable with GRC

Making Information Security Actionable with GRC

PROACTIVE SNOOPING ANALYSIS

Jigar.B.Katariya (08291A0531) E.Mahesh (08291A0542)

ORGAnisational resilience analysis introduction

Protect Your Ecommerce Site From Hacking and Fraud

Maintaining order and safety in a city is no small task

Overview UA has formed is forming a Security Operations Center (SOC) with Students supporting Tier 1 Activities. The SOC provides benefits to the University.

Cyber Security in a Risk Management Framework

Security intelligence: solving the puzzle for actionable insight

OPIsrael And The Value Of Next Generation SOCs

Presentation transcript:

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1

Big Data in Cyber Network Defence:  Cyber network defence (CND) is a set of processes & protective measures that use computer networks to detect, monitor, protect, analyse and defend against network infiltrations resulting in service/network denial, degradation and disruptions. It enables a government or military organization to defend and retaliate against network attacks perpetrated by malicious computer systems or networks.  Big data analytics can solve security issues faced by companies and government, according to 61 percent of respondents. However, only 35 percent say they have solutions in place that are the same or comparable to big data analytics for cyber defense. 2

Introduction:  The computer Network Defence analysts always have the data more than they can handle.  The raw data cannot fit in the long-term memory of the analysts and hence the use of artifacts is necessary like spread-sheets which are still used to handle log entries from computers.  The analysts cognitive artifacts are more capable of accessing, correlating and presenting the data which depend on the list of events and actors.  These artifacts provide the representation that reduce the size and complexity of the data which human cognition can handle.  The analyst's concept of understanding called the " Analyst's mental models" are defined by the tools they use. 3

Attributes that effect the relationship between analysts and the data:  Decisions must be made in Real time or near real-time.  The domain is non-physical and almost all thinking is about abstractions.  Information requirements and sensor development are driven by external actors such as their capabilities, tactics, and strategies which leads to a cycle of growth in data size which allows:  New threat capabilities and strategies  Unique defensive strategy  More diverse sensors with faster and diverse data  More complex technology to handle new and bigger data  New threat capabilities in response 4

Analysis for Cyber Defence:  An analysis is conducted in which six analysts representing different organizations are considered.  The common Big Data dimensions such as volume, velocity and variety are considered.  From the analysis, they found that the analysts think more on the challenging themes than on the data dimensions which clearly tells us how the analysts think on the challenging themes rather than domain. 5

Challenging Themes and Attributes: The workshop conducted on the Human-Centred Big Data Research gave us a clear idea of the challenge themes and their attributes. CND analysts’ goal is to make sense of what is happening in their network in its normal states and as affected by threat activities.  Automation Dealing with this variety (as well as data volume and velocity) has required automation of increased complexity and span of action.  Tools This evolution of automation brings with it the potential for changes in analysts’ roles and for operational errors that have been observed in using automation in other domains. Careful design of analysts’ tools can help to prevent such errors 6

 Archiving: The data challenges when considered, most of the analysts had an initial thought about archiving. Different kinds of data and metadata are archived for different lengths of time. The organizations set archiving policies for different data types.  Monitoring Alerts: Monitoring tasks are usually based on the alerts generated by the monitoring tools. Increase in the data increases the possibility of the risks and the judgements are taken by the analysts. The analysts use their experience to make decisions on the alerts generated by the changes in data volume and velocity. 7

 Pace of work : The flow of data purely depends on the organization. According to the analysts, pace of the data depends on the organization but not the data. Organizations respond to increased variety by increasing the staff, changing priorities and adopting new tools. In response to increased volume, organizations often deprioritized certain types of attacks and devote less time to open-ended exploration of the data.  Increasing Coordination Costs : For monitoring alerts, we need to recruit more analysts and put them to work for monitoring the traffic. 8

Expanding the Organization includes increase in the levels of management, training costs and co-ordination costs between the analysts. The standardise notations and the procedures are increased by the coordination which is lacking in cyber-defence.  Future Work : Different experiments should be conducted which explore the analyst's Mental Models and also solutions to the problems in the Computer Network defence. 9

Good and Bad about this paper:  Few Analysts were interviewed in the paper and found out the challenges that an organization would face when there is a huge volume of data.  The tools and automation is discussed that could find and alerts any miscellaneous activity in the data.  The policies that an organization should setup to archive and monitor are discussed.  The data that purely depends on the organization and to control the data traffic effective measures should be taken such as expanding the organization.  Though analysed, the paper didn't talk about the parameters to be considered to implement the remedy measures.  As per my observation, there was no sufficient data to come to conclusion. Thank you! 10