Data Analytics Assignment: New Domains of Cyber Security
Question
Task:There are new and exciting developments that are taking place in the Business Intelligence literature that is constantly shaping the use and implementation of Business Intelligence and Data warehousing tools and applications in organizations. The primary objective of this research project is to provide a forum for students to investigate the practice, approaches and understanding of business intelligence as it is being applied in the real world to realize organizational objectives. Some of the potential research questions include:
- How can data analytics provide business value to organisations?
- How do cultural and organisational issues impact the data analytics?
- What is the impact of data analytics in novel and interesting domains such sports, healthcare and cybersecurity? (Students are expected to choose only one domain)
Answer
Introduction
The use of data and information has increased for the business organization and users. The advancements have technology has brought up various tools, equipment, and networks which are used to store and transmit these data sets from the source to the destination. The involvement of so many tools, users, and network access points has led to the increase in the frequency of cybersecurity risks and attacks. These security events have emerged as a primary cause of concern for the business firms and the users. There are various methods that have been developed to avoid, mitigate, and control these security attacks.
The use of data and information has increased for the business organization and users. The advancements have technology has brought up various tools, equipment, and networks which are used to store and transmit these data sets from the source to the destination. The involvement of so many tools, users, and network access points has led to the increase in the frequency of cybersecurity risks and attacks. These security events have emerged as a primary cause of concern for the business firms and the users. There are various methods that have been developed to avoid, mitigate, and control these security attacks.
Research Methodology
The use of exploratory technique in this data analytics assignment has been done to determine the impact of data analytics in Cybersecurity. A literature review has been carried out along with the collection of the information sets using the techniques as domain analysis, observations, surveys, and interviews. The information sets gathered are then analysed to understand the impact and role of data analytics in the area of cybersecurity.
Aim of the Research
The aim of this data analytics assignment is to bring out the role and impact of data analytics and its associated concepts in the field of cybersecurity.
Impact of Data Analytics in Cybersecurity
Prevention & Detection of Network-based Attacks
Cybersecurity attacks appear with the aid of numerous threat agents. Networks are the primary agents of the threats that are involved behind the cybersecurity attacks. Some of the network-based attacks that are carried out by the malevolent entities are Denial of Service (DoS), Distributed Denial of Service (DDoS), Eavesdropping attacks, Man in the Middle Attacks, and many more. The cases of data breach, data leakage, and data manipulation also occur with the use of the networks.
There are various access points that are involved in the cyber applications and services. The primary need for network administrators is to assess all the access points involved. The use of Big Data analytics and Software-Defined Networking (SDN)-based controllers can provide the network administrators with the capability to detect more threats by analysing all of the access points involved in the network. For instance, the healthcare centres and hospitals now make use of computing tools and technologies which has exposed the healthcare information to cybersecurity attacks (Bajpai & Arya, 2018). However, these centres and hospitals are utilizing the behaviour analysis software so that the healthcare information is protected from the security attacks that are given shape by the internal employees. Abnormal network behaviour is detected with the use of the analytics tools so that the alterations can be easily caught.
It is necessary that administrative checks and controls are also in place to prevent the cybersecurity threats and attacks. Big Data Analytics on the network connections allow the network administrators to predefine the policies and controller actions so that the maintenance workplace is minimized and the secure network activities can be carried out. Pre-set rules are applied for importing the suspicious network traffic to the security centre and eliminate the same (Leenen & Meyer, 2016).
Data analytics in cybersecurity has also provided the ability to process massive clusters of the data sets to give out real-time results. There are huge sets of data at rest and in transition at a particular instance of time. For example, a banking firm runs various batch jobs at particular hours of the day to process the account statements of the users and share the information on their mail ids. These large data sets are processed by the big analytics tools in a few seconds to determine any of the security deviations. The occurrences of data breaches and leakage are avoided as a result.
The business organizations are now required to follow an agile approach to deal with the cybersecurity attacks. The enterprises must have an agile switch that provides support to the next generation firewall service board. It is required that data analytics is followed and implemented with the intrusion detection and prevention systems along with the anti-denial tools. It is necessary to deploy an aggregation switch at the aggregation layer so that the security events and threats are analysed. The flooding attacks, such as DoS, DDoS, and SYN Flood attacks increase the network traffic being transmitted on the agile switch ports at the aggregation layer. The behaviour analysis module implemented in the network controller has certain predefined rules for importing the suspicious traffic. The instance wherein the traffic volume reaches a threshold, an alert is sent to the controller (Yu, 2017). Policy-based Routing (PBR) of the network traffic is forwarded to the aggregation switch which imports the suspicious traffic to the security centre. The DDoS traffic is then cleaned up and is sent back to the aggregation switch. This leads to the prevention of the attack to spread to other parts of the network. Drop policy is also configured to prevent the network attacks using data analytics and control. Once the data analytics tool identifies the underlying patterns involved in the security attacks, the configuration may be made to send alerts to the network and system administrators first. The potential breaches of the data sets may be avoided as a result. There are scenarios wherein the pre-set rules and configurations may not be correctly implemented. In such a case, network operations may be interrupted. The automation of the entire process may be done with the use of data analytics tools and processes. The network administrators can use automation to enhance the efficiency levels and bring down the IT costs. There are newer mechanisms being launched coupled with data analytics that can further enhance the network management and the automation of the networking services.
Architectural Tactics for Data Analytics in Cybersecurity
There is various quality attributes associated with the information properties associated with the data and information sets.
Architectural Tactics for Cybersecurity Data Analytics (Ullah & Babar, 2018)
The use of data analytics in cybersecurity has had a positive implication on the network and information property as performance. There are different techniques described in this data analytics assignment that are included as a part of data analytics that has allowed enhancement of performance.
ML Algorithm Optimization: Machine Learning (ML) is a technology that is used by the enterprises for carrying out various business operations and activities. The use of data analytics and Machine Learning is also done for detecting the security events. The primary objective of this technique is to bring out the role of algorithms in the improvement of the system performance provide recommendations on the most efficient algorithm for achieving enhanced levels of efficiency. There are supervised and unsupervised learning algorithms that are used with data analytics and machine learning to prevent and detect the security events. The security analytics system that is followed comprises of a data collection system as the first step followed by the training phase. Once the model is trained it is then tested to determine whether the model can be used for detecting the security attacks. Visualization model is then used to bring out the results of analytics of the model to the users. Some of the analytics tools under this technique are spark-based IDS framework, ultra-high speed framework, and cloud-based threat detector (Mahmood & Afzal, 2013).
Unnecessary Data Removal: Unnecessary data removal is another tactic that is used for security data analytics and detecting the threats. There is a lot of unnecessary data that is required to be removed from the datasets associated with the security events and these are processed by the data analytics module for timely detection of the cybersecurity attacks. There are data sets in the security event data that play no role in the threat detection. These data sets are termed as unnecessary data sets. These data sets are removed which bring down the processing time. There are varied data sources that are used to collect the data sets. The unnecessary data is then identified. For instance, network sniffer captures zero-byte data which is not relevant in the threat detection process (Haldorai & Ramu, 2018). Such data sets are removed under this category to enhance the security data analytics efficiency.
Feature Selection & Extraction: There are various features and properties of the data sets that are involved in the security events data analytics. The most relevant features are selected and extracted in this tactic for enhanced threat detection. Distributed data storage and processing is involved in the technique for analysing the security threats and attacks. Cloud-based threat detector is an example of this tactic to prevent the DDoS and cyber port attacks. The data size in this case is reduced from over 200 GB to 50 GB which makes it easier to detect the attacks. Quasi real-time IDS are other examples of data analytics that is applied in the field of cybersecurity.
Parallel Processing: It is a technique in which the data sets are parallel processed to improve the response time of the system. In the large business enterprises, such as HP, there are several security events that occur in a single day. HP reported one trillion security events in a day in the year 2013 which has grown further in a period of five years. The use of standalone systems and processes will take up a lot of time to detect the threats and attacks. Dynamic load balancing and parallel processing is simultaneously carried out for the detection of the cyberattacks (Shi, Shen, Nie, Kou & Yu, 2018).
Result Polling & Optimized Notification: MapReduce is a framework that is used in the distributed setup. The technique is used to optimize the delay that is involved in the feeding of the results from the mapper nodes to the reducer nodes. The data sets that are collected are transferred to a distributed data processing module for processing. User guided poll and notify is a variation that is involved in the technique.
Data Cut-off: The size of the dataset for security analysis is reduced with the aid of this technique. It is tactic that is identified from Forensic Analyser and a cut-off limit is applied on the selection and storage of the data sets. Forensic analyser is an example of this technique which is used to detect and prevent the phishing attacks on the network traffic. For example, the data sets collected in a period of one month are 20 TB. With the application of data cut-off technique, a limit is set up to select only the first 15 KB of the data sets. It leads to the reduction of the data size from 20 TB to 1 TB.
The use of data analytics in cybersecurity has had a positive implication on the network and information property as accuracy. There are different techniques that are included as a part of data analytics that has allowed enhancement of accuracy.
Alert Correlation: There are several alerts that are generated in response to the security events. These include the combination of relevant and irrelevant alerts. There are individual alerts that are produced by the security systems. The logical relationship between the alerts is verified by the tactic to enhance the accuracy of the security data analytics. There are different security tools that are used for the prevention and detection of security threats and attacks, such as intrusion-based detection systems, network sniffers, network scanners, and many more. These tools generate irrelevant alerts which are analysed and discarded by this tactic. Alert analysis, verification, and correlation are the primary procedures carried out (Singh & Reddy, 2014).
Combination of Signature-based and Anomaly-based Detection: Hybrid intrusion detection methods are supported by the data analytics tools for advanced detection of the threats and attacks. There may be certain attacks that may not be detected in the signature-based intrusion detection systems which are forwarded to the anomaly-based intrusion detection methods. There are machine learning algorithms that are also involved to enhance the accuracy of data analysis.
Attack Detection Algorithm Selection : It is expected in this data analytics assignment that the cybersecurity data analytics tools that are deployed to not generate false alerts and are accurate enough to provide correct results at all times. Support Vector Machines, Random Forest, Artificial Neural Networks, etc. are some of the machine learning algorithms that assist in the accurate selection of the attack detection algorithm.
Combining Multiple Detection Methods: Single detection mechanism cannot be sufficient to put a check on the cybersecurity attacks. The data analysis tools have provided the network administrators to combine more than one detection methods for enhanced security of the process. The method also depends upon the Parallel Processing tactic for enhanced detection of the attacks.
The use of data analytics in cybersecurity has had a positive implication on the network and information property as scalability. There are different techniques that are included as a part of data analytics that has allowed enhancement of scalability.
Dynamic Load Balancing: Dynamic load balancing and parallel processing are simultaneously carried out for the detection of the cyberattacks. The technique allows the system to scale well without the need of adding any further resources. There are cluster of computing nodes that are involved in the cybersecurity applications. With the increase in the speed of data input, it is essential that the load on the nodes is balanced. It must be made sure that the scenario wherein one node is under extreme load and the other is under-utilized shall be avoided (Suguna & Barani, 2015).
Map Reduce: Map Reduce is a framework that is used in the distributed setup. The technique is used to optimize the delay that is involved in the feeding of the results from the mapper nodes to the reducer nodes. The data sets that are collected are transferred to a distributed data processing module for processing. The use of the tactic ensures that the system and the associated nodes are scaled up or down which enhances the ability to prevent and detect the cybersecurity attacks (Maitrey & Jha, 2015).
The use of data analytics in cybersecurity has had a positive implication on the network and information property as reliability. There are different techniques that are included as a part of data analytics that has allowed enhancement of reliability.
Data Ingestion Monitoring: Malicious IP detection and signature-based threat detection are the techniques that make use of the data ingestion monitoring tactic for security data analytics. There are a huge number of data sources that are involved in the security event data gathering and analysis. There are scenarios wherein the speed of data collection does not match with the capacity of the computing servers. The situation of server crash may occur in such cases. Distributed data storage and analysis is involved in this tactic to enhance the reliability of cybersecurity data analysis.
Maintaining Multiple Copies : There are multiple data copies that are maintained by the Big Data analytics tool, such as Hadoop. Honeypot-based phishing detection and reliable traffic analysis are the two examples of the security data analysis that are involved under this technique. It can be consolidated with secure data transmission tactic to provide better results.
Dropped NetFlow Detection: Hybrid streams and Batch analysers are the techniques that make use of the tactic for threat analysis and detection. The security analytic systems that rely upon NetFlow data are required to effectively analyse and collect each NetFlow. There is use of probe nodes that is done to enhance the reliability of the entire process (Lee, 2014).
The use of data analytics in cybersecurity has had a positive implication on the network and information property as security. There are different techniques that are included as a part of data analytics that has allowed enhancement of security.
Secure Data Transmission: Public Key Infrastructure (PKI) techniques and cloud-based threat detectors are the techniques that make use of secure data transmission technique. Once the data sets are collected, they are passed to the PKI infrastructure and encryption algorithms. All the communications are enabled with the use of HTTPS protocol. Digital certificates are also used to encrypt the data sets. The data analytics tools have enabled the enhancement of security of the information sets and cyber applications.
The use of data analytics in cybersecurity has had a positive implication on the network and information property as usability. There are different techniques that are included as a part of data analytics that has allowed enhancement of usability.
Alert Ranking: There are various attacks that occur in the cybersecurity applications and information sets. It is necessary to deal with these attacks on the basis of their priority and severity levels such that the information sets are not impacted in any manner. The tactic is applied in the hunting attacks and the analytics of the data sets improves the usability of the data sets and applications.
Conclusion
Data analytics has had positive implications on the domain as cybersecurity. It is because the use of data analytics tools and techniques has allowed improved detection of the network-based attacks. There are various access points that are involved in the cyber applications and services. The primary need for network administrators is to assess all the access points involved. The use of Big Data analytics and Software-Defined Networking (SDN)-based controllers can provide the network administrators with the capability to detect more threats by analysing all of the access points involved in the network. It is observed in this data analytics assignment that use of data analytics in cybersecurity has had a positive implication on the network and information properties as performance, accuracy, reliability, security, usability, and scalability. There are different techniques in this data analytics assignment that are included as a part of data analytics that has allowed enhancement of these properties. Data analytics refers to automated quantitative and qualitative analysis of the data sets to determine the patterns, behaviour, and trends associated with the data. The patterns and trends that are recognized with the data analytics tools allow the organizations to set up the administrative and technical controls as per the results that are provided with the application of data analytics tools. Data analytics assignments are being prepared by our IT assignment help experts from top universities which let us to provide you a reliable assignment help service.
References
Bajpai, A., & Arya, A. (2018). Big Data Analytics in Cyber Security. International Journal Of Computer Sciences And Engineering, 6(7), 731-734. doi: 10.26438/ijcse/v6i7.731734
Haldorai, A., & Ramu, A. (2018). The Impact of Big Data Analytics and Challenges to Cyber Security. Handbook Of Research On Network Forensics And Analysis Techniques, 300-314. doi: 10.4018/978-1-5225-4100-4.ch016
Hussain, A., & Roy, A. (2016). The emerging era of Big Data Analytics. Big Data Analytics, 1(1). doi: 10.1186/s41044-016-0004-2
Lee, S. (2014). Netflow Based DDoS Attack Detection Using Time Series Analysis. The Journal Of Korean Institute Of Information Technology, 12(5). doi: 10.14801/kiitr.2014.12.5.115
Lee, S. (2014). Netflow Based DDoS Attack Detection Using Time Series Analysis. The Journal Of Korean Institute Of Information Technology, 12(5). doi: 10.14801/kiitr.2014.12.5.115
Mahmood, T., & Afzal, U. (2013). Security Analytics: Big Data Analytics for cybersecurity: A review of trends, techniques and tools. 2013 2Nd National Conference On Information Assurance (NCIA). doi: 10.1109/ncia.2013.6725337
Maitrey, S., & Jha, C. (2015). MapReduce: Simplified Data Analysis of Big Data. Procedia Computer Science, 57, 563-571. doi: 10.1016/j.procs.2015.07.392
Shi, M., Shen, D., Nie, T., Kou, Y., & Yu, G. (2018). HPPQ: A parallel package queries processing approach for large-scale data. Big Data Mining And Analytics, 1(2), 146-159. doi: 10.26599/bdma.2018.9020014
Singh, D., & Reddy, C. (2014). A survey on platforms for big data analytics. Journal Of Big Data, 2(1). doi: 10.1186/s40537-014-0008-6
Suguna, D., & Barani, R. (2015). Simulation of Dynamic Load Balancing Algorithms. Bonfring International Journal Of Software Engineering And Soft Computing, 5(1), 01-07. doi: 10.9756/bijsesc.8061
Ullah, F., & Babar, M. (2018). Architectural Tactics for Big Data Cybersecurity Analytic Systems: A Review. Retrieved from https://arxiv.org/ftp/arxiv/papers/1802/1802.03178.pdf
Yu, Y. (2017). Introduction: Special issue on computational intelligence methods for big data and information analytics. Big Data And Information Analytics, 2(1). doi: 10.3934/bdia.201701i