StudyMoose App
24/7 writing help on your phone
Save to my list
Remove from my list
Digital Security plays a critical part in the field of information technology. Securing the data has turned out to be one of the greatest difficulties in the present day. Though cyber security brings a lot of robustness to applications for any organization, increasing digital violations which are expanding enormously day by day is a growing threat. Organizations are taking numerous measures to do away with these digital crimes. Besides all these measures digital security is as yet a major worry to many organizations.
Botnets, distributed denial of service, hacking, malware, phishing, ransom ware are the most common threats. Besides this advanced persistent threats (APT) is a new level of cyber crimes. This paper briefly discusses the life cycle of big data analytics. This paper for the most part centers on how to deal with advanced persistent threats using some advanced big data analytical methods.
As we turn out to be more social in connected world, organizations must discover new approaches to secure individual data.
4.7 (657)
“ Really polite, and a great writer! Task done as described and better, responded to all my questions promptly too! ”
Social media assumes a colossal part in digital security and will contribute a great deal too individual digital threats. Internet based life reception among work force is soaring as is the risk of attacks. Since internet based life or social networking sites are relatively utilized by the vast majority of them consistently it has turn into a tremendous stage for the cyber hackers for hacking private data and taking valuable information. With advanced and persistent assaults and the basic actuality that each organization must ensure itself against all assortments of assaults while an assailant just needs one effective endeavor, associations must reexamine their digital security ideas.
They need to move past unadulterated counteractive action towards the PDR worldview: Prevent – Detect – Respond. This is where big data analytics comes to the rescue of organizations. Before jumping into the details of how big data analytics helps in advanced persistent threats, let’s briefly define what big data analytics and advanced persistent threat (APT) are.
Big Data is a term used to portray accumulation of colossal information and which is exponentially growing with time. Such information is ever growing and complex that none of the conventional database management tools can store it or process it effectively. With increase in usage of mobile apps, phones, flights, social media and what not everything generates a huge amount of data every day. The characteristics of big data include volume, variety, velocity, and variability. Along with the above three, structure of data, size of data and the rate of data flow are the important considerations to process big data. Some of the examples of big data include The New York Stock Exchange which generates about one terabyte of new trade data per day, social media such as Facebook, Twitter, Instagram, etc. Around 500 plus terabytes of data is generated by its usage every day. Jet engine airways generate around 10 plus TB of data in 30 minutes of a flight time (Guru99, 2018). Big data analytics is the analysis of that huge data generated in each organization. It is used to deal with the continuous increase in data. But what we need is actionable data but not more big data. Big data tells us what we did, what are we doing now, and what we will possibly do tomorrow. The ultimate goal of big data analytics is to help organizations create smarter insights and make better business decisions and prepare for the uncertain future.
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization (Rouse, 2010). Three stages of advanced persistent threat include network infiltration, expansion of attackers’ presence, and extraction of amassed information without being identified.
Endeavors are regularly invaded through the bargaining of one of three assault surfaces: web resources, network resources or authorized human users (incapsula, n.d.).This is proficient either through malignant exchanges or social building attacks perils looked by considerable affiliations constantly. Additionally, infiltrators may all the while execute a DDoS assault against their objective. This serves both as a smoke screen to divert arrange work force and as a means of weakening a security perimeter, making it easier to breach. When starting access has been accomplished, aggressors rapidly introduce an indirect access shell-malware that gifts network access and allows for remote, stealth operations. Secondary passages can likewise come as Trojans covered as genuine bits of programming.
After the toehold is built up, aggressors move to widen their essence inside the system. This includes climbing an association's pecking order, trading off staff individuals with access to the touchiest information (incapsula, n.d.). In doing as such, they're ready to assemble basic business data, including product offering data, representative information and budgetary records. Contingent upon a definitive assault objective, the collected information can be sold to a contending undertaking, modified to disrupt an organization's product offering or used to bring down a whole organization. If harm is the thought process, this stage is utilized to inconspicuously pick up control of different basic capacities and control them in a succession to cause most extreme harm. For instance, aggressors could erase whole databases inside an organization and after that disturb arrange interchanges to delay the recuperation procedure.
While an APT case is in progress, stolen data is normally put away in a safe area inside the system being attacked. When enough information has been gathered, the cheats need to separate it without being recognized (packagecloud, 2015). Normally, white noise tactics are utilized to divert your security group so the data can be moved out surreptitiously. This may appear as a DDoS assault, again tying up network work force and potentially debilitating site protections to encourage extraction. Titan Rain (2003), Sykipot Attacks (2006), GhostNet(2009), Stuxnet Worm (2010), Deep Panda (2015), South Korean (SK) Communications (2011) are some of the organizations affected by APTs. Let’s discuss how the breach at SK Communications happened and how big data analytics helped in detecting it.
Breach took place in July, 2011. Hackers gained access to 35 million Nate and CyWorld social network users. Hackers first targeted a third party software service provider before gaining access to SK resources Attack was from Chinese IP addresses Attack was conducted when SK reached out for a routine checkup. Hackers used “nateon.exe” malware which launched remote access tool (RAT) to acquire the data (Tung, 2011). Now that the problem is discovered and the problem statement has been made that APT threats have been so common. Unlike any other cyber attacks, advanced persistent threat is a little different in a sense that a lot of human intervention exists. APT is a long continuous process spanning across months that slowly infects the actual target by taking over the other stakeholder systems associated with it by evading all the basic detection systems like IDS software, antivirus etc. The attack spanned across months and a lot of data had been accumulated which became overhead for the organization to detect with their existing infrastructure. The major challenges in today’s market with existing infrastructure are huge volume of data and scalability. This is where big data analytics come to rescue.
Any APT involves multiple server machines, multiple channels, multiple networks, and multiple operating systems. In order to detect the attack requires a managed collection of data from all involving data sources across parties involved. Big data analytics support the consolidation and correlation of that data from the huge number of diverse data sources such as network traffic logs which includes transactions through both secure and non secure channels, proxy and non proxy and then server logs from within the enterprise and its vendors, security device logs like antivirus software logs, IDS logs, and firewall logs. This covers data preparation phase of analytics. Hadoop, Openrefine and alpine miner are some of the tools used in data preparation.
Now comes the important part which is model planning. Model planning is backed up by advanced analytic methods like clustering, classifying and finding unusual patterns in the data and correlating them. In this phase of data analytics data scientists determine whether to go with a single model or a series of techniques as part of larger analytic flow (Services, 2015).
Proposed Algorithm for ATP detection (Jisang Kim, 2013):
The results are generally stored in HDFS Hadoop file systems which can then be easily processed by using programming models like Map-Reduce. The above algorithm when run gives the list of suspicious IPs, servers and information related to any suspicious data leakage. The above algorithm when run gives the list of suspicious IPs, servers and information related to any suspicious data leakage. Extraction of intermittently rehashing movement was ended up being compelling in finding the in reality tainted PCs. In the rationale of viewing the new IPs as suspicious ones, the administration was satisfactory just when the cloud and P2P administrations were adequately expelled. Requirement for processing power: Although it was a check of a little system with few clients, the volume of estimation was unmistakably high; even in a little association, the everyday bundle circulation surpassed 50GB and 2 million parcels. The parallel-type huge information preparing framework was judged to be the special case that can handle both in and out headings.
The enterprise management then makes a decision on the next security measures to be considered to suppress the threat.
Big Data Analytics technology is spreading worldwide at an alarming rate while providing more quantitative and qualitative growth to data analytics for smarter decision-making. Currently, industries have a lot of focus on real-time detection. There is attention given to signature matching which has shows effectiveness against traditional attacks but not so effective against APTs. Big Data Analytics is currently evolving and has some practical limitations. An architectural solution will require further R&D work in this field. Researchers promise that Big Data has the capability to enhance detection for defenders, allow APT detection currently infiltrating through traditional architectures.
1. Guru99. (2018). Introduction to BIG DATA: Types, Characteristics & Benefits. Retrieved July 22, 2018, from Guru99: https://www.guru99.com/what-is-big-data.html
2. Incapsula. (n.d.). STAGE 1 – INFILTRATION. Retrieved from https://www.incapsula.com/web-application-security/apt-advanced-persistent-threat.html
3. Jisang Kim, T. L.-g. (2013). Detection of Advanced Persistent Threat by Analyzing. Retrieved July 22, 2018, from OnlinePresent: http://onlinepresent.org/proceedings/vol29_2013/6.pdf
4. Ng, K. S. (2015, November 18). Agile Data Science: Applying Kanban in the Analytics Life Cycle. Retrieved July 22, 2018, from Mental Models 4 Life: https://mentalmodels4life.net/2015/11/18/agile-data-science-applying-kanban-in-the-analytics-life-cycle/
5. Packagecloud. (2015, oct 15). Inspecting and extracting Debian package contents. Retrieved from packagecloud.com: https://blog.packagecloud.io/eng/2015/10/13/inspect-extract-contents-debian-packages/
6. Rouse, M. (2010, November). advanced persistent threat (APT). Retrieved July 22, 2018, from Tech Target: https://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT
7. Services, E. E. (2015). ata science & big data analytics: Discovering, analyzing, visualizing and presenting data. Indianapolis, Indiana: Jo
Big Data Analytics For Cyber Security. (2024, Feb 06). Retrieved from https://studymoose.com/big-data-analytics-for-cyber-security-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment
