EditorialBig Data Analytics for Cyber Security

Pelin Angin ,1 Bharat Bhargava,2 and Rohit Ranchal 3

1Department of Computer Engineering, Middle East Technical University, Ankara, Turkey2Department of Computer Science, Purdue University, West Lafayette, IN, USA3IBM Watson Health Cloud, Cambridge, MA, USA

Correspondence should be addressed to Pelin Angin; pangin@ceng.metu.edu.tr

Received 4 August 2019; Accepted 8 August 2019; Published 8 September 2019

Copyright © 2019 Pelin Angin et al. �is is an open access article distributed under the Creative Commons Attribution License,which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

�e era of Internet of �ings with billions of connecteddevices has created an ever larger surface for cyber attackers toexploit, which has resulted in the need for fast and accuratedetection of those attacks. �e developments in mobilecomputing, communications, and mass storage architecturesin the past decade have brought about the phenomenon of bigdata, which involves unprecedented amounts of valuable datagenerated in various forms at a high speed. �e ability toprocess these massive amounts of data in real time using bigdata analytics tools brings along many bene­ts that could beutilized in cyber threat analysis systems. By making use of bigdata collected from networks, computers, sensors, and cloudsystems, cyber threat analysts and intrusion detection/pre-vention systems can discover useful information in real time.�is information can help detect system vulnerabilities andattacks that are becoming prevalent and develop securitysolutions accordingly.

Big data analytics will be a must-have component of anye�ective cyber security solution due to the need of fastprocessing of the high-velocity, high-volume data fromvarious sources to discover anomalies and/or attack patternsas fast as possible to limit the vulnerability of the systems andincrease their resilience. Even though many big data ana-lytics tools have been developed in the past few years, theirusage in the ­eld of cyber security warrants new approachesconsidering many aspects including (a) uni­ed data rep-resentation, (b) zero-day attack detection, (c) data sharingacross threat detection systems, (d) real time analysis, (e)sampling and dimensionality reduction, (f ) resource-con-strained data processing, and (g) time series analysis foranomaly detection.

�is special issue has attracted original contributionsthat utilize and build big data analytics solutions for cyber

security in a variety of ­elds. All submissions underwent ameticulous review process, and nine papers were acceptedfor publication in this special issue. �e following is a shortsummary of the ­ndings of each of these papers.

Cyber Physical Power Systems (CPPS) are a criticalinfrastructure and therefore a favorable target of cyber-attacks. In “VHDRA: A Vertical and Horizontal IntelligentDataset Reduction Approach for Cyber-Physical PowerAware Intrusion Detection Systems,” the authors proposedthe use of the Nonnested Generalized Exemplars (NNGE)algorithm and showed that it is among themost accurate andsuitable classi­cation methods for developing an intrusiondetection system for CPPS because of its ability to classifymulticlass scenarios and handle heterogeneous datasets.Furthermore, VHDRA proposed mechanisms to improvethe classi­cation accuracy and speed of the NNGE algorithmand reduce the computational resource consumption. Itachieves this by vertical reduction of the dataset features byselecting only the most signi­cant features and horizontallyreduces the size of data while preserving original key eventsand patterns within the datasets using the State Tracking andExtraction Method approach.

In “Integrating Tra�cs with Network Device Logs forAnomaly Detection,” the authors presented Tra�c-LogCombined Detection (TLCD), which is a multistage in-trusion analysis system that overcomes the ine�cacy ofexisting anomaly detection systems that search logs ortra�cs alone for evidence of attacks but do not performfurther analysis of attack processes. TLCD correlates log datawith tra�c characteristics to re�ect the attack process andconstruct a federated detection platform. Speci­cally, it candiscover the process steps of a cyberattack, re�ect the currentnetwork status, and reveal the behaviors of normal users.

HindawiSecurity and Communication NetworksVolume 2019, Article ID 4109836, 2 pageshttps://doi.org/10.1155/2019/4109836

Experiments with different cyberattacks demonstrated thatTLCD provides high accuracy and a low false positive rate.

Role-based access control (RBAC) is a predominantaccess control model and is widely used in both commercialand research settings. A key requirement of RBAC is toidentify appropriate roles that capture business needs. Rolemining is a common approach to discover user roles fromexisting datasets using data mining. "e interdependentrelationships between user permissions must be consideredto prevent security vulnerabilities. In “RMMDI: A NovelFramework for Role Mining Based on the Multi-DomainInformation,” the authors proposed a role mining frame-work based on multi-domain information. It utilizes theinformation from multiple domains such as physical, net-work, and digital, to find the relationships and similaritybetween user permissions, and aggregates the in-terdependent permissions under the same role using multi-view community detection methods.

Governments and enterprises are frequently exposed tocoordinated cyberattacks such as advanced persistent threat(APT). Such attacks require exploiting multiple systemswithin an organization to gain unauthorized access to datafor an extended period by staying undetected. Detection andprevention of such attacks requires classifying the disparatedata from multiple systems based on its semantics andcorrelating it through a comprehensive analysis. "e articletitled “HeteMSD: A Big Data Analytics Framework forTargeted Cyber-Attacks Detection Using HeterogeneousMultisource Data” addresses these gaps by complementingthe analysis using human security experts. It presents amultilayer design of the framework and discusses theidentification of security related characteristics in the data,classification of data based on degree of security semantics,and different types of correlation analysis.

In “Optimizing Computer Worm Detection Using En-sembles,” the authors addressed the problem of detectingcomputer worms in networks. "ey focused particularly onthe problem of detecting sophisticated computer worms thatuse code obfuscation techniques and developed a behavioralmachine learning model to detect computer worms. "eachieved results are promising in terms of accuracy andgeneralization to new datasets.

In “Malware Detection on Byte Streams of PDF FilesUsing Convolutional Neural Networks,” the authorsdesigned a convolutional neural network to tackle malwaredetection on PDF files. "ey collected malicious and benignPDF files and manually labeled the byte sequences withinthem."e proposed network was designed to interpret high-level patterns among collectable spatial clues, predictingwhether the given byte sequence has malicious actions ornot. "e experimental results showed that the proposedapproach outperforms several machine learning models.

Due to the numerous benefits of cloud computing, it isbecoming the go-to technology for hosting services andstoring data. However, the utilization of cloud brings in-herent risks and uncertainty due to lack of visibility into thecloud and loss of control over operations applied to shareddata. A key requirement in cloud-based data storage andsharing is to ensure the integrity of shared data. In “Integrity

Audit of Shared Cloud Data with Identity Tracking,” theauthors proposed a public auditing scheme for dynamicgroup-oriented data sharing in cloud environments. "eyintroduced a new role called Rights Distribution Center(RDC) to track the membership and identity of users. "eapproach enables performing third party audits to verifydata integrity while protecting the privacy of user identity.

Automated data mining can help in extracting importantinformation from unstructured text for various cyberse-curity use cases. However, lack of a high-quality large labeleddataset has been a hindrance for information security re-search. Crowdsourcing can be an effective way to quicklyobtain a large labeled dataset at low cost, but the crowdannotations may be of lower quality than those of experts. In“Multifeature Named Entity Recognition in InformationSecurity Based on Adversarial Learning,” the authors pro-posed solutions by first identifying the common features incrowdsourced annotations using generative adversarialnetworks. Due to the diversity and specificity of the entitycategories in cybersecurity, only the basic word and char-acter features can be used, but these features alone are notsufficient for effective named entity recognition. To addressthis, the domain dictionary and sentence dependency fea-tures were used as additional features to again identify theentities and improve the quality of crowdsourcingannotations.

"e rise of cloud computing has resulted in data storageand computation being delegated to the untrusted cloud,leading to a series of challenging security and privacy threats.While fully homomorphic encryption can be used to protectthe privacy of cloud data and solve the trust problem of athird party, the key problem of achieving fully homomor-phic encryption is reducing the increasing noise during theciphertext evaluation. In “Generalized BootstrappingTechnique Based on Block Equality Test Algorithm,” theauthors investigated the bootstrapping procedure used toconstruct a fully homomorphic encryption scheme. "eyproposed a new block homomorphic equality test algorithmand gave an instance based on the FH-SIMD scheme. Boththeoretical analysis and experiment simulation demon-strated the high performance of the proposed bootstrappingalgorithm.

Conflicts of Interest

"e Editors declare that there are no conflicts of interest.

Pelin AnginBharat Bhargava

Rohit Ranchal

2 Security and Communication Networks

International Journal of

AerospaceEngineeringHindawiwww.hindawi.com Volume 2018

RoboticsJournal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Active and Passive Electronic Components

VLSI Design

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Shock and Vibration

Hindawiwww.hindawi.com Volume 2018

Civil EngineeringAdvances in

Acoustics and VibrationAdvances in

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Electrical and Computer Engineering

Journal of

Advances inOptoElectronics

Hindawiwww.hindawi.com

Volume 2018

Hindawi Publishing Corporation http://www.hindawi.com Volume 2013Hindawiwww.hindawi.com

The Scientific World Journal

Volume 2018

Control Scienceand Engineering

Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com

Journal ofEngineeringVolume 2018

SensorsJournal of

Hindawiwww.hindawi.com Volume 2018

International Journal of

RotatingMachinery

Hindawiwww.hindawi.com Volume 2018

Modelling &Simulationin EngineeringHindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Chemical EngineeringInternational Journal of Antennas and

Propagation

International Journal of

Hindawiwww.hindawi.com Volume 2018

Hindawiwww.hindawi.com Volume 2018

Navigation and Observation

International Journal of

Hindawi

www.hindawi.com Volume 2018

Advances in

Multimedia

Submit your manuscripts atwww.hindawi.com