Big Data Technologies for Cybersecurity

Presented By : Ali Chouman

Student ID : 79100008

1
 The art of war teaches us to rely
~~ not on the likelihood of the enemy's not coming ~~
but on
~~ our own readiness to receive him not on the chance of his
not attacking~~
but rather
~~ on the fact that we have made our position unassailable
~~

—The Art of War, Sun Tzu (500 B.C.)

2
 Table of Content
 Definition

 Introduction

 COMPARATIVE ANALYSIS OF BIG DATA

 Classical CEP model

 Modification of MapReduce

 Actor model

 Implementation of the experimental model of the SHC "Warning-2016"

 Implementation of the prototype of the SHC "Warning-2016"

 Advantages

 Conclusions
3
 Definition

Big data is a definition that refers to all the digital data produced by the
use of new technologies used by personal or businesses on a daily
basis. including large and hard-to-manage volumes of data – both
structured and unstructured.

4
 Introduction

 Big Data has extremely increased in

various technologies and applications
which has became interested by attacker
and cyber criminals, in which One of
these is the use of big data for detecting
risks or attacks using some of the security
applications such as (SIEM, NoSQL,
EDR).
 It is confirmed to conduct "online
analysis" of packet and streaming data, to
isolate significant cybersecurity, and to
generate new useful knowledge for
detection and prevention of security
incidents.

5
 COMPARATIVE ANALYSIS OF BIG DATA

The below four approaches are known for

streaming data processing based on:

Classical Modification
CEP model of
MapReduce

Actor Combinations
of actor model
model & MapReduce

6
Classical CEP model

search for "significant"

allocate appropriateevents
eventin a
correlation analysis of events
data stream
patterns

7
 Modification of MapReduce
The MapReduce programming model which used to access Big
Data stored within the Hadoop File System (HDFS).

8
 Actor model
The Actor Model is a programming pattern in which the basic unit of
execution is the actor, Unlike an object in the Object Oriented
Programming its particularly useful when programming in large,
distributed, asynchronous systems.

Zont
System: Storm S4
(MIPT)

Moscow
Institute of
Examples: Twitter Yahoo
Physics and
Technology

9
 Implementation of the SHC model "Warning-2016“ HBase.

 Consider the possible options for building a cognitive early warning system
about a computer attack on the information resources of the Russian
Federation on the basis of Big Data technologies.
 The basis for the proposed solution was the non-relational distributed
database Hbase.
Hbase database allows you

Perform analytical and predictive operations on terabytes of data

Assess the threats to cybersecurity and the stability of the critical

infra. as a whole.

Prepare in the automated mode appropriate scenarios for detection,

neutralization and warning.

10
 The second hypothesis analysis module
 It is designed to handle large amounts of data, respectively, from it require
high performance.
 The module interacts with standard configuration servers and is
implemented in C language (via PECL, PHP extensions repository).

Data Store Web Server Balancing

• MySQL • Nginx • DNS

• Percona • Arecords
• XtraDB

11
Implementation of the prototype of the SHC "Warning-2016"

12
 Advantages
 Key advantages of the DB
High speed of data recording

Predictable speed of data search by key

High speed of sequential reading

 Characteristics of Level DB

Use of the LSM tree model

Organization of data storage in an ordered form.

13
 Conclusions
In our opinion, the technology Big Data to radically change the situation in
the following areas of information security:

Proactive management of cybersecurity incidents

Detection, Prevention & Elimination of the consequences of computer attacks

Predictive network monitoring of cybersecurity

Authentication, Authorization and identity management

Preventing computer crime and fraud

Information security risk management

Compliance with regulatory requirements, etc.

14