Artificial intelligence and big data driven IS security management solution with applications in higher education organizations

Abstract

This paper presents the architecture of a modular big-data-based information system (IS) security management system (ISMS) and elaborates one of its modules - artificial intelligence driven NetFlow data analysis (NFAI) module. The ISMS is used in production at Riga Technical University and can be adapted for use in other organizations. The proposed platform is based on mostly free and open-source tools and allows to prevent or minimize the consequences of malware's activity with little impact on the employee's privacy. The presented NFAI detection module provides detection of malware activity by extracting features from NetFlow data within a 10-minute interval and feeding it into several trained classifiers. ISMS does not rely solely on NFAI module alone, it uses an ensemble of modules and algorithms to increase the accuracy of the malware detection. The presented IS security management system can be employed in real-time environment and its NFAI detection module allows to identify an infected device as soon as it starts to communicate with the botnet (a logical collection of Internet-connected devices such as computers, smartphones or IoT devices whose security have been breached and control ceded to a third party) command and control centre to obtain new commands. The presented NFAI module has been validated in the production environment and identified infected devices which were not detected by antivirus software nor by firewall or Intrusion Detection System.