Abstract
Intrusion Detection has been heavily studied in both industry and academia, but cybersecurity analysts still desire much more alert accuracy and overall threat analysis in order to secure their systems within cyberspace. Improvements to Intrusion Detection could be achieved by embracing a more comprehensive approach in monitoring security events from many different heterogeneous sources. Correlating security events from heterogeneous sources can grant a more holistic view and greater situational awareness of cyber threats. One problem with this approach is that currently, even a single event source (e.g., network traffic) can experience Big Data challenges when considered alone. Attempts to use more heterogeneous data sources pose an even greater Big Data challenge. Big Data technologies for Intrusion Detection can help solve these Big Heterogeneous Data challenges. In this paper, we review the scope of works considering the problem of heterogeneous data and in particular Big Heterogeneous Data. We discuss the specific issues of Data Fusion, Heterogeneous Intrusion Detection Architectures, and Security Information and Event Management (SIEM) systems, as well as presenting areas where more research opportunities exist. Overall, both cyber threat analysis and cyber intelligence could be enhanced by correlating security events across many diverse heterogeneous sources.
Highlights
Cybersecurity is critical as society becomes increasingly dependent on computerized systems for its finances, industry, medicine, and other important aspects
Bhatti et al [23] discuss how even current technologies cannot cope well with the Big Data challenges of Intrusion Detection: “Security analytics in a big data environment presents a unique set of challenges, not properly addressed by the existing security incident and event monitoring systems that typically work with a limited set of traditional data sources in an enterprise network”
This study demonstrates a couple of Big Volume challenges in that their original Security Operation Center (SOC) architecture was prone to “flood” attacks, and that they could not directly use standard Intrusion Detection Message Exchange Format (IDMEF) formatting due to poor event correlation performance
Summary
Cybersecurity is critical as society becomes increasingly dependent on computerized systems for its finances, industry, medicine, and other important aspects. An example of this would be if two or more heterogeneous sources which separately contain Big Data challenges individually were analyzed with advanced data correlation techniques (or data fusion which is presented in the SECURITY DATA ACROSS HETEROGENEOUS SOURCES section) in order to give better accuracy through superior situational awareness For complex systems such as Intrusion Detection where a large amount of heterogeneous sources are common and can contain Big Data challenges, the problem can quickly escalate into a more difficult Big Heterogeneous Data challenge. Bhatti et al [23] discuss how even current technologies cannot cope well with the Big Data challenges of Intrusion Detection: “Security analytics in a big data environment presents a unique set of challenges, not properly addressed by the existing security incident and event monitoring (or SIEM) systems that typically work with a limited set of traditional data sources (firewall, IDS, etc.) in an enterprise network”. Big Data challenges for alert correlation would be further exacerbated if additional diverse heterogeneous sources were utilized as the number of alerts could increase, in addition to the broader need to perform data fusion across the different sources
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
