1718t1is428T12 Proposal 1

From Visual Analytics for Business Intelligence
Revision as of 18:45, 19 November 2017 by Victoriakoh.2015 (talk | contribs) (Created page with "320px|frameless|center <p></p><br/> <!--Header--> {|style="background-color:#F5F5F5; color:#F6B419; padding: 10 0 10 0;" width="100%" cell...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Los tres mascatero logo.png


Home

Proposal

Team

Poster

Application

Research Paper

Version 1 Version 2

Introduction & Motivation

In data analytics and visualization, there are unique challenges faced in the security realm as compared to conventional Business Intelligence analytics; rare incidents (i.e. attacks) within massive volumes of data need to be detected. Organizations commonly use Security Information and Event Management (SIEM) software solutions to gather security events from various systems and logs, by deploying real-time alert tools optimized to do event-driven signature matching for a subset of the overall gathered data. As attacks are more sophisticated these days, threats are more difficult to detect with signature-based systems.

Extensive analytics can complement SIEM solutions to identify major anomalies, combine multiple markers of attackers’ actions, and detect customized infections. Identifying malicious behavior is challenging, as we do not always know what we are looking for — anomalous behaviors must be an attack, and some attack signatures are unknown and not upfront, so it is crucial to present findings to security analysts for human-driven analysis.

Objectives

Security analysts may not be data science specialists, so the use of visual data representation and visual analytics can make security data analytics easier to understand. The aim of the project is to help organizations identify high-level security threats and attacks by analyzing large amounts of security data (i.e. firewall and IDS logs) we have collected, such that security analysts are able to deal with such threats and attacks with the findings without being required to have strong data science proficiency.

This project tells a story of an attack on a large organization and the three main objectives are:

  1. Discovering key incidents that took place for the time period recorded in the firewall and IDS logs.
  2. Recognizing a security trend in the firewall and IDS logs over the course of the time period.
  3. Identifying the root causes of the incidents identified. And bearing in mind that corporate networks cannot be shut down or disconnected from the internet, what can done to mitigate the issues.

Background Survey of Related Works

Visualizations Explanation
Team12 viz1.JPG


Data source: http://www.digitalattackmap.com/

Digital Attack Map is a live data visualization of DDoS attacks around the globe, built through a collaboration between Google Ideas and Arbor Networks. The tool surfaces anonymous attack traffic data to let users explore historic trends and find reports of outages happening on a given day.

Team12 viz2.JPG


Data source: http://www.trendmicro.com.sg/sg/security-intelligence/current-threat-activity/global-botnet-map/index.html

Global botnet threat activity map by Trend Micro shows the monitored malicious network activity to identify command-and-control servers. It enables security analyst to identify which computers are being attack how many often over the past 2 weeks.

Team12 viz3.JPG


Data source: https://www.akamai.com/us/en/solutions/intelligent-platform/visualizing-akamai/real-time-web-monitor.jsp

Global Internet conditions map by Akamai. With this real-time data they identify the global regions target of the greatest web attack traffic, cities with the slowest web connections (latency) and geographic areas with the most web traffic (traffic density).

Datasets

Tools / Libraries

  • Tableau
  • Github
  • Microsoft Excel
  • Adobe Creative Suites
  • Sketch
  • Javascript: sigma.js, vis.js, three.js, D3.js
  • Python

Technical Challenges

Key Technical Challenges Detailed Description Proposed Solution
Unfamiliar with D3.js libraries

D3.js is a JavaScript library for producing dynamic, interactive data visualizations in web browsers.

  • Go for the d3 workshop
  • Self learning
  • Peer Learning
Data Cleaning and Transformation

The data set are in text format and many other different format. Integration are challenging as there are a lot of manual work to be done.

  • Delegate workload for cleaning datasets
Data Unavailability

Many actual security attacks and defense data are paid version.

  • Research databases using school links through the library portal
Determining the Most Optimal Interactive Elements

In order to enable users to understand the data sets, interactive elements needs to be suitable for this project

  • Develop storyboard
  • Research on security visualization

Project Timeline & Task Assignments

Projecttimeline team12.png

References

Comments

Please leave comments here.


Retrieved from ‘https://wiki.smu.edu.sg/1718t1is428g1/index.php?title=1718t1is428T12_Proposal_1&oldid=4714