Cognitive & Organizational Challenges of Big Data in Cyber Defence

Cyber Defence
1.0x

Cognitive & Organizational Challenges of Big Data in Cyber Defence

Created 2 years ago

Duration 0:09:52
lesson view count 45
Select the file type you wish to download
Slide Content
  1. Cognitive & Organizational Challenges of Big Data in Cyber Defence.

    Slide 1 - Cognitive & Organizational Challenges of Big Data in Cyber Defence.

    • Yalavarthi Anusha
    • 1
  2. Big Data in Cyber Network Defence:

    Slide 2 - Big Data in Cyber Network Defence:

    • Cyber network defence (CND) is a set of processes & protective measures that use computer networks to detect, monitor, protect, analyse and defend against network infiltrations resulting in service/network denial, degradation and disruptions. It enables a government or military organization to defend and retaliate against network attacks perpetrated by malicious computer systems or networks.
    • Big data analytics can solve security issues faced by companies and government, according to 61 percent of respondents. However, only 35 percent say they have solutions in place that are the same or comparable to big data analytics for cyber defense.
    • 2
  3. Introduction:

    Slide 3 - Introduction:

    • The computer Network Defence analysts always have the data more than they can handle.
    • The raw data cannot fit in the long-term memory of the analysts and hence the use of artifacts is necessary like spread-sheets which are still used to handle log entries from computers.
    • The analysts cognitive artifacts are more capable of accessing, correlating and presenting the data which depend on the list of events and actors.
    • These artifacts provide the representation that reduce the size and complexity of the data which human cognition can handle.
    • The analyst's concept of understanding called the " Analyst's mental models" are defined by the tools they use.
    • 3
  4. Attributes that effect the relationship between analysts and the data:

    Slide 4 - Attributes that effect the relationship between analysts and the data:

    • Decisions must be made in Real time or near real-time.
    • The domain is non-physical and almost all thinking is about abstractions.
    • Information requirements and sensor development are driven by external actors such as their capabilities, tactics, and strategies which leads to a cycle of growth in data size which allows:
    • New threat capabilities and strategies
    • Unique defensive strategy
    • More diverse sensors with faster and diverse data
    • More complex technology to handle new and bigger data
    • New threat capabilities in response
    • 4
  5. Analysis for Cyber Defence:

    Slide 5 - Analysis for Cyber Defence:

    • An analysis is conducted in which six analysts representing different organizations are considered.
    • The common Big Data dimensions such as volume, velocity and variety are considered.
    • From the analysis, they found that the analysts think more on the challenging themes than on the data dimensions which clearly tells us how the analysts think on the challenging themes rather than domain.
    • 5
  6. Challenging Themes and Attributes:

    Slide 6 - Challenging Themes and Attributes:

    • The workshop conducted on the Human-Centred Big Data Research gave us a clear idea of the challenge themes and their attributes.
    • CND analysts’ goal is to make sense of what is happening in their network in its normal states and as affected by threat activities.
    • Automation
    • Dealing with this variety (as well as data volume and velocity) has required automation of increased complexity and span of action.
    • Tools
    • This evolution of automation brings with it the potential for changes in analysts’ roles and for operational errors that have been observed in using automation in other domains. Careful design of analysts’ tools can help to prevent such errors
    • 6
  7. Archiving:

    Slide 7 - Archiving:

    • The data challenges when considered, most of the analysts had an initial thought about archiving.
    • Different kinds of data and metadata are archived for different lengths of time.
    • The organizations set archiving policies for different data types.
    • Monitoring Alerts:
    • Monitoring tasks are usually based on the alerts generated by the monitoring tools.
    • Increase in the data increases the possibility of the risks and the judgements are taken by the analysts.
    • The analysts use their experience to make decisions on the alerts generated by the changes in data volume and velocity.
    • 7
  8. Pace of work :

    Slide 8 - Pace of work :

    • The flow of data purely depends on the organization. According to the analysts, pace of the data depends on the organization but not the data.
    • Organizations respond to increased variety by increasing the staff, changing priorities and adopting new tools.
    • In response to increased volume, organizations often deprioritized certain types of attacks and devote less time to open-ended exploration of the data.
    • Increasing Coordination Costs :
    • For monitoring alerts, we need to recruit more analysts and put them to work for monitoring the traffic.
    • 8
  9. Slide 9

    • Expanding the Organization includes increase in the levels of management, training costs and co-ordination costs between the analysts.
    • The standardise notations and the procedures are increased by the coordination which is lacking in cyber-defence.
    • Future Work :
    • Different experiments should be conducted which explore the analyst's Mental Models and also solutions to the problems in the Computer Network defence.
    • 9
  10. Good and Bad about this paper:

    Slide 10 - Good and Bad about this paper:

    • Few Analysts were interviewed in the paper and found out the challenges that an organization would face when there is a huge volume of data.
    • The tools and automation is discussed that could find and alerts any miscellaneous activity in the data.
    • The policies that an organization should setup to archive and monitor are discussed.
    • The data that purely depends on the organization and to control the data traffic effective measures should be taken such as expanding the organization.
    • Though analysed, the paper didn't talk about the parameters to be considered to implement the remedy measures.
    • As per my observation, there was no sufficient data to come to conclusion.
    • Thank you!
    • 10