Machine Learning and Data Analytics

Instances and complexity of cyber attacks have been continuously growing over the recent years. The key influencers in the current cyber plan carefully and are sufficiently funded with specific targets and objectives including working for a state umbrella. Cyber attackers target government, industrial organizations, and military communication and information systems where they devote adequate resources to attain their goals. It is a matter of prudence to comprehend the threats and limitations that existing technologies encounter advanced persistent threats (APTs) and the role of big data analytics in responding to these threats.

A radical shift is required in the approach towards the delivery of security solutions taking into account the unique nature of APT attacks. Adversaries are willing to allocate sufficient time in plotting the attack to avoid system detections. As such, it is essential to redirect attention from exposure in real-time which restricts the correlation capabilities. A strategy that inclines towards full-capture discovery, deep-packet supervision, as well as big data analytics that would make way for the introduction of advanced algorithms for purposes of analysis and mitigation of such attempts in evasion. Even though offline analysis causes delays in detection of attacks, it is essential to note that most of the APTs will devote sufficient amounts of time trying to attain a certain objective (Chollet, 2017). 

APT attacks experience delays due to two main reasons. First, once the initial foothold has been achieved, the adversaries ought to analyze the network, traverse across subnets, locate the point where information is stored and infiltrate it. The attackers need to maintain their point of access and infiltrate it in the future ( Chio,  & Freeman, 2018). Additionally, the relation of events over huge timeframes and several sources is essential for exposure of sophisticated attacks. While the attackers may maneuver around the traditional IDSs, they produce subtle pointers of attack in the network. Increased traffic in the network from certain hosts, unsuccessful login attempts, and strange use of resources and implementation of unauthorized processes may all be pointers of compromise. 

Big data analytics is essential in responding to cyber-attack threats and enhances chances of APT detection. This is achieved by regulated collection, connection, and joining of data from various sources. The analysis of the entire infrastructure makes it possible for defenders to link periodic low-severity claims due to an ongoing attack. Big data analytics lacks a specific period depending on the correlation that can be performed. Also, this can be achieved by recent and past events. For instance, expansion of the capacity of Domain Name System (DNS) traffic from a certain system for limited durations can be as a result of genuine user inputs. Nonetheless, if such a pattern is detected in historical traffic over a certain duration, it may be a pointer of covert exfiltration of data (Chollet, 2017). 

Big data analytics is used to correlate data from different sources of data over notable durations which translate to lower false-positive and make it possible for the APT signal to be monitored in the disruption of authorized user actions. In as much as correlation and processing do not necessarily have to be in real time, they should be terminated within a few hours to warn defenders of looming attacks against their infrastructure.

References

Chollet, F. (2017). Deep Learning with Python.

Chio, C., & Freeman, D. (2018). Machine learning and security: Protecting systems with data and algorithms.