Cyber Security in Big Data Era

A special issue of Big Data and Cognitive Computing (ISSN 2504-2289).

Deadline for manuscript submissions: closed (27 October 2023) | Viewed by 19240

Special Issue Editor


E-Mail Website
Guest Editor
Department of Computer Science, University of Pisa, 56127 Pisa, Italy
Interests: risk assessment and management; intrusion detection; adversary simulation; distributed ledger
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

Computer and network security is, has been, and will be one of the most critical issues to be faced by industries and people all over the world. The increased size and complexity of communications and networking infrastructures pose new and challenging problems to improve cyber robustness and resilience. Mobility, cloud, and cyberphysical systems add more complexity. Techniques to detect attacks and manage the resulting risks have been developed and deployed, but they must be continuously improved in a cat-and-mouse play with cyber criminals who are constantly evolving their attacks to stay one step ahead.

In the era of big data, systems can improve tools to detect and manage attacks from humans or malware by collecting and analyzing a huge amount of information on the actual behavior of a system and of its users. The purpose is to integrate current detection methodologies with big data ones to continuously improve detection of vulnerabilities and malware and use the time savings from automated security intelligence to identify threats and improve containment processes. The resulting approach can offset human shortcomings in detecting and handling cyberattacks even if they have never been seen before, because they exploit vulnerabilities that are not public yet. This will strongly improve both the security and resilience of ICT and OT systems.

Prof. Dr. Fabrizio Baiardi
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Big Data and Cognitive Computing is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1800 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • architecture and infrastructure for data collection
  • architecture and infrastructure for system monitoring and intrusion detection
  • data analysis and fusion methodologies for intrusion and anomaly detection
  • distributed ledger and anomaly detection
  • AI techniques for anomaly and intrusion detection
  • AI technique for alert correlation

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (4 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

39 pages, 10339 KiB  
Article
Ensuring SDN Resilience under the Influence of Cyber Attacks: Combining Methods of Topological Transformation of Stochastic Networks, Markov Processes, and Neural Networks
by Igor Kotenko, Igor Saenko, Andrey Privalov and Oleg Lauta
Big Data Cogn. Comput. 2023, 7(2), 66; https://doi.org/10.3390/bdcc7020066 - 30 Mar 2023
Cited by 2 | Viewed by 2175
Abstract
The article proposes an approach to ensuring the functioning of Software-Defined Networks (SDN) in cyber attack conditions based on the analytical modeling of cyber attacks using the method of topological transformation of stochastic networks. Unlike other well-known approaches, the proposed approach combines the [...] Read more.
The article proposes an approach to ensuring the functioning of Software-Defined Networks (SDN) in cyber attack conditions based on the analytical modeling of cyber attacks using the method of topological transformation of stochastic networks. Unlike other well-known approaches, the proposed approach combines the SDN resilience assessment based on analytical modeling and the SDN state monitoring based on a neural network. The mathematical foundations of this assessment are considered, which make it possible to calculate the resilience indicators of SDN using analytical expressions. As the main indicator, it is proposed to use the correct operation coefficient for the resilience of SDN. The approach under consideration involves the development of verbal models of cyber attacks, followed by the construction of their analytical models. In order to build analytical models of cyber attacks, the method of topological transformation of stochastic networks (TTSN) is used. To obtain initial data in the simulation, the SDN simulation bench was justified and deployed in the EVE-NG (Emulated Virtual Environment Next Generation) virtual environment. The result of the simulation is the time distribution function and the average time for the cyber attack implementation. These results are then used to evaluate the SDN resilience indicators, which are found by using the Markov processes theory. In order to ensure the resilience of the SDN functioning, the article substantiates an algorithm for monitoring the state of controllers and their automatic restructuring, built on the basis of a neural network. When one is choosing a neural network, a comparative evaluation of the convolutional neural network and the LSTM neural network is carried out. The experimental results of analytical modeling and simulation are presented and their comparative evaluation is carried out, which showed that the proposed approach has a sufficiently high accuracy, completeness of the obtained solutions and it took a short time to obtain the result. Full article
(This article belongs to the Special Issue Cyber Security in Big Data Era)
Show Figures

Figure 1

9 pages, 473 KiB  
Article
Revisiting Gradient Boosting-Based Approaches for Learning Imbalanced Data: A Case of Anomaly Detection on Power Grids
by Maya Hilda Lestari Louk and Bayu Adhi Tama
Big Data Cogn. Comput. 2022, 6(2), 41; https://doi.org/10.3390/bdcc6020041 - 16 Apr 2022
Cited by 8 | Viewed by 4285
Abstract
Gradient boosting ensembles have been used in the cyber-security area for many years; nonetheless, their efficacy and accuracy for intrusion detection systems (IDSs) remain questionable, particularly when dealing with problems involving imbalanced data. This article fills the void in the existing body of [...] Read more.
Gradient boosting ensembles have been used in the cyber-security area for many years; nonetheless, their efficacy and accuracy for intrusion detection systems (IDSs) remain questionable, particularly when dealing with problems involving imbalanced data. This article fills the void in the existing body of knowledge by evaluating the performance of gradient boosting-based ensembles, including gradient boosting machine (GBM), extreme gradient boosting (XGBoost), LightGBM, and CatBoost. This paper assesses the performance of various imbalanced data sets using the Matthew correlation coefficient (MCC), area under the receiver operating characteristic curve (AUC), and F1 metrics. The article discusses an example of anomaly detection in an industrial control network and, more specifically, threat detection in a cyber-physical smart power grid. The tests’ results indicate that CatBoost surpassed its competitors, regardless of the imbalance ratio of the data sets. Moreover, LightGBM showed a much lower performance value and had more variability across the data sets. Full article
(This article belongs to the Special Issue Cyber Security in Big Data Era)
Show Figures

Figure 1

15 pages, 3985 KiB  
Article
The Next-Generation NIDS Platform: Cloud-Based Snort NIDS Using Containers and Big Data
by Ferry Astika Saputra, Muhammad Salman, Jauari Akhmad Nur Hasim, Isbat Uzzin Nadhori and Kalamullah Ramli
Big Data Cogn. Comput. 2022, 6(1), 19; https://doi.org/10.3390/bdcc6010019 - 7 Feb 2022
Cited by 2 | Viewed by 6628
Abstract
Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and [...] Read more.
Snort is a well-known, signature-based network intrusion detection system (NIDS). The Snort sensor must be placed within the same physical network, and the defense centers in the typical NIDS architecture offer limited network coverage, especially for remote networks with a restricted bandwidth and network policy. Additionally, the growing number of sensor instances, followed by a quick increase in log data volume, has caused the present system to face big data challenges. This research paper proposes a novel design for a cloud-based Snort NIDS using containers and implementing big data in the defense center to overcome these problems. Our design consists of Docker as the sensor’s platform, Apache Kafka, as the distributed messaging system, and big data technology orchestrated on lambda architecture. We conducted experiments to measure sensor deployment, optimum message delivery from the sensors to the defense center, aggregation speed, and efficiency in the data-processing performance of the defense center. We successfully developed a cloud-based Snort NIDS and found the optimum method for message-delivery from the sensor to the defense center. We also succeeded in developing the dashboard and attack maps to display the attack statistics and visualize the attacks. Our first design is reported to implement the big data architecture, namely, lambda architecture, as the defense center and utilize rapid deployment of Snort NIDS using Docker technology as the network security monitoring platform. Full article
(This article belongs to the Special Issue Cyber Security in Big Data Era)
Show Figures

Graphical abstract

Review

Jump to: Research

23 pages, 598 KiB  
Review
Applications and Challenges of Federated Learning Paradigm in the Big Data Era with Special Emphasis on COVID-19
by Abdul Majeed, Xiaohan Zhang and Seong Oun Hwang
Big Data Cogn. Comput. 2022, 6(4), 127; https://doi.org/10.3390/bdcc6040127 - 26 Oct 2022
Cited by 15 | Viewed by 4684
Abstract
Federated learning (FL) is one of the leading paradigms of modern times with higher privacy guarantees than any other digital solution. Since its inception in 2016, FL has been rigorously investigated from multiple perspectives. Some of these perspectives are extensions of FL’s applications [...] Read more.
Federated learning (FL) is one of the leading paradigms of modern times with higher privacy guarantees than any other digital solution. Since its inception in 2016, FL has been rigorously investigated from multiple perspectives. Some of these perspectives are extensions of FL’s applications in different sectors, communication overheads, statistical heterogeneity problems, client dropout issues, the legitimacy of FL system results, privacy preservation, etc. Recently, FL is being increasingly used in the medical domain for multiple purposes, and many successful applications exist that are serving mankind in various ways. In this work, we describe the novel applications and challenges of the FL paradigm with special emphasis on the COVID-19 pandemic. We describe the synergies of FL with other emerging technologies to accomplish multiple services to fight the COVID-19 pandemic. We analyze the recent open-source development of FL which can help in designing scalable and reliable FL models. Lastly, we suggest valuable recommendations to enhance the technical persuasiveness of the FL paradigm. To the best of the authors’ knowledge, this is the first work that highlights the efficacy of FL in the era of COVID-19. The analysis enclosed in this article can pave the way for understanding the technical efficacy of FL in medical field, specifically COVID-19. Full article
(This article belongs to the Special Issue Cyber Security in Big Data Era)
Show Figures

Figure 1

Back to TopTop