Anomaly detection under cognitive security model

  • Jonathan Herrera Escuela Politécnica Nacional
  • Roberto Omar Andrade Escuela Politécnica Nacional
  • Miguel Flores Escuela Politécnica Nacional
  • Susana Cadena Universidad Central del Ecuador
Keywords: cyber-defense, cognitive security, cybersecurity

Abstract

Cybersecurity attacks are considered among the top five of risks worldwide, according to the World Economic Forum in the year 2019. This context has generated the need to improve the tasks of cybersecurity defense in organizations. Improving the effectiveness in executing a cybersecurity task requires three pillars: people, processes and technologies. The proposal in this work is to analyze the integration of these three components as a strategy to improve the effectiveness of the execution of operational tasks in cyber defense, specifically the detection of anomalies. Based on the foundation that: cybersecurity operational tasks carried out daily by analysts require the use of cognitive processes, and that the use of techniques based on technologies such as machine learning, data mining and data science have generally been used to automate cybersecurity tasks, we have considered the use of cognitive security, as a strategy to improve the anomaly detection process, taking into account the cognitive processes and skills that are executed by the security analyst.

DOI

Downloads

Download data is not yet available.

References

World Economic Forum®, “The Global Risks Report 2019”, The Global Risks Report, 2019. [online] Geneva: World Economic Forum. Available at: <http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf> [Accessed 28 September 2020].

R. Andrade and J. Torres, J. “Self-Awareness as an enabler of Cognitive Security”, IEEE 9th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), 2018.

Elasticsearch B.V., "Elasticsearch: The Official Distributed Search & Analytics Engine", 2020. [Online]. Available: https://www.elastic.co/elasticsearch/. [Accessed: 28- Sep- 2020].

A. Parmisano, S. Garcia and M. Erquiaga, "Stratosphere Laboratory", A labeled dataset with malicious and benign IoT network traffic, 2020. [Online]. Available: https://www.stratosphereips.org/datasets-iot23. [Accessed: 28- Sep- 2020].

IBM, “Applied cognitive security complementing the security analyst.”, 2017. [Online]. Available: https://www.rsaconference.com

R. Breton and R. Rousseau, “The c-ooda: A cognitive version of the ooda loop to represent c2 activities. topic: C2 process modelling,” 03 2019.

M. D. Mumford, E. Todd, C. Higgs, and T. Mcintosh, “Cognitive skills and leadership performance: The nine critical skills,” The Leadership Quarterly, vol. 28, 11 2016.

Riveiro, M., Falkman, G., Ziemke, T., & Kronhamn, T. “Reasoning about anomalies: a study of the analytical process of detecting and identifying anomalous behavior in maritime traffic data”, Proceedings of SPIE - The International Society for Optical Engineering, 2009.

J. Ma and S. Perkins, S., “Time-series novelty detection using one-class support vector machines”, Proceedings of the International Joint Conference on Neural Networks, 2003. doi:10.1109/ijcnn.2003.1223670

J. Loeffler, R. Cañal-Bruland, A. Schroeger, J. W. Tolentino-Castro, and M. Raab, “Interrelations between temporal and spatial cognition: The role of modality-specific processing”, Frontiers in Psychology, 9,Article 2609, 2018. https://doi.org/10.3389/fpsyg.2018.02609 T. S.

Xu, H. D. Chiang, G. Y. Liu, and C. W. Tan. Hierarchical k-means method for clustering large-scale advanced metering infrastructure data. IEEETransactions on Power Delivery, 32(2), 609–616, 2017.

S. Dhandapani, G. Gupta, and J. Ghosh. Design and implementation of scalable hierarchical density based clustering (Doctoral dissertation, University ofTexas), 2010.

P. Berkin. A survey of clustering data mining techniques, in: J. Kogan, C. Nicholas and M. Teboulle (Eds.), Grouping Multidimensional Data: RecentAdvances in Clustering, pp. 25–71, 2006.

D. Pascual, F. Pla, and J. S. Sanchez. Nonparametric local density-based clustering for multimodal overlapping distributions, in: Proceedings of the 7IntligentDataEngineeringandAutomated Learning (IDEAL), Burgos, Spain, pp. 671–678, 2006.

C. M. Varachiu and N. Varachiu, "A fuzzy paradigm approach for the cognitive process of categorization," Proceedings First IEEE International Conference on Cognitive Informatics, Calgary, Alberta, Canada, 2002, pp. 229-232, doi:10.1109/COGINF.2002.1039302.

Elasticsearch B.V., "Installing Elasticsearch | Elasticsearch Reference [7.9] | Elastic",

Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/elasticsearch/reference/current/install-elasticsearch.html. [Accessed: 28-Sep- 2020]

Elasticsearch B.V., "Configuring security in Elasticsearch | Elasticsearch Reference [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/elasticsearch/reference/7.9/configuring-security.html. [Accessed: 28-Sep- 2020].

Elasticsearch B.V., "Install Kibana | Kibana Guide [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/kibana/current/install.html. [Accessed: 28- Sep- 2020].

Elasticsearch B.V., "Installing Logstash |Logstash Reference [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html. [Accessed: 28-Sep- 2020].

ElasticSearch B.V., "Input plugins | Logstash Reference [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/logstash/current/input-plugins.html. [Accessed: 28- Sep- 2020].

Elasticsearch B.V., "Filter plugins | Logstash Reference [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/logstash/current/filter-plugins.html. [Accessed: 28- Sep- 2020].

Elasticsearch B.V., "Output plugins |Logstash Reference [7.9] | Elastic", Elastic.co, 2020. [Online]. Available: https://www.elastic.co/guide/en/logstash/current/output-plugins.html. [Accessed: 28- Sep-2020].

Elasticsearch B.V., "Index templates | Elasticsearch Reference [master]| Elastic", Elastic.co, 2020. [Online]. Available: https://bit.ly/3HKhDwL .[Accessed: 28- Sep-2020].

Published
2020-12-01
How to Cite
[1]
J. Herrera, R. Andrade, M. Flores, and S. Cadena, “Anomaly detection under cognitive security model”, LAJC, vol. 7, no. 2, pp. 34-47, Dec. 2020.
Section
Research Articles for the Regular Issue