Analyzing Small Businesses' Adoption of Big Data Security Analytics

Mathias, Henry

01 January 2019

Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be measured as a function of the user's perceived attributes of innovation represented by the independent variables: relative advantage, compatibility, complexity, observability, and trialability. The study included a cross-sectional survey distributed online to a convenience sample of 165 small businesses. Pearson correlations and multiple linear regression were used to statistically understand relationships between variables. There were no significant positive correlations between relative advantage, compatibility, and the dependent variable adoption; however, there were significant negative correlations between complexity, trialability, and the adoption. There was also a significant positive correlation between observability and the adoption. The implications for positive social change include an increase in knowledge, skill sets, and jobs for employees and increased confidentiality, integrity, and availability of systems and data for small businesses. Social benefits include improved decision making for small businesses and increased secure transactions between systems by detecting and eliminating advanced, persistent threats.

adoption of security analytics

big data analytics

big data security analytics

security

small business

small business adoption of technology

Computer Sciences

Databases and Information Systems

Library and Information Science

Architecture and design requirements forEnterprise Security Monitoring Platform : Addressing security monitoring challenges in the financial services industry

Wierzbieniec, Gabriel

January 2018

Security Monitoring Platform (SMP) represents multiple detective controls applied inthe enterprise to protect against cyberattacks. Building SMP is a challenging task, as itconsists of multiple systems that require integration. This paper introduces a framework thatcompiles various aspects of Security Monitoring and presents respective requirements sets.SMP framework provides guidance for establishing a risk-based detection platform,augmented with automation, threat intelligence and analytics capabilities. It provides morebroad view on the problem of Security Monitoring in the enterprise context and can assist inthe platform creation. The proposed solution has been built using Design Science ResearchMethodology and contains of twenty requirements for building SMP. Expert evaluation andcomparison with similar frameworks show potential value in holistic approach to the problem,as well as indicate the need for further research.

Security Monitoring

SIEM

Log Management

SOC

Threat Intelligence

Security Analytics

Annan elektroteknik och elektronik

Security Analytics: Using Deep Learning to Detect Cyber Attacks

Lambert, Glenn M, II

01 January 2017

Security attacks are becoming more prevalent as cyber attackers exploit system vulnerabilities for financial gain. The resulting loss of revenue and reputation can have deleterious effects on governments and businesses alike. Signature recognition and anomaly detection are the most common security detection techniques in use today. These techniques provide a strong defense. However, they fall short of detecting complicated or sophisticated attacks. Recent literature suggests using security analytics to differentiate between normal and malicious user activities. The goal of this research is to develop a repeatable process to detect cyber attacks that is fast, accurate, comprehensive, and scalable. A model was developed and evaluated using several production log files provided by the University of North Florida Information Technology Security department. This model uses security analytics to complement existing security controls to detect suspicious user activity occurring in real time by applying machine learning algorithms to multiple heterogeneous server-side log files. The process is linearly scalable and comprehensive; as such it can be applied to any enterprise environment. The process is composed of three steps. The first step is data collection and transformation which involves identifying the source log files and selecting a feature set from those files. The resulting feature set is then transformed into a time series dataset using a sliding time window representation. Each instance of the dataset is labeled as green, yellow, or red using three different unsupervised learning methods, one of which is Partitioning around Medoids (PAM). The final step uses Deep Learning to train and evaluate the model that will be used for detecting abnormal or suspicious activities. Experiments using datasets of varying sizes of time granularity resulted in a very high accuracy and performance. The time required to train and test the model was surprisingly fast even for large datasets. This is the first research paper that develops a model to detect cyber attacks using security analytics; hence this research builds a foundation on which to expand upon for future research in this subject area.

Thesis

University of North Florida

UNF

Big Data Analytics

Security Analytics

Deep Learning

Cyber Attacks

Artificial Intelligence and Robotics

Information Security