Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data Technology

Copyright © 2018 CyberSecurity MalaysiaCopyright © 2018 CyberSecurity Malaysia
Dr.AA (Dr.Aswami Ariffin)
SVP & Digital Forensics Scientist
Cyber Security Responsive Services
CyberSecurity Malaysia
aswami@cybersecurity.my
CyberI3 System -
Intelligence, Incidence & Investigation Based Big
Data Technology

Copyright © 2018 CyberSecurity Malaysia
1. Cyber Threat Landscape

,090,77721
68.1% population

INTEL chipset bug

2. CyberFIC – Forensics
Intelligence Center

#ITUCyberSecurityStudy
{Technical, CapacityBuilding, Cooperation, Legal,
Organizational}

CyberFIT

#CyberDefenceWarRoom
{ChainOfCustody, Command, Trust}

CyberACT

#CyberDefenceMalaysia
{Intelligence, Incidence, Investigation}

Our 2 years journey
(2016-2018)
Feb 2016
MOU/MOA
Signed, Title &
Concept
Aug 2016 - SRS, SDD
(Initial Design),
Satellite Lab
Feb 2016 - Revised SRS,
SDD (Detail Design),
STP, Research Papers,
the Proof of Concept of
Big Data Platform
Oct 2017 – Optimization
Report, Proof of
Concept, Testing
Documents, Research
Papers
Feb 2018 – Final
Report, Research
Papers

The team & funding
UTM Team (Consultant & Research)
• Prof Dr Shamsul Sahibuddin
• PM Dr Mohd Naz’ri Mahrin
• PM Dr Azurati Ahmad
• Dr Ganthan Narayana Samy
• Dr Priteega Mahalingam
• Dr Syahid Anuar
• Dr Suriayati Chuprat
Consultation
RM 1.72 Million
Research
RM 556.6 K
CSM Team
•Dr Aswami Ariffin (Dr AA)
•Mohd Zabri Adil Talib
•Mohamad Firham Effendy
•Fakhrul Afiq Abd Aziz
•Muhammad Zaharudin
•Nazri Ahmad Zamani
•Nur Afifah Mohd Saupi
•Nor Zarina Zainal Abidin
•Wafa Mohd Khairudin
•Yasmin Jeffry

The beginning…

CyberI3 framework
Data Warehouse
Is a component that will be the central repository for the storing data sent
by CMERP. Data will be enriched to become more meaningful for further
analytics.
Data Analytics
Data will be further analyzed, correlated and uncovered any possible
hidden patterns or connections using collected historical data. Will
perform descriptive analytics and predictive analytics to discover the
future malware attacks.
Visualization
Descriptive and predictive analytics results will be presented in a pictorial
or graphical format to enable decision makers to view the analytics
graphically. Will be used as evidence in forensic investigations and can be
used to distribute warning to the targeted organization.

Understanding the requirements
• Software
engineering
Practices
• Series of
workshops, training
and reviews
• Developed the
software
requirement
specifications (SRS)

Translating the requirements
to design
• Series of workshops
& reviews
• Developed the
Software Design
Document (SDD)
• Knowledge sharing
by the related
industry

CyberI3 framework implementation

Implementation (proof of concept)

• SLR
– Malware
Predictions
– Malware
Analytics
Techniques
– Visualization
Techniques
Concurrently… we do research
Systematic Literature
Review
Prediction Techniques
Selection
Prediction Techniques
Evaluation
Development of ICE
Systems (Data Analytic
Module)

Optimizing the implementation
• Evaluation
– Machine Learning
Algorithms
– Computing Platforms
MSE RMSE MAE
(Mean (Root Mean (Mean Absolute
Square Square Error) Error)
Error)
Linear 0.0581 0.241 0.1994
Regression
Random Forest 0.1959 0.4426 0.3852
ANN 0.1083 0.3291 0.2872
SVM 0.0442 0.2102 0.1689
ARIMA 0.0454 0.213 0.1711

CyberI3 dashboard-i

#GlobalCyberThreat
{Internal, External}

CyberI3 dashboard-ii

CyberI3 dashboard-iii

CyberI3 dashboard-iv

CyberI3 dashboard-v

CyberI3 dashboard-vi

Predictive signature and
prescriptive
solution

CyberI3 system; e.g. content analysis
& visualization
32

CyberI3 Cluster

#CyberLaw@CyberCSI
#UncoveringTruthBeyondDigitalImagination
{Prosecution, ExpertWitness, Takedown}

3. Conclusion
• People; operational + research (training & experience)
• Process; coordination
• Technology; facilitation
• Based on statistics be alert; awareness!
• Normally increase if there is major event e.g. MH 370
• New vulnerability/exploit/zero-day
• Based on cyber threat intelligence targeting
corporation/organization; CNII be careful!
• Ransomware on the rise; motivation is monetary gain
• Attack is getting sophisticated, mobile; Target/Sony!
• A lot research needed! @ Threat hunting…

Final deliverables (consultation)
• Software Requirement Specification (SRS)
• Software Design Document (SDD)
• Software Test Plan (STP)
• Optimization Report
• Final Report
• Closing Report

Final deliverables (research)
• 5 Journal Articles
–Malware Prediction Algorithm: Systematic Review (Scopus
Indexed)
–Malware Prediction Techniques: Selection and
Implementation for Integrated Cyber Evidence (ISI
Indexed)
–Classification of Malware Analytics Techniques: A
Systematic Literature Review (ISI Indexed)
–Analysis of Features for Malware Visualization (Scopus
Indexed)
–Systematic Literature Review for Malware Visualization
Techniques (Scopus Indexed)

Final deliverables (research)
• 2 Conference Proceedings
–Modeling Malware Prediction Using Artificial Neural
Network (presented in SOMET 2018, Spain)
–Malware Forensic Analytics Framework Using Big Data
Platform (to be presented at Future Technology
Conference, Vancouver Canada in November 2018)
• Satellite Lab @ Level 3 Menara Razak UTM Kuala
Lumpur

Experiences
• Smart Partnership
• Setting up Big Data Platform
• Hands on HCP Apache Metron Setup
• Professional Trainings with Hortonworks
– Apache NIFI
– Apache Metron
– HDP Developer – Enterprise Apache Spark
• 60-40 Data Science Practices
• Software Engineering Practices

#CyberDefenceAlliance
{CyberFIT, CyberACT, CyberDEF}

Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data Technology

More Related Content

What's hot (20)

Similar to Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data Technology (20)

More from DataWorks Summit (20)

Recently uploaded (20)

Cyber-I3 System - Intelligence, Incidence, and Investigation-based Big Data Technology