Big Data for Security: On Using DNS Logs for Security Threat Detection

I am particularly interested in the area resulting from the intersection of the following topics: big data for security, big data analytics, distributed programming and data analysis solutions, security and cloud.

 

In particular I am interested in public case studies, business cases and trials involving the usage of (large amounts of) DNS data to detect new security threats and issues.

 

Here are some key related work and approaches:

·         EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis;

·         Large scale DNS analysis

·         Identifying malicious domains in large DNS resolver datasets using Hadoop

·         Emerging trends around big data analytics and security: Panel

·         Botnet detection by monitoring group activities in DNS traffic

·         DNS Based Security Incidents Detection in Campus Network

·         DNS-based Detection of Scanning Worms in an Enterprise Network

·         Cache poisoning detection method for improving security of recursive DNS

·         Preserving the big picture: Visual network traffic analysis with tnv

  

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---

My Updated Work and Personal Web Sites

I recently updated my personal and HP Labs web sites with news, deliverables and achievements, in the space of Security, Cloud and Big Data:

·         My HP Labs Web Page

·         My Personal Web Page

 

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---

My Tweets of the Week (22-26 July 2013)

My tweets of the week (22-26 July 2013) at https://twitter.com/MCasassaMont:

 

·         The open source job market is booming - http://www.infoworld.com/t/information-technology-careers/the-open-source-job-market-booming-223463 … #in

·         Three different roads to the 3-nanometer chip - http://www.theregister.co.uk/2013/07/25/proposed_semiconductor_transistor_possibilities/ … #in

·         With big data comes big responsibility - http://www.ft.com/cms/s/0/1c3e27ee-8b2f-11e2-8fcf-00144feabdc0.html#axzz2a58CgPqZ … #in

·         “Big Data” Is Not “Big Data” Unless It Gives You Actionable Insight - http://searchengineland.com/big-data-is-not-big-data-unless-it-gives-you-actionable-insight-167225 … #in

·         Loose lips trouble CISOs - http://www.scmagazineuk.com/loose-lips-trouble-cisos/article/304467/ … #in

·         Researchers spot new breed of infected Android apps in the wild - http://www.infoworld.com/t/android/researchers-spot-new-breed-of-infected-android-apps-in-the-wild-223400 … #in

·         Graph analysis will make big data even bigger - http://www.infoworld.com/d/big-data/graph-analysis-will-make-big-data-even-bigger-223420 … #in

·         CFOs Ignore Big Data at Their Peril - http://online.wsj.com/article/SB10001424127887323419604578571684135006800.html … #in

·         Competing businesses encouraged to share incident data as the attackers do - http://www.scmagazineuk.com/competing-businesses-encouraged-to-share-incident-data-as-the-attackers-do/article/304122/ … #in

·         FTSE 350 companies demonstrate very poor security manners - http://www.scmagazineuk.com/ftse-350-companies-demonstrate-very-poor-security-manners/article/304195/ … #in

·         Stop 80 percent of malicious attacks now - http://www.infoworld.com/d/security/stop-80-percent-of-malicious-attacks-now-223213 … #in

·         SDN 101: Software-defined networking explained in 10 easy steps - http://www.infoworld.com/slideshow/111753/sdn-101-software-defined-networking-explained-in-10-easy-steps-223225 … #in

·         Big Data Security Analytics: It Takes a Village - http://www.networkworld.com/community/node/83299 … #in

·         Software employment rises 45% in 10 years, as angst in engineering grows - http://www.computerworld.com/s/article/9240854/Software_employment_rises_45_in_10_years_as_angst_in_engineering_grows … #in

·         Happy birthday, OpenStack! Now change - http://www.networkworld.com/news/2013/072213-openstack-272063.html?hpg1=bn … #in

·         True tales of (mostly) white-hat hacking - http://www.infoworld.com/d/security/true-tales-of-mostly-white-hat-hacking-222831 … #in

·         Five Roles You Need on Your Big Data Team - http://blogs.hbr.org/cs/2013/07/five_roles_you_need_on_your_bi.html … #in

·         SIM card DES flaw could affect up to 500 million users - http://www.scmagazineuk.com/  #in

·         Are we in an enterprise startup bubble? - http://www.infoworld.com/t/startups/are-we-in-enterprise-startup-bubble-223138 … #in

 

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---

 

On Big Data for Security

I am currently focusing my R&D work in the space of “Big Data for Security”.

This is a fascinating area and, currently, a green field.

 

How to effectively leverage huge amount of collected IT information (ranging from IT logs to application and service information as well as external intelligence)  to identify new security threats, issues and provide valuable information to organisations to mitigate current and foreseeable risks?

 

HP already has core assets in the security and “Big Data” space: HP ArcSight suite (SIEM solution for event logging, storage and correlation); HP Vertica (highly parallelised, columnar database solution for storage and analytics of structured big data) and HP Autonomy (storage, indexing and retrieval of massive amount of unstructured data).

 

I am currently exploring how these capabilities could be fully leveraged in the context of big data for security, in particular in a few security verticals and types of critical security data. In addition, I am interested in exploring how the massive amount of required computation and analytics can be performed by adopting innovative solutions in the cloud (private and hybrid cloud).

 

I am looking for public use cases, case studies and requirements in this space, in particular for analytics based on big security data and anecdotes on how “big data” has been helping to address security issues.

 

 

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---

 

HP Labs Research

HP Labs has updated its Research web page, providing an overview of its 5 key research focus areas. More information is available here.

 

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---

On HP Moonshot Server Solutions

Recently HP launched the HP Moonshoot server solutions.

An interesting video titled “Meet the Innovators behind HP Moonshoot” is available online, here.

 

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---