Lecture 01 - Introduction To Cybersecurity For Enterprise Data Analytics Standards - v7

MN623 – Cyber Security and
Analytics
Week 1 – Introduction to cybersecurity for enterprise data
analytics, & standards
Acknowledgements:
The contents are compiled from
Prasad, R., & Rohokale, V. (2020). Cyber Security: The Lifeline of Information and Communication Technology.
Springer.
THOMAS, T. P. V., Vijayaraghavan, A. P., & Emmanuel, S. (2020). MACHINE LEARNING APPROACHES IN CYBER
SECURITY ANALYTICS. SPRINGER VERLAG, SINGAPOR.
Ghavami, P. (2019). Big Data Analytics Methods: Analytics Techniques in Data Mining, Deep Learning and
Natural Language Processing. Walter de Gruyter GmbH & Co KG.
Introduction to MN623
 Welcome Note
 Why do we need cybersecurity?
 There is an ongoing cybersecurity warfare
 Better technology is winning.
Compiled by Dr. Ajay Shiv Sharma Moderated by

March 2020 2
Prof. Savitri Bevinkoppa
Personal Computing and
Enterprise Computing
• Personal computing- Your watch, your TV, your car.
• But what does it take to really take computer systems to the
next level? - The enterprise level.
• Enterprise computing/networking systems are designed to

have millions of sessions connected to them.
 We look at necessity in enterprise and convenience in

personal computing.

March 2020 3
What do we learn in MN623?
 Know thy enemies
 Know the parties involved
 Be the part of the cybersecurity solutions
 Expected outcomes from the unit

March 2020 4
Unit Learning Outcomes
a. Analyse cyber security vulnerabilities using ethical hacking

methodologies
b. Implement and evaluate security testing tools in a realistic

computing environment
c. Evaluate intelligent security solutions based on data analytics
d. Analyse and interpret results from descriptive and predictive

data analysis
e. Propose cyber security solutions for business case studies

March 2020 5
What is Cybersecurity about?
Cybersecurity
What assets?
Organization How?
Professionals Regulations
en
t -Policy Is this enough?
: m
ills ss -Process
Sk sse -Management
-A isk Technologies
- R lan Cyber-defense
-P
Secure
Hackers Internet
Protecting
Learn about:
Assets -Service
-Attackers Antivirus
Patch Provider
-Cyberattacks
-VPN
-Hacking tools IDS, Firewall, Access
Auth, Authr, encry
Protect/educate Comply with

Operators Government
-Users -Governance
-People -Standards
-Machines -Framework
Parties of Cybersecurity
Fig. 1 Stakeholders of Cybersecurity

March 2020 6
Cybersecurity Definition
Cyber security is the collection of

• tools, policies,
• security concepts,
• security safeguards,
• guidelines, risk management approaches,
• actions, training, best practices,
• assurance and technologies
– that can be used to protect the cyber environment and organization
– and user’s assets.

March 2020 7
Emerging Cyber Threats
Fig. 2 Emerging Cyber Threats

March 2020 8
Overview of cyber threats and
attacks
• Advanced persistent threat (APT),
• Distributed denial of service (DDoS),
• Cross-platform malware (CPM),
• Metamorphic and polymorphic malware and phishing.
• New cyber-attacks including Ransomware,
• Endpoint attacks, Phishing, third party or supply chain attacks,
• Artificial intelligence and machine learning driven attacks

March 2020 9
Cybersecurity in phishing
scenarios
• Personal details of the online user are usually
obtained by cheating them with the help of
– emails, advertisements and some sites
– which are usually browsed by the online users.
 After the occurrence of incidences,
– users have to face other information robberies.

March 2020 10
Infected networks called
BOTNETs
• A BOTNET is a collection or a network of infectious
‘bots’ i.e. machines.
 Botnets have become a platform for the infection to the
– Internet, such as,
• spam,
• e-mails,
• launch denial of services attacks,
• click fraud,
• cyber warfare,
• cyber sabotage, etc.

March 2020 11
Botnet life cycle Diagram
Fig. 3 Botnet life cycle

March 2020 12
Botnet Detection Techniques
Fig. 4 Botnet Detection Techniques

March 2020 13
Botnet Detection Techniques
and Prevention
• Honeypots and Honeynets
• Signature Based Detection Techniques
• Anomaly Based Detection Techniques
• Data Mining Based Detection Techniques
– Prevention:
• Though some of the laws have been implemented to protect against
botnets,
• prevention is always essential to avoid the personal system being
attacked by bots.

March 2020 14
Malicious Software -Malware
Fig. 5 Different kinds of Malware

March 2020 15
Cyber Threats and Attack
Overview
• Risk is the integrated effect of vulnerabilities,
threats, and potential impact of cyber-attacks.
• Vulnerability is the potential weaknesses in the cyber security
system.
• Threat is a possibility of cyber-attack by making use of system
vulnerabilities.
 Internet and Internet of things (IoT) are the major threat
entities.
• Data threat is increasing with scaling of new web applications.

March 2020 16
Cyber attack categorization

March 2020 17
Cyber attack categorization

March 2020 18
Typical Attack Sequence
(1) Reconnaissance and Scanning

• first study the system in details to find the weaknesses
• then by exploiting the vulnerabilities found
(2) Access
• Use of web apps to communicate with system’s command and control
server.
(3) Escalation
• continuously observe the network operations, map them
• and monitor the system with the help of networking and hacking tools
• and then try to scale the infection.
(4) Exfiltration
• attackers acquire the access to admin’s machine or account.

March 2020 19
Typical Attack Sequence
Continued…
(5) Sustainment
• attackers compromise the infected networked devices
• and try to access new hosts by penetrating into the
internal sub-networks.
(6) Assault
• It happens when the hackers alter the functionality of the
victim’s hardware
• or disable the hardware totally.
(7) Obfuscation
• This step makes the victim more confused about the attack
• by hiding the compromised tracks

March 2020 20
Types of Cyber-attacks
1. Backdoors
8. Adware
2. Denial-of-service Attack
9. Ransomware
3. Eavesdropping
10. Spyware
4. Spoofing
11. Scareware
5. Tampering
12. Phishing
6. Repudiation Attack
13. Password Attacks
7. Social Engineering

March 2020 21
Backdoors
• Creating a new hidden entrance to evade the security

policies is called the backdoor attack.
• attacker installs key-logging software
• or any other software
• and via which the attackers get access to the victims
system.
 Attacker modifies files, information or installs
unwanted software.

March 2020 22
Denial-of-service Attack
• DoS (Denial-of-service) attacks

– attacker attacks the system so that actual user can’t
access the data or resources during this attack.
 by overloading its resources like
• bandwidth,
• TCP connection buffers,
• application/service buffer,
• CPU cycles, etc.

March 2020 23
Types of Denial-of-service
Attack
• There are various types of DoS attacks
– direct flooding attack,
– remote controlled network attack,
– reflective flooding attack,
– virus, worm, tear drop attack,
– protocol violation attack,
– fragmentation attack, etc. (Neumann 2000).
 Distributed denial of service (DDoS) attack uses many

computing devices and number of internet connections

March 2020 24
Eavesdropping
• The attacker listens to the system’s or network’s

conversation without their knowledge
– and uses that conversation for another attacker or enemy of
that organization.
 It is passive kind of attack wherein the
eavesdropper just observes
• and steals the information that computers,
– smart phones
– or other network entities are transmitting.

March 2020 25
Spoofing
• The attacker or program acts as if they are the actual,

legitimate user of that system or network.
– They hide their originality from the network
– and impersonate the system admin or victim.
 Such threats are frequently initiated via emails where
the sender’s IP address is spoofed.

March 2020 26
Tampering
• Tampering is a web-based attack

– attacker changes some parameters in the URL of
website
– or path without the user’s knowledge.
– The URL looks legitimate to the user.
 With illegal authorization, some parameters
entered by the user on particular URL
 or web page are altered.

March 2020 27
Repudiation Attack
• This is an attack in which a user falsely denies

– having performed any activity or engaged in any
communication.
 When the user denies for certain actions or
transactions, then it is called repudiation.

March 2020 28
Social Engineering
• It involves misleading a user

– and getting useful information from them.
– Using this information, the attackers bypass the security
mechanisms employed in the network.
– These attacks include baiting, phishing, spear phishing,
pretexting, and scareware.
 It tempts the user and makes them reveal their
secret information thereby breaking normal security

March 2020 29
Adware
• Adware is a type of software

– that supports advertisements which are embedded
in the application itself.
– Pop up windows continuously appear on the
screen where user is working.
 Adware is similar to malware as it uses ads to inflict
computers with deadly viruses.

March 2020 30
Ransomware
• The attackers restrict user access to the system

– and then ask for some amount to remove the
restriction.
– It is one type of threat
 But the advanced ransomware attack encrypts
– some important files on the victim’s system
– and demands some payment to decrypt and free the
files.

March 2020 31
Spyware
• Spyware is a software which works like a

secret agent.
 When victim installs free software,
– spyware is also installed in the backend via
– which the attacker gets the information from
victim’s system.

March 2020 32
Scareware
• Scareware is a type of threat

– in which messages suggesting download of useless
software pop up on genuine systems.
– to create worry among users or victim
– and to provoke them to download irrelevant software.
 The popup dialog looks like a system dialog,
but it is not same as that.

March 2020 33
Phishing
• The attacker makes the same copy of an original

WebPage and then sends it to the victim.
– The victim cannot identify the differences
– Fake and the original WebPages both look the same.
 The main goal of phishing is to get sensitive
information
• like username, password, bank account details, etc.

March 2020 34
Password Attacks
• An attacker can guess the password

– or make a program that can guess the password
– and tries it on system by bruteforce method,
– or uses a database which holds a common
password
– and tries it on system or login details of any
websites.
 Password attack is performed when an attacker
wants to know victim’s password.

March 2020 35
Next Topic is Data Analytics
• Data analytics may analyze many varieties of data

– to provide views into patterns and insights
– to provide new discovery and knowledge.
 They mine through the data using
• advanced statistics,
• artificial intelligence techniques,
• machine learning,
• deep learning,
• feedback and natural language processing (NLP)

March 2020 36
Why Advanced Data
Analytics?
• Advanced data analytics covers broader and
deeper methods to study data and interpret the
results.
 These methods include
• machine learning (ML),
• predictive,
• classification,
• semantic analysis and non-linear algorithms
• And multi-algorithm approaches.

March 2020 37
Artificial Intelligence in Cyber
Security
• Artificial intelligence (AI) techniques can be used
to solve cyber security issues.
 Various techniques come under the umbrella of AI
– such as data mining,
– neural networks,
– fuzzy logic
• that can be integrated with traditional practical
• and statistical mechanisms for the analysis of data.

March 2020 38
Machine
Learning in Cyber Security
• Machine learning is an application of AI
• that provides systems the ability to automatically learn
• and improve from experience without being explicitly
programmed.
 Machine learning algorithms are often categorized
 Supervised
 Unsupervised.

March 2020 39
Cybersecurity Problems and
Machine Learning
• Machine learning approaches involve predictions
based on a set of training data.
– In the case of cybersecurity,
• machine learning algorithms help to make use of data from
previous cyberattacks
• and develop the respective predictions.
 This approach can be used to build an automated
cyber defense system

March 2020 40
Important CyberSecurity
WebLinks in AUSTRALIA
 https://www.cyber.gov.au/about
 https://www.asd.gov.au/cyber
 https://cybersecuritystrategy.homeaffairs.gov.au/
 https://www.homeaffairs.gov.au/reports-and-publi
cations/submissions-and-discussion-papers/cyber-
security-strategy-2020
 https://www.aph.gov.au/About_Parliament/Parlia
mentary_Departments/Parliamentary_Library/pub
s/BriefingBook45p/Cybersecurity
 https://www.austcyber.com/

March 2020 41
What tools should I learn
 Penetration Testing
• Metasploit, Kali Linux
 Network Intrusion and Detection

• Snort, Forcepoint, GFI LanGuard, Acunetix
 Packet Sniffers and Password Auditing Tools

• John the Ripper, Cain and Abel, Tcpdump, Wireshark
 Network Defense Wireless Tools

• Aircrack, Netstumbler, KisMAC

March 2020 42
Cybersecurity Standards
• Cyber security standards
 BS 10012:2009,PAS 555:2013
• ISO/IEC 27000 series standards

 ISO/IEC 27000:2016, ISO/IEC 27003:2017, ISO/IEC 27033-4:2014,
ISO/IEC 27039:2015, ISO/IEC 27040:2015, ISO/IEC 27043:2015
• Other relevant ISO standards

 ISO/IEC 17788:2014, ISO/IEC 17788:2014
• Business continuity standards

 ISO 22301:2014, PD 25666:2010, ISO 22322:2015
• National Institute of Standards and Technology

(NIST) standards
 NIST SP 800-53A, NIST SP 800-83, NIST SP 800-100, NIST SP 800-153,
NIST Cyber Security Framework (2014)

March 2020 43
Summary
 Awareness about the cyber threats is the first and most

important step in achieving security.
 Security is not a onetime mechanism. It is a continuous process.
 With the added benefit of machine learning, AI algorithms can

easily turn down the cyber security breaches
 Cybersecurity standards such as ISO/IEC 27000 series

standards, NIST standards, Business continuity standards

March 2020 44
Lecture 1 Questions
1) Discuss any use of data analytics tools in our daily life.

2) What are the job opportunities in cybersecurity and
data analytics.
3) How to address the need for cybersecurity experts?
4) Is the AUSTRALIAN regulatory environment for
cybersecurity appropriate? Why or why not?
5) Explain Botnet life cycle Diagram and Botnet
Detection Techniques in Slides 12 and 13 in detail.
Compiled by Dr. Ajay Shiv Sharma Moderated

March 2020 by Prof. Savitri Bevinkoppa
45

Lecture 01 - Introduction To Cybersecurity For Enterprise Data Analytics Standards - v7

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 01 - Introduction To Cybersecurity For Enterprise Data Analytics Standards - v7

Uploaded by

Copyright:

Available Formats

MN623 – Cyber Security and

 Why do we need cybersecurity?

 There is an ongoing cybersecurity warfare

 Better technology is winning.

Compiled by Dr. Ajay Shiv Sharma Moderated by

• Enterprise computing/networking systems are designed to

 We look at necessity in enterprise and convenience in

Compiled by Dr. Ajay Shiv Sharma Moderated by

 Know thy enemies

 Know the parties involved

 Be the part of the cybersecurity solutions

 Expected outcomes from the unit

Compiled by Dr. Ajay Shiv Sharma Moderated by

a. Analyse cyber security vulnerabilities using ethical hacking

b. Implement and evaluate security testing tools in a realistic

c. Evaluate intelligent security solutions based on data analytics

d. Analyse and interpret results from descriptive and predictive

e. Propose cyber security solutions for business case studies

Compiled by Dr. Ajay Shiv Sharma Moderated by

Protect/educate Comply with

Fig. 1 Stakeholders of Cybersecurity

Compiled by Dr. Ajay Shiv Sharma Moderated by

Cyber security is the collection of

Compiled by Dr. Ajay Shiv Sharma Moderated by

Fig. 2 Emerging Cyber Threats

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Fig. 3 Botnet life cycle

Compiled by Dr. Ajay Shiv Sharma Moderated by

Fig. 4 Botnet Detection Techniques

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Fig. 5 Different kinds of Malware

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

(1) Reconnaissance and Scanning

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

Compiled by Dr. Ajay Shiv Sharma Moderated by

• Creating a new hidden entrance to evade the security

Compiled by Dr. Ajay Shiv Sharma Moderated by

• DoS (Denial-of-service) attacks

Compiled by Dr. Ajay Shiv Sharma Moderated by

 Distributed denial of service (DDoS) attack uses many

Compiled by Dr. Ajay Shiv Sharma Moderated by

• The attacker listens to the system’s or network’s

Compiled by Dr. Ajay Shiv Sharma Moderated by

• The attacker or program acts as if they are the actual,

Compiled by Dr. Ajay Shiv Sharma Moderated by

• Tampering is a web-based attack

Compiled by Dr. Ajay Shiv Sharma Moderated by

• This is an attack in which a user falsely denies

Compiled by Dr. Ajay Shiv Sharma Moderated by

• It involves misleading a user

Compiled by Dr. Ajay Shiv Sharma Moderated by

• Adware is a type of software

Compiled by Dr. Ajay Shiv Sharma Moderated by

• The attackers restrict user access to the system

Compiled by Dr. Ajay Shiv Sharma Moderated by