An Examination of Big Data Analytics Frameworks for Targeted Cyber-Attack Detection

Karan Chawla

Abstract: Traditional intrusion detection systems isolate alarms and concentrate on low-level threats. Due to the numerous alerts received each day. Since human users must put in so much effort, it is nearly difficult to thoroughly investigate each alarm message. Analyzing historical data and looking for abnormalities that depart from the norm constitute anomaly detection. The benefit is that it can identify unidentified assaults. The drawback is that because network users' unpredictable behavior makes false alerts possible. Many systems for detecting anomalies rely on data mining methods. However, these abilities rarely keep up with the various forms of assaults and the rapidly evolving technologies. However, taking into account human aspects in anomaly identification gives us the chance to enhance the current algorithms and provide better outcomes. SNORT is the de facto industry standard and a reliable, proven system technology. In past research, SNORT log data was not used to compare various anomaly detection methods. SNORT log data analysis software is already widely available; however these programmes are purely visualization tools and do not use data mining techniques. Using Big Data Analytics, HeteMSD is a framework for identifying targeted cyber attacks. The recommended framework's name is heterogeneous multisource data. There has to be a strong framework that can aid security analysts in order to reduce the blindness of data analysis from many data sources without decreasing the level of digital security assurances. A correlation engine can reduce alert volume while just analyzing one log resource by grouping several warnings that are a part of an ongoing assault. Alert threading is the term for this procedure. In the case of heterogeneous log resources, a correlation engine should be able to determine if reports from several log resources relate to the same incident. This review paper analyses three types of big data techniques such as SNORT, Heterogeneous Data and Alert-Intrusion Detection technique for targeted cyber-attack detection.

Keywords: Intrusion Detection, SNORT, HeteMSD, Cyber-Security, Attack, Threat, Big Data