A prototype for threat detection on big data using behavioural analytics for government ministries
Wambui, Macharia Terry
While no one would dispute the capability of big data to enlighten enterprise operations, the present methods of mining and managing big data are still evolving and are posing serious security and privacy challenges. Currently the greatest challenge for most Information Technology security practioners is that they’re unable to detect unknown insider threats on company valuable data in real time. This research sought to identify the different types of data as well as insider threats associated with the different types of data. Further for detection of insider threat to be successful there is need to separate legitimate behaviour from malicious behaviour with the use of behavioural analytics and machine learning. The research further sought to review the different approaches to network anomaly detection and build on their shortcomings. The shortcomings/loopholes formed the basis for the design of the prototype. From the results of the online survey carried out among security administrators it was determined that non-technical users were the likely offenders and hence caused the greatest risk to company’s valuable data. Further technical approaches were found to be the most effective techniques in mitigating insider threats. Detection of insider threat can’t be achieved with only one technique; a combination of techniques should be put into perspective if insider threat has to be successfully mitigated. Sound organizational procedures as well as policies that include controls are crucial to support the implementation of a tool that will detect insider threats in real time.
Submitted in partial fulfillment of the requirements for the Degree of Masters of Science in Information Technology
Prototype, Threat Detection, Big data, Behavioural Analytics, Government Ministries, ICT, security