Towards Smarter Security Analytics for the Internet of People

Gerard Frankowski
TrackTrack 3 Nautica Room
DescriptionPlaSecurity, privacy and freedom of people are the values that must be protected whenever it is possible but not for the sake of criminals. In the Internet those values are misused by black hats, whose actions in the web cause severe impact on real life. Thus an appropriate countermeasures must be incorporated to protect human being that stands behind all smart devices, computers and things, connected to the network. We need smart security monitoring to protect ourselves and provide tools for legal investigators.  
From the NREN perspective, protection of infrastructures for e-science, including grids environments and core facilities, requires the use of novel techniques to collect monitoring data and, what is more import, to conduct analytics allowing successful identification of misbehaviour or security breach and affected parties including people. Integration and efficient processing of data from multiple sensors and systems placed within the infrastructure is a necessity. The complex event processing, SIEM systems or Big Data techniques are our modern weapons in the cyber battlefield.  
In this work, we would like to show how the network level information can be combined with user centric data (e.g. authentication logs, mail logs). We will show how the graph model to link all relevant data can be built and stored in NoSQL like graph database and queried in multiple ways using dedicated language (e.g. Cypher or Gremlin).  

All talks