Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Cloud Infrastructure Engineer Site Reliability Engineer Chaos Engineering Advocate @yurynino www.yurynino.dev YURY NIÑO ROA

Slide 3

Slide 3 text

Visual Metaphors to monitor Cyber Attacks through Anomaly Detection

Slide 4

Slide 4 text

■ Motivations ■ What is Anomaly Detection? ■ Where do we see Anomalies? ■ What is a Metaphor? ■ Comparing Metaphors vs Traditional ■ Approaches in this field

Slide 5

Slide 5 text

Motivations

Slide 6

Slide 6 text

Motivations Challenges to be solved in this area: ● Ability of the security system to detect previously unknown attacks. ● The efficiency depends on the datasets used to train the ML models. ● The completeness and validity are questionable. Cyberattacks on software systems can lead to severe consequences, and therefore it is extremely important to detect them at early stages.

Slide 7

Slide 7 text

An Anomaly can be seen as a Cyberattack because it is a signal of any change in the specific established standard communication of a network.

Slide 8

Slide 8 text

Anomaly Detection

Slide 9

Slide 9 text

What is an Anomaly? Anomaly detection is the process of identifying anomalous events that do not match the expected behaviour of the system. Currently, anomaly detection approaches are often implemented using machine learning, such as shallow (or traditional) learning and deep learning!

Slide 10

Slide 10 text

1. Statistical Methods Univariate and multivariate analysis. 2. Knowledge-based Methods Finite-state machine, heuristics and rulesets. 3. Machine learning Methods Supervised and unsupervised techniques. Anomaly Detection Methods

Slide 11

Slide 11 text

Where do we see Anomalies?

Slide 12

Slide 12 text

1. Datasource Logs Network Packets, CPU, process and RAM logs 2. Records in Physical Systems Such as cyber-physical system (CPS) or intelligent systems. 3. Data in Databases Including structured and unstructured records, available in SQL/No SQL Databases. Data Sources

Slide 13

Slide 13 text

No matter if you use traditional or sophisticated visualization techniques, they will make easier the detection of Anomalies.

Slide 14

Slide 14 text

Cyber Attack Visualization

Slide 15

Slide 15 text

Visual Metaphors Because all primates, including humans, are highly visual creatures! Half of the human brain is directly devoted to processing visual information. At least 65% of people are visual learners. It could be higher depending on the topic. Presentations using visual ads were found to be 43% more persuasive than unaided presentations.

Slide 16

Slide 16 text

Common Visual Variables Colour Position Motion Abstraction Shape Size

Slide 17

Slide 17 text

A Visual Metaphor is a mapping from concepts and objects of the simulated application domain to a system of similarities and analogies.

Slide 18

Slide 18 text

Approaches

Slide 19

Slide 19 text

Metaphors Scenarios 1. Sabotaging of local file stores through creation and deletion of sensitive files and folders. 2. Botnet scanning activities. 3. Resource flooding (CPU and network).

Slide 20

Slide 20 text

Metaphors Scenarios 1. Sabotaging of local file stores through creation and deletion of sensitive files and folders. 2. Botnet scanning activities. 3. Resource flooding (CPU and network).

Slide 21

Slide 21 text

Metaphors Sabotaging City Metaphor Galaxy Metaphor

Slide 22

Slide 22 text

Metaphors Botnet Scanning City Metaphor Galaxy Metaphor

Slide 23

Slide 23 text

Metaphors Botnet Scanning City Metaphor Galaxy Metaphor

Slide 24

Slide 24 text

Thanks! @yurynino www.yurynino.dev https://www.yurynino.dev