Adaptive Architectures for Cyber Security Analytics Systems

It is becoming quite hard to imagine software systems that wouldn’t need adaptation as part of their runtime requirements. With the increasing demand for adaptivity by design, the knowledge and skills in this area are lagging far behind. Cyber Analytics systems are a new breed of systems that combine big data technologies and cyber security systems for capturing, manning, and analyzing cyber security events data. Such systems need to be adaptive for supporting real-time analysis of the security events data. Our research has been focused on this important area for sometime and now we have started reporting the results of our work. Recently, one of our articles on this topic has been accepted in a prestigious software architecture conference, International Conference on Software Architecture, which will be held in Hamburg. Following is the abstract of the article and if it interests to you, please feel free to ask for a copy.

AbstractBig Data Cyber Security Analytics (BDCA) systems leverage big data technologies (e.g., Hadoop and Spark) for collecting, storing, and analyzing large volume of security event data to detect cyber-attacks. Accuracyand response timeare the two most important quality concerns for BDCA systems. However, the frequent changes in the operating environment of a BDCA system (such as quality and quantity of security event data) significantly impact these qualities. In this paper, we first study the impact of such environmental changes. We then present ADABTics, an architecture-driven adaptation approach that (re)composes the system at runtime with a set of components to ensure optimal accuracy and response time. We finally evaluate our approach both in a single node and multi-node settings using a Hadoop-based BDCA system and different adaptation scenarios. Our evaluation shows that on average ADABTicsimproves BDCA’s accuracy and response time by 6.06% and 23.7% respectively.