Design Space for Cyber Security Analytical Systems

Cyber Security infrastructures are increasingly relying on big data technologies for capturing, storing, and analyzing huge amount of security events data. Designing and evolving systems that can effectively and efficiently combine big data technologies and cybersecurity are hugely challenging undertakings. Whilst the knowledge for designing cyber security analytics systems has increasing for sometime, there was no consolidated piece of work on design mechanisms, also called tactics, for architecting big data cyber security analytics systems – very proud to share that our recent effort has attempted to fill that gap by providing a consolidated piece of knowledge about the quality attributes considered important for cyber security analytics systems and architectural tactics can help achieve the desired set of quality attributes – such a consolidated knowledge about any aspect of software  design is called Design Space – ours is a design space for cyber security analytics systems. This work has recently been accepted for publication in one of the top quality journal of software systems, Journal of Systems and Software. We will be happy to provide a copy of the article on request and following is the abstract of the article.

Context:Big DataCybersecurity Analytics (BDCA) systems leverage big data technologies for analyzing security events data to protect organizational networks, computers, and data from cyber attacks. Objective:We aimed at identifying the most frequently reported quality attributes and architectural tactics for BDCA systems. Method:We used Systematic Literature Review (SLR) method for reviewing 74 papers. Result:Our findings are twofold: (i) identification of 12 most frequently reported quality attributes for BDCA systems; and (ii) identification and codification of 17 architectural tactics for addressing the identified quality attributes. The identified tactics include six performance tactics, four accuracy tactics, two scalability tactics, three reliability tactics, and one security and usability tactic each.Conclusion:Our study reveals that in the context of BDCA (a) performance, accuracy and scalability are the most important quality concerns (b) data analytics is the most critical architectural component (c) despite the significance of interoperability, modifiability, adaptability, generality, stealthiness, and privacy assurance, these quality attributes lack explicit architectural support (d) empirical investigation is required to evaluate the impact of the codified tactics and explore the quality trade-offs and dependencies among the tactics and (e) the reported tactics need to be modelled using a standardized modelling language such as UML.”