National-level Collaborative Multi-Lateral Defensive Framework based on Big Data Analytics ParadigmReturn to TOC presented at FIRST 2014

by Ching-hao Mao,

Summary : His research interests are network security and data mining, big data analytics and security operation center related operations. He was an invited speaker in FIRST 2013 and CSA-APAC 2013 respectively. He holds five United States patents in the aspect of information security, more than 20 referee papers.
Mao is a voluntary worker of “Consumers’ Foundation, Chinese Taipei”. He also enjoys surfing.
How to recognize the information security threat from social media unstructured data? How to incorporate independent security operation centers' raw events and incidents. The considerable number of heterogamous information security is too difficult to be leveraged for national-level threat trends prediction without big data analytics paradigm. In this talk, we present a heterogeneous information security analytics (HISA) platform, which collects the security appliance event logs (structured big data) and internet cyber security intelligence (unstructured big data) from the government. We share two critical experiences while analytics platform construction, one is how to create multi-lateral defensive framework especially in integration and negotiation the data sharing, and another one is how to construct national-level framework in big data warehousing and analysis. For the multi-lateral defensive issues, we use big data analytics techniques to automatic investigate the threat model in heterogeneous data among Taiwan government, information security industries and societies, (i.e., we leverage the contents from Twitter's from hackers to correlate logs from SOC). From the national-level perspective, we design a scalable data collecting and warehousing framework which leverage fast indexing and distributed computation for handling long-term and tera scale network behavior. We hope use this presentation to share our experience for protection of national-level cyber security.