Handbook of Big Data Analytics and Forensics

This handbook discusses challenges and limitations in existing solutions, and presents state-of-the-art advances from both academia and industry, in big data analytics and digital forensics. The second chapter comprehensively reviews IoT security, privacy, and forensics literature, focusing on IoT and unmanned aerial vehicles (UAVs). The authors propose a deep learning-based approach to process cloud's log data and mitigate enumeration attacks in the third chapter. The fourth chapter proposes a robust fuzzy learning model to protect IT-based infrastructure against advanced persistent threat (APT) campaigns. Advanced and fair clustering approach for industrial data, which is capable of training with huge volume of data in a close to linear time is introduced in the fifth chapter, as well as offering an adaptive deep learning model to detect cyberattacks targeting cyber physical systems (CPS) covered in the sixth chapter.

The authors evaluate the performance of unsupervised machine learning for detecting cyberattacks against industrial control systems (ICS) in chapter 7, and the next chapter presents a robust fuzzy Bayesian approach for ICS's cyber threat hunting. This handbook also evaluates the performance of supervised machine learning methods in identifying cyberattacks against CPS. The performance of a scalable clustering algorithm for CPS's cyber threat hunting and the usefulness of machine learning algorithms for MacOS malware detection are respectively evaluated.

This handbook continues with evaluating the performance of various machine learning techniques to detect the Internet of Things malware. The authors demonstrate how MacOSX cyberattacks can be detected using state-of-the-art machine learning models. In order to identify credit card frauds, the fifteenth chapter introduces a hybrid model. In the sixteenth chapter, the editors propose a model that leverages natural language processing techniques for generating a mapping between APT-related reports and cyber kill chain. A deep learning-based approach to detect ransomware is introduced, as well as a proposed clustering approach to detect IoT malware in the last two chapters.

This handbook primarily targets professionals and scientists working in Big Data, Digital Forensics, Machine Learning, Cyber Security Cyber Threat Analytics and Cyber Threat Hunting as a reference book. Advanced level-students and researchers studying and working in Computer systems, Computer networks and Artificial intelligence will also find this reference useful.

本手冊討論現有解決方案中的挑戰和限制，並介紹了來自學術界和工業界在大數據分析和數字取證方面的最新進展。第二章全面回顧了物聯網安全、隱私和取證文獻，重點關注物聯網和無人機。作者們在第三章提出了一種基於深度學習的方法來處理雲端日誌數據並減輕列舉攻擊。第四章提出了一種強大的模糊學習模型，用於保護基於IT的基礎設施免受高級持續性威脅（APT）活動的影響。第五章介紹了一種先進且公平的工業數據聚類方法，能夠在接近線性時間內處理大量數據，同時還提供了一種適應性深度學習模型，用於檢測針對物聯網的攻擊，這些內容都包含在第六章中。

作者們在第七章評估了無監督機器學習在工業控制系統（ICS）的攻擊檢測中的性能，下一章則介紹了一種強大的模糊貝葉斯方法，用於ICS的網絡威脅狩獵。本手冊還評估了監督機器學習方法在識別針對CPS的攻擊中的性能。對於CPS的網絡威脅狩獵，評估了可擴展的聚類算法的性能，並評估了機器學習算法在MacOS惡意軟件檢測中的實用性。

本手冊繼續評估各種機器學習技術在檢測物聯網惡意軟件方面的性能。作者們展示了如何使用最先進的機器學習模型檢測MacOSX的網絡攻擊。為了識別信用卡欺詐，第十五章介紹了一種混合模型。在第十六章中，編者們提出了一種利用自然語言處理技術生成APT相關報告和網絡攻擊鏈之間映射的模型。最後兩章分別介紹了一種基於深度學習的檢測勒索軟件的方法，以及一種檢測物聯網惡意軟件的聚類方法。

本手冊主要針對從事大數據、數字取證、機器學習、網絡安全、網絡威脅分析和網絡威脅狩獵的專業人士和科學家，作為參考書。在計算機系統、計算機網絡和人工智能領域進行高級學習和研究的學生和研究人員也會發現這本參考書很有用。

Kim-Kwang Raymond Choo received the Ph.D. in Information Security in 2006 from Queensland University of Technology, Australia. He currently holds the Cloud Technology Endowed Professorship at The University of Texas at San Antonio (UTSA). He is an IEEE Computer Society Distinguished Visitor (2021 - 2023), and a Web of Science's Highly Cited Researcher in the field of Cross-Field - 2020. In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany's University of Erlangen-Nuremberg. He is the recipient of the 2019 IEEE Technical Committee on Scalable Computing (TCSC) Award for Excellence in Scalable Computing (Middle Career Researcher), the 2018 UTSA College of Business Col. Jean Piccione and Lt. Col. Philip Piccione Endowed Research Award for Tenured Faculty, the British Computer Society's 2019 Wilkes Award Runner-up, the 2014 Highly Commended Award by the Australia New Zealand Policing Advisory Agency, the Fulbright Scholarship in 2009, the 2008 Australia Day Achievement Medallion, and the British Computer Society's Wilkes Award in 2008. He has also received best paper awards from the IEEE Consumer Electronics Magazine for 2020, EURASIP Journal on Wireless Communications and Networking (JWCN) in 2019, IEEE TrustCom 2018, and ESORICS 2015; the Korea Information Processing Society's Journal of Information Processing Systems (JIPS) Survey Paper Award (Gold) 2019; the IEEE Blockchain 2019 Outstanding Paper Award; and Best Student Paper Awards from Inscrypt 2019 and ACISP 2005.
Since receiving his PhD in 2011, Dr. Dehghantanha has made significant contributions to the fast-moving fields of cybersecurity and cyber threat intelligence. He is a Canada Research Chair in Cybersecurity and Threat Intelligence, and an EU Marie-Curie Fellow Alumni in digital forensics. Dr. Dehghantanha has pioneered the use of ML-based systems for threat hunting in IoT/ICS devices using physical characteristics (e.g. power consumption) as opposed to application-level characteristics (e.g. IP addresses). His works have resulted in an Intrusion Detection System (IDS) for IoT networks; and deep learning models for threat hunting in the edge layer of ICS networks. In 2019, with support from the Department of National Defense Canada, he has developed the first multi-view fuzzy machine learning system for cyber threat attribution. He is among few academics contributing to fundamental research in cyber threat intelligence, with most research taking place in industry settings. His work helps define this new discipline while informing practical strategies. He has built a Cyber Kill Chain-based threat intelligence framework for analyzing banking Trojan campaigns which is widely used to model different attack campaigns, including APT groups activities, analyzing crypto-ransomware campaigns, and analyzing Advanced Persistent Threat (APT) groups targeting critical national infrastructure. He is currently the director of Cyber Science Lab at the University of Guelph, Ontario, Canada.

Kim-Kwang Raymond Choo於2006年從澳大利亞昆士蘭科技大學獲得資訊安全博士學位。他目前擔任美國德州聖安東尼奧大學(UTSA)的雲技術特聘教授。他是IEEE計算機學會的傑出訪問學者(2021-2023)，並且是Web of Science在2020年跨領域領域中的高被引研究者。2015年，他和他的團隊贏得了德國埃爾朗根-紐倫堡大學組織的數字取證研究挑戰賽。他是2019年IEEE可擴展計算技術委員會(TCSC)卓越獎(中期職業研究者)、2018年UTSA商學院Col. Jean Piccione和Lt. Col. Philip Piccione特聘研究獎、英國計算機學會2019年Wilkes獎亞軍、2014年澳大利亞新西蘭警務顧問機構的高度表彰獎、2009年富布萊特獎學金、2008年澳大利亞日成就勳章和2008年英國計算機學會Wilkes獎的獲獎者。他還獲得了IEEE消費電子雜誌2020年最佳論文獎、2019年EURASIP無線通信和網絡期刊(JWCN)最佳論文獎、2018年IEEE TrustCom和2015年ESORICS最佳論文獎；2019年韓國信息處理學會信息處理系統期刊(JIPS)調查論文獎(金獎)；2019年IEEE區塊鏈傑出論文獎；以及2019年Inscrypt和2005年ACISP的最佳學生論文獎。

自2011年獲得博士學位以來，Dehghantanha博士在網絡安全和網絡威脅情報這個快速發展的領域做出了重大貢獻。他是加拿大研究主席(Canada Research Chair)的網絡安全和威脅情報，也是數字取證方面的歐盟瑪麗居里學者校友。Dehghantanha博士開創了使用基於機器學習的系統來對物聯網/工業控制系統設備進行威脅狩獵，使用物理特徵(例如功耗)而不是應用層特徵(例如IP地址)。他的研究成果包括物聯網網絡的入侵檢測系統(IDS)和工業控制系統網絡邊緣層的深度學習模型用於威脅狩獵。在2019年，他在加拿大國防部的支持下，開發了第一個用於網絡威脅歸因的多視圖模糊機器學習系統。他是少數在網絡威脅情報的基礎研究方面做出貢獻的學者之一，大部分研究都在工業領域進行。他的工作有助於定義這個新的學科，同時提供實用的策略。他建立了基於Cyber Kill Chain的威脅情報框架，用於分析銀行木馬活動，被廣泛用於建模不同的攻擊活動，包括APT組織的活動、加密勒索軟件活動以及針對關鍵國家基礎設施的APT組織的活動。他目前是加拿大安大略省圭爾夫大學的Cyber Science Lab主任。