Xiaohong Yuan

Network security analysis using Big Data technology

With the evolution of networks, threats or attacks with the intention of disrupting service or stealing confidential data are increasing tremendously. Networks have to be monitored constantly and protected against attacks. In this paper, a new method to analyze network traffic using Big Data techniques is introduced. This approach detects anomalous activities being carried out and malicious data being transmitted over the networks through processing and loading traffic data into Hive database in Hadoop Distributed File System (HDFS) environment, and analyzing the data using Hive queries. The results of using this method to detect attacks on the sample dataset are also presented.

Network traffic classification for security analysis

We used unsupervised machine learning to identify anomalous patterns of network traffic that suggest intrusion. Such techniques allow one to classify network traffic into clusters that emerge from the training data and do not require that signatures already be known. Data is from the National Collegiate Cybersecurity Defense Competition (NCCDC). All but the TCP connections were filtered out, and the features extracted from the remaining data included characteristics of individual connections as well as patterns across time within a sliding window. The learning technique was k-means, with k = 5 giving the most natural and revealing partition of the data. The results bore out the following two hypotheses consistent with the literature: (1) most network traffic is normal, only a certain percentage being malicious; (2) the traffic from an attack is statistically different from normal traffic.

Analyzing network traffic data using Hive queries

Billions of devices are connected together with internet to serve the communication. Network monitoring to detect various security threats has become crucial in any organization. In this paper, we analyze large amount of network traffic data using Hive database in Hadoop Distributed File System (HDFS) environment. Hive queries are developed to identify security threats. The results of queries are demonstrated and the Hive Client application is developed where all the queries can be integrated. An Apache Zeppelin Visualization Tool is also introduced which can provide more insights on the dataset.

Teaching mobile computing and mobile security

Due to the popularity of mobile devices, it is important to teach mobile computing and security to students in colleges and universities. This paper describes eight course modules on mobile computing and security we developed that could be integrated into a computer science curriculum. These course modules were presented at a faculty workshop. Workshop evaluation includes a survey questionnaire and reflective narratives from participants. The workshop evaluation results are discussed in this paper. The course modules can be adopted by instructors teaching mobile application development, cyber security or other related courses.

Touch based active user authentication using Deep Belief Networks and Random Forests

While mobile devices traditionally use authentication methods such as passwords that define a single point of entry, active authentication can provide greater security by continuously authenticating users while they use the device. By extracting features based on users interaction with the touchscreen, we can distinguish between different users. In this research, we investigate the performances of Deep Belief Networks (DBN) and Random Forest (RF), a more traditional classification algorithm, to classify users using a dataset extracted from the touch patterns of 41 users. The dataset is separated into strokes, which are then grouped into sessions. The preliminary results show that DBNs are outperformed by the RF.