@article {1068, title = {Combining Exploratory Analysis and Automated Analysis for Anomaly Detection in Real-Time Data Streams}, journal = {Technology Innovation Management Review}, volume = {7}, year = {2017}, month = {04/2017}, pages = {25-31}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Security analysts can become overwhelmed with monitoring real-time security information that is important to help them defend their network. They also tend to focus on a limited portion of the alerts, and therefore risk missing important events and links between them. At the heart of the problem is the system that analysts use to detect, explore, and respond to cyber-attacks. Developers of security analysis systems face the challenge of developing a system that can present different sources of information at multiple levels of abstraction, while also creating a system that is intuitive to use. In this article, we examine the complementary nature of exploratory analysis and automated analysis by testing the development of a system that monitors real-time Border Gateway Protocol (BGP) traffic for anomalies that might indicate security threats. BGP is an essential component for supporting the infrastructure of the Internet; however, it is also highly vulnerable and can be hijacked by attackers to propagate spam or launch denial-of-service attacks. Some of the attack scenarios on the BGP infrastructure can be quite elaborate, and it is difficult, if not impossible, to fully automate the detection of such attacks. This article makes two contributions: i) it describes a prototype platform for computing indicators and threat alerts in real time and for visualizing the context of an alert, and ii) it discusses the interaction of exploratory analysis (visualization) and automated analysis. This article is relevant to students, security researchers, and developers who are interested in the development or use of real-time security monitoring systems. They will gain insights into the complementary aspects of automated analysis and exploratory analysis through the development of a real-time streaming system.}, keywords = {anomaly detection, cybersecurity, exploratory analysis, real-time data streams, visualization}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/1068}, url = {http://timreview.ca/article/1068}, author = {Ahmed Shah and Ibrahim Abualhaol and Mahmoud Gad and Michael Weiss} } @article {1065, title = {Editorial: Cybersecurity (April 2017)}, journal = {Technology Innovation Management Review}, volume = {7}, year = {2017}, month = {04/2017}, pages = {3-4}, publisher = {Talent First Network}, address = {Ottawa}, keywords = {anomaly detection, automation, big data, cybersecurity, exploration, Hypponen{\textquoteright}s law, Internet of Things, IOT, legislation, medical devices, privacy, real time, risk assessment, security engineering, smart devices, value proposition, vulnerabilities}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/1065}, url = {http://timreview.ca/article/1065}, author = {Chris McPhee and Michael Weiss} } @article {963, title = {Crowdsourcing Literature Reviews in New Domains}, journal = {Technology Innovation Management Review}, volume = {6}, year = {2016}, month = {02/2016}, pages = {5-14}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Conducting a literature review in new domains presents unique challenges. The literature in a new domain is typically broad, fragmented, and growing quickly. Because little is known about the new domain, the literature review cannot be guided by established classifications of knowledge, unlike in an existing domain. Rather, it will be driven by evidence that challenges and extends existing knowledge. In a way, exploring a new domain means looking for anomalies in the evidence that cannot be explained by what is already known. This article summarizes lessons from conducting two literature reviews in new domains in the area of cybersecurity. It then presents a design for using leader-driven crowdsourcing to collect evidence and synthesize it into insights in a new domain. The article will be relevant to those who are exploring a new domain, in particular students, researchers, and members of R\&D projects in industry.}, keywords = {co-creation, crowdsourcing, crowdsourcing platform, cybersecurity, literature review, narrative, new domains, systematic}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/963}, url = {http://timreview.ca/article/963}, author = {Michael Weiss} }