@article {1068, title = {Combining Exploratory Analysis and Automated Analysis for Anomaly Detection in Real-Time Data Streams}, journal = {Technology Innovation Management Review}, volume = {7}, year = {2017}, month = {04/2017}, pages = {25-31}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Security analysts can become overwhelmed with monitoring real-time security information that is important to help them defend their network. They also tend to focus on a limited portion of the alerts, and therefore risk missing important events and links between them. At the heart of the problem is the system that analysts use to detect, explore, and respond to cyber-attacks. Developers of security analysis systems face the challenge of developing a system that can present different sources of information at multiple levels of abstraction, while also creating a system that is intuitive to use. In this article, we examine the complementary nature of exploratory analysis and automated analysis by testing the development of a system that monitors real-time Border Gateway Protocol (BGP) traffic for anomalies that might indicate security threats. BGP is an essential component for supporting the infrastructure of the Internet; however, it is also highly vulnerable and can be hijacked by attackers to propagate spam or launch denial-of-service attacks. Some of the attack scenarios on the BGP infrastructure can be quite elaborate, and it is difficult, if not impossible, to fully automate the detection of such attacks. This article makes two contributions: i) it describes a prototype platform for computing indicators and threat alerts in real time and for visualizing the context of an alert, and ii) it discusses the interaction of exploratory analysis (visualization) and automated analysis. This article is relevant to students, security researchers, and developers who are interested in the development or use of real-time security monitoring systems. They will gain insights into the complementary aspects of automated analysis and exploratory analysis through the development of a real-time streaming system.}, keywords = {anomaly detection, cybersecurity, exploratory analysis, real-time data streams, visualization}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/1068}, url = {http://timreview.ca/article/1068}, author = {Ahmed Shah and Ibrahim Abualhaol and Mahmoud Gad and Michael Weiss} } @article {1087, title = {Reflecting on 10 Years of the TIM Review}, journal = {Technology Innovation Management Review}, volume = {7}, year = {2017}, month = {07/2017}, pages = {5-20}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {In July 2007, the first issue of this journal was published under the banner of the Open Source Business Resource. Re-launched with a broader scope in 2011 as the Technology Innovation Management Review, the journal now celebrates its 10th anniversary. In this article, we review the 10-year history of the journal to examine what themes have been covered, who has contributed, and how much the articles have been read and cited. During those 10 years, the journal has published 120 monthly issues, including more than 800 publications by more than 800 international authors from industry, academia, the public sector, and beyond. As discovered with topic modelling, the journal has covered seven themes: open source business, technology entrepreneurship, growing a business, research approaches, social innovation, living labs, and cybersecurity. Overall, the website has attracted over 1 million readers from around the world {\textendash} 31\% from Asia, 30\% from the Americas, 26\% from Europe, 8\% from Africa, and 5\% from Oceania {\textendash} with over 25,000 readers now accessing the site each month. }, keywords = {business, entrepreneurship, innovation, journal, management, open source, OSBR, research, scientometric analyses, technology, TIM Review, topic, topic modelling}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/1087}, url = {http://timreview.ca/article/1087}, author = {Chris McPhee and Teemu Santonen and Ahmed Shah and Ali Nazari} } @article {964, title = {Intrusion Learning: An Overview of an Emergent Discipline}, journal = {Technology Innovation Management Review}, volume = {6}, year = {2016}, month = {02/2016}, pages = {15-20}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {The purpose of this article is to provide a definition of intrusion learning, identify its distinctive aspects, and provide recommendations for advancing intrusion learning as a practice domain. The authors define intrusion learning as the collection of online network algorithms that learn from and monitor streaming network data resulting in effective intrusion-detection methods for enabling the security and resiliency of enterprise systems. The network algorithms build on advances in cyber-defensive and cyber-offensive capabilities. Intrusion learning is an emerging domain that draws from machine learning, intrusion detection, and streaming network data. Intrusion learning offers to significantly enhance enterprise security and resiliency through augmented perimeter defense and may mitigate increasing threats facing enterprise perimeter protection. The article will be of interest to researchers, sponsors, and entrepreneurs interested in enhancing enterprise security and resiliency.}, keywords = {adversarial learning, clustering, cybersecurity, enterprise, intrusion detection, intrusion learning, learning algorithms, machine learning, real-time analysis, resiliency, security, streaming network data}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/964}, url = {http://timreview.ca/article/964}, author = {Tony Bailetti and Mahmoud Gad and Ahmed Shah} } @article {966, title = {License Compliance in Open Source Cybersecurity Projects}, journal = {Technology Innovation Management Review}, volume = {6}, year = {2016}, month = {02/2016}, pages = {28-35}, publisher = {Talent First Network}, address = {Ottawa}, abstract = {Developers of cybersecurity software often include and rely upon open source software packages in their commercial software products. Before open source code is absorbed into a proprietary product, developers must check the package license to see if the project is permissively licensed, thereby allowing for commercial-friendly inheritance and redistribution. However, there is a risk that the open source package license could be inaccurate due to being silently contaminated with restrictively licensed open source code that may prohibit the sale or confidentiality of commercial derivative work. Contamination of commercial products could lead to expensive remediation costs, damage to the company{\textquoteright}s reputation, and costly legal fees. In this article, we report on our preliminary analysis of more than 200 open source cybersecurity projects to identify the most frequently used license types and languages and to look for evidence of permissively licensed open source projects that are likely contaminated by restrictive licensed material (i.e., containing commercial-unfriendly code). Our analysis identified restrictive license contamination cases occurring in permissively licensed open source projects. Furthermore, we found a high proportion of code that lacked copyright attribution. We expect that the results of this study will: i) provide managers and developers with an understanding of how contamination can occur, ii) provide open source communities with an understanding on how they can better protect their intellectual property by including licenses and copyright information in their code, and ii) provide entrepreneurs with an understanding of the open source cybersecurity domain in terms of licensing and contamination and how they affect decisions about cybersecurity software architectures.}, keywords = {contamination, copyright, cybersecurity, GPL, license, open source, third-party code}, issn = {1927-0321}, doi = {http://doi.org/10.22215/timreview/966}, url = {http://timreview.ca/article/966}, author = {Ahmed Shah and Selman Selman and Ibrahim Abualhaol} }