%0 Journal Article %J Technology Innovation Management Review %D 2017 %T Combining Exploratory Analysis and Automated Analysis for Anomaly Detection in Real-Time Data Streams %A Ahmed Shah %A Ibrahim Abualhaol %A Mahmoud Gad %A Michael Weiss %K anomaly detection %K cybersecurity %K exploratory analysis %K real-time data streams %K visualization %X Security analysts can become overwhelmed with monitoring real-time security information that is important to help them defend their network. They also tend to focus on a limited portion of the alerts, and therefore risk missing important events and links between them. At the heart of the problem is the system that analysts use to detect, explore, and respond to cyber-attacks. Developers of security analysis systems face the challenge of developing a system that can present different sources of information at multiple levels of abstraction, while also creating a system that is intuitive to use. In this article, we examine the complementary nature of exploratory analysis and automated analysis by testing the development of a system that monitors real-time Border Gateway Protocol (BGP) traffic for anomalies that might indicate security threats. BGP is an essential component for supporting the infrastructure of the Internet; however, it is also highly vulnerable and can be hijacked by attackers to propagate spam or launch denial-of-service attacks. Some of the attack scenarios on the BGP infrastructure can be quite elaborate, and it is difficult, if not impossible, to fully automate the detection of such attacks. This article makes two contributions: i) it describes a prototype platform for computing indicators and threat alerts in real time and for visualizing the context of an alert, and ii) it discusses the interaction of exploratory analysis (visualization) and automated analysis. This article is relevant to students, security researchers, and developers who are interested in the development or use of real-time security monitoring systems. They will gain insights into the complementary aspects of automated analysis and exploratory analysis through the development of a real-time streaming system. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 7 %P 25-31 %8 04/2017 %G eng %U http://timreview.ca/article/1068 %N 4 %1 VENUS Cybersecurity Corporation Ahmed Shah holds a BEng in Software Engineering from Lakehead University in Thunder Bay, Canada, and a MEng in Technology Innovation Management from Carleton University in Ottawa, Canada. Ahmed has experience working in a wide variety of research roles at the VENUS Cybersecurity Corporation, the Global Cybersecurity Resource, and Carleton University. %2 Carleton University Ibrahim Abualhaol is a Research Scientist at Larus Technologies and an Adjunct Professor at Carleton University in Ottawa, Canada. He holds a BSc, an MSc, and a PhD in Electrical and Computer Engineering. He is a senior member of IEEE and a Professional Engineer (P.Eng) in Ontario, Canada. His research interests include real-time big-data analytics and its application in cybersecurity and wireless communication systems. %3 VENUS Cybersecurity Corporation Mahmoud M. Gad is a Research Scientist at the VENUS Cybersecurity Corporation. He holds a PhD in Electrical and Computer Engineering from the University of Ottawa in Canada. Additionally, he holds an MSc in ECE from the University of Maryland in College Park, United States. His research interests include big-data analytics for cybersecurity, cyber-physical system risk assessment, cybercrime markets, and analysis of large-scale networks. %4 Carleton University Michael Weiss holds a faculty appointment in the Department of Systems and Computer Engineering at Carleton University in Ottawa, Canada, and he is a member of the Technology Innovation Management program. His research interests include open source, ecosystems, mashups, patterns, and social network analysis. Michael has published on the evolution of open source business, mashups, platforms, and technology entrepreneurship. %R http://doi.org/10.22215/timreview/1068 %0 Journal Article %J Technology Innovation Management Review %D 2016 %T License Compliance in Open Source Cybersecurity Projects %A Ahmed Shah %A Selman Selman %A Ibrahim Abualhaol %K contamination %K copyright %K cybersecurity %K GPL %K license %K open source %K third-party code %X Developers of cybersecurity software often include and rely upon open source software packages in their commercial software products. Before open source code is absorbed into a proprietary product, developers must check the package license to see if the project is permissively licensed, thereby allowing for commercial-friendly inheritance and redistribution. However, there is a risk that the open source package license could be inaccurate due to being silently contaminated with restrictively licensed open source code that may prohibit the sale or confidentiality of commercial derivative work. Contamination of commercial products could lead to expensive remediation costs, damage to the company's reputation, and costly legal fees. In this article, we report on our preliminary analysis of more than 200 open source cybersecurity projects to identify the most frequently used license types and languages and to look for evidence of permissively licensed open source projects that are likely contaminated by restrictive licensed material (i.e., containing commercial-unfriendly code). Our analysis identified restrictive license contamination cases occurring in permissively licensed open source projects. Furthermore, we found a high proportion of code that lacked copyright attribution. We expect that the results of this study will: i) provide managers and developers with an understanding of how contamination can occur, ii) provide open source communities with an understanding on how they can better protect their intellectual property by including licenses and copyright information in their code, and ii) provide entrepreneurs with an understanding of the open source cybersecurity domain in terms of licensing and contamination and how they affect decisions about cybersecurity software architectures. %B Technology Innovation Management Review %I Talent First Network %C Ottawa %V 6 %P 28-35 %8 02/2016 %G eng %U http://timreview.ca/article/966 %N 2 %1 Carleton University Ahmed Shah holds a BEng in Software Engineering and is pursuing an MASc degree in Technology Innovation Management at Carleton University in Ottawa, Canada. Ahmed has experience working in cybersecurity research with the VENUS Cybersecurity Corporation and has experience managing legal deliverables at IBM. %2 Carleton University Selman Selman is a Software Engineer at Synopsys under the Software Integrity Group. He is also carrying out graduate studies in Technology Innovation Management at Carleton University in Ottawa, Canada. %3 Carleton University Ibrahim Abualhaol holds BSc and MSc degrees in Electrical Engineering from Jordan University of Science and Technology, an MEng in Technology Innovation Management from Carleton University in Ottawa, Canada, and a PhD in Electrical Engineering from the University of Mississippi in Oxford, United States. He worked for two years as a Wireless Engineer at Broadcom Corporation and as a System Engineer Intern at Qualcomm Incorporation in the United States. He then worked as an Assistant Professor of Wireless Communications at Khalifa University, United Arab Emirates for four years. Currently, he is a Cybersecurity R & D Engineer working on operationalizing collective intelligence with artificial intelligence to improve cybersecurity. He is senior member of IEEE, a member of Phi Kappa Phi, and a member of Sigma Xi. %R http://doi.org/10.22215/timreview/966