Kim-Kwang Raymond Choo (editor) - Handbook of Big Data Analytics and Forensics

This Springer imprint is published by the registered company Springer Nature Switzerland AG

The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

This book would not have been possible without the commitment of the contributing authors, who dedicated their time and efforts to research work and shared their findings in this book.

We are also extremely grateful to Springer and their staff for their support in this project. They have been most accommodating of our schedule and helping to keep us on track.

As our society becomes smarter and more digitally connected, more data will be generated, processed, disseminated, analyzed, and stored (e.g., on cloud computing systems). Such big data can be structured and unstructured, and are generated by different sources (e.g., Internet of Things (IoT) devices and other information and communications technologies ICT) with varying formats []. Volume and velocity refer to the size and formation speed of information respectively, while variety refers to the diversity in data format and representation type. Veracity refers to the accuracy and reliability of data, and finally, value attempts to quantify usefulness of the data.

In a typical smart city setting, for example, IoT devices and other systems (e.g., edge/fog computing devices and servers) collect and process data before sending them to cloud-based systems via high speed communication networks [].

Given the current trend in artificial intelligence, machine learning and deep learning, there have also been attempts to build on the advances in these areas to enhance security and forensic capabilities. For example, contemporary and emerging big data analytics approaches include generative-, discriminative- and hybrid-based methods. Recurrent Neural Network (RNN) and Long Short-Term Memory (LSTM) are two examples of supervised learning-based methods, which can facilitate the identification of movement pattern and human activity, as well as mobility prediction [].

The procedure of detecting, collecting, storing, analyzing and presenting of big data is also referred to as big data forensic. However, big data forensics is challenging, particularly if we also need to preserve user privacy. These challenges can be technical (use of strong encryption algorithms, the volume and veracity of data to be processed, etc.), legal (e.g., evidence and privacy legislations), and due to resources (or lack of), etc. []. Several of these challenges will also be discussed in this book.

We will now describe the remaining 17 chapters.

Chapter ] presented a comparative summary of the performance for the different algorithms used to secure industrial cyberspace.

Then, Chapter ], four different supervised learning methods K-Nearest Neighbors (KNN), Support Vector Machine (SVM), Decision Tree (DT), and Random Forest (RF) were employed to build models to detect cyber-attack activities on a water treatment plant.

Evaluation of scalable fair clustering machine learning methods for threat hunting in CPSs were presented in Chapter ] presented a summary of the performance for different learning-based approaches in OSX malware detection.

Chapter ] studied the effect of scalable clustering algorithm on accuracy, by experimenting with a IoT malware opcodes dataset.