Machine learning and intelligence cycle enhancing the cyber intelligence process

Vihamieliseen kyberilmiöön viittavan indikaation löytäminen avoimista lähteistä on vaativa tehtävä. Tieto, jota strateginen kybertiedustelu tuottaa, mahdollistaa suurten yritysten varautumisen kyberhyökkayksiin. Tutkimuksessa vastataan kysymykseen: Voidaanko koneoppimista hyödyntää strategisessa avo...

Full description

Bibliographic Details
Main Author:	Voutilainen, Janne
Other Authors:	Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format:	Master's thesis
Language:	eng
Published:	2019
Subjects:	Tietojenkäsittelytiede Computer Science 601 koneoppiminen tiedustelu kyberturvallisuus machine learning intelligence and reconnaissance cyber security
Online Access:	https://jyx.jyu.fi/handle/123456789/65229

_version_	1826225750390341632
author	Voutilainen, Janne
author2	Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet	Voutilainen, Janne Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Voutilainen, Janne Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort	Voutilainen, Janne
datasource_str_mv	jyx
description	Vihamieliseen kyberilmiöön viittavan indikaation löytäminen avoimista lähteistä on vaativa tehtävä. Tieto, jota strateginen kybertiedustelu tuottaa, mahdollistaa suurten yritysten varautumisen kyberhyökkayksiin. Tutkimuksessa vastataan kysymykseen: Voidaanko koneoppimista hyödyntää strategisessa avoimen lähteiden kybertiedustelussa? Vuonna 2019 kyberrikolliset alkoivat käyttää uutta taktiikkaa, jossa he vaativat suuria rahasummia yrityksiltä käyttämällä kiristyshaittaohjelmia. Ilmiön nimi on Big Game Hunting. Tutkimuksessa ilmiötä käytettiin strategisen kybertiedustelun esimerkkikohteena. Tutkimustulokset saavutettiin suunnittelututkimuksella. Tutkimuksessa tehtiin kaksi suunnittelututkimuksen kierrosta. Ensimmäisen kierroksen tuloksena syntyi koneoppimismalli, joka suunniteltiin tiedusteluohjauksen mukaisesti. Kyberturvallisuuskeskus antoi rajoitetun datan, josta mallilla etsittiin tietoa Big Game Hunting ilmiöstä. Malli kykeni löytämään tietoa, mutta tiedusteluohjauksen kannalta tieto oli riittämätöntä. Toisen kierroksen tuloksena syntyneessä ratkaisussa tietoa haettiin IBM Watson Discovery News tietokannasta. Haut tuottivat riittävästi tiedustelutietoa ilmiöstä. Kun koneoppimen ja tiedusteluprosessi yhdistettiin, tärkeimmät havainnot olivat, että oikeanlaiset kyselyt tuottavat parhaan tiedon tiedonkeräykseen. Lisaksi lyhyet Watson-algoritmin tuottamat virkkeet osoittautuivat hyödyllisiksi. Koneoppiminen helpotti tiedon prosessointia luomalla ohjaamattomalla oppimisella dokumentteihin metatietoa, jonka perusteella tieto jaettiin sopiviin kokonaisuuksiin. Kokonaisuudet mahdollistavat tiedon analysoinnin ja uuden tiedon löytämisen. Tutkimuksen johtopäätöksenä voidaan todeta, että koneoppimista voidaan hyödyntää strategisessa avointen lähteiden kybertiedustelussa. Finding an indication from open sources to reveal a malicious cyber phenomenon is a demanding task. The information that is produced from the strategic cyber intelligence processes with, large-scale organizations can better prepare for cyber-attacks. The study aims to answer the question: Can Machine Learning (ML) be utilized for strategic open source cyber intelligence. In 2019, e-criminals have adopted new tactics to demand enormous ransoms in bitcoins from large-scale organizations by using malicious ransomware software. The phenomenon is called Big Game Hunting. In the study, Big Game Hunting was used as an example for a target that was investigated with strategic cyber intelligence. The answers to the research questions were achieved with The Design Science Research Process. The Design Science Cycle was conducted two times. In the first solution, a custom ML model was created precisely for the intelligence direction. The queried data was a limited dataset that was provided by the National Cyber Security Centre of Finland. The model returned correct data, but in the perspective of intelligence direction, the information was insufficient. In the second solution, the queries were made from the IBM Watson Discovery News data-set. The results offered enough valuable intelligence information about Big Game Hunting. When the intelligence cycle and ML were combined, the main findings were that in information collection, the correct queries offered the best information. Furthermore, the short sentences, passages created by the Watson algorithm in the first solution proved to be useful. In information procession with unsupervised learning, the Watson algorithm was able to label the data in entities. The entities enabled the ability to analyse the data and find new, hidden information. The conclusion from the research was that ML could be utilised in strategic cyber intelligence.
first_indexed	2019-08-14T20:02:17Z
format	Pro gradu
free_online_boolean	1
fullrecord	[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Voutilainen, Janne", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-08-14T06:25:04Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-08-14T06:25:04Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/65229", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Vihamieliseen kyberilmi\u00f6\u00f6n viittavan indikaation l\u00f6yt\u00e4minen avoimista l\u00e4hteist\u00e4 on vaativa teht\u00e4v\u00e4. Tieto, jota strateginen kybertiedustelu tuottaa, mahdollistaa suurten yritysten varautumisen kyberhy\u00f6kkayksiin. Tutkimuksessa vastataan kysymykseen: Voidaanko koneoppimista hy\u00f6dynt\u00e4\u00e4 strategisessa avoimen\nl\u00e4hteiden kybertiedustelussa?\nVuonna 2019 kyberrikolliset alkoivat k\u00e4ytt\u00e4\u00e4 uutta taktiikkaa, jossa he vaativat suuria rahasummia yrityksilt\u00e4 k\u00e4ytt\u00e4m\u00e4ll\u00e4 kiristyshaittaohjelmia. Ilmi\u00f6n\nnimi on Big Game Hunting. Tutkimuksessa ilmi\u00f6t\u00e4 k\u00e4ytettiin strategisen kybertiedustelun esimerkkikohteena.\nTutkimustulokset saavutettiin suunnittelututkimuksella. Tutkimuksessa\ntehtiin kaksi suunnittelututkimuksen kierrosta. Ensimm\u00e4isen kierroksen tuloksena syntyi koneoppimismalli, joka suunniteltiin tiedusteluohjauksen mukaisesti.\nKyberturvallisuuskeskus antoi rajoitetun datan, josta mallilla etsittiin tietoa Big\nGame Hunting ilmi\u00f6st\u00e4. Malli kykeni l\u00f6yt\u00e4m\u00e4\u00e4n tietoa, mutta tiedusteluohjauksen kannalta tieto oli riitt\u00e4m\u00e4t\u00f6nt\u00e4. Toisen kierroksen tuloksena syntyneess\u00e4 ratkaisussa tietoa haettiin IBM Watson Discovery News tietokannasta. Haut tuottivat riitt\u00e4v\u00e4sti tiedustelutietoa ilmi\u00f6st\u00e4.\nKun koneoppimen ja tiedusteluprosessi yhdistettiin, t\u00e4rkeimm\u00e4t havainnot\nolivat, ett\u00e4 oikeanlaiset kyselyt tuottavat parhaan tiedon tiedonker\u00e4ykseen. Lisaksi lyhyet Watson-algoritmin tuottamat virkkeet osoittautuivat hy\u00f6dyllisiksi.\nKoneoppiminen helpotti tiedon prosessointia luomalla ohjaamattomalla oppimisella dokumentteihin metatietoa, jonka perusteella tieto jaettiin sopiviin kokonaisuuksiin. Kokonaisuudet mahdollistavat tiedon analysoinnin ja uuden tiedon\nl\u00f6yt\u00e4misen. Tutkimuksen johtop\u00e4\u00e4t\u00f6ksen\u00e4 voidaan todeta, ett\u00e4 koneoppimista\nvoidaan hy\u00f6dynt\u00e4\u00e4 strategisessa avointen l\u00e4hteiden kybertiedustelussa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Finding an indication from open sources to reveal a malicious cyber phenomenon\nis a demanding task. The information that is produced from the strategic cyber\nintelligence processes with, large-scale organizations can better prepare for\ncyber-attacks. The study aims to answer the question: Can Machine Learning\n(ML) be utilized for strategic open source cyber intelligence.\nIn 2019, e-criminals have adopted new tactics to demand enormous ransoms\nin bitcoins from large-scale organizations by using malicious ransomware\nsoftware. The phenomenon is called Big Game Hunting. In the study, Big Game\nHunting was used as an example for a target that was investigated with strategic\ncyber intelligence.\nThe answers to the research questions were achieved with The Design\nScience Research Process. The Design Science Cycle was conducted two times. In\nthe first solution, a custom ML model was created precisely for the intelligence\ndirection. The queried data was a limited dataset that was provided by the\nNational Cyber Security Centre of Finland. The model returned correct data, but\nin the perspective of intelligence direction, the information was insufficient. In\nthe second solution, the queries were made from the IBM Watson Discovery\nNews data-set. The results offered enough valuable intelligence information\nabout Big Game Hunting.\nWhen the intelligence cycle and ML were combined, the main findings were\nthat in information collection, the correct queries offered the best information.\nFurthermore, the short sentences, passages created by the Watson algorithm in\nthe first solution proved to be useful. In information procession with unsupervised\nlearning, the Watson algorithm was able to label the data in entities. The\nentities enabled the ability to analyse the data and find new, hidden information.\nThe conclusion from the research was that ML could be utilised in strategic cyber\nintelligence.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2019-08-14T06:25:04Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-08-14T06:25:04Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "63", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Machine learning and intelligence cycle : enhancing the cyber intelligence process", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201908143828", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "koneoppiminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tiedustelu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "machine learning", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "intelligence and reconnaissance", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id	jyx.123456789_65229
language	eng
last_indexed	2025-02-18T10:56:09Z
main_date	2019-01-01T00:00:00Z
main_date_str	2019
online_boolean	1
online_urls_str_mv	{"url":"https:\/\/jyx.jyu.fi\/bitstreams\/f1dfb4ed-6f0e-4bc9-b70a-fc1cda0dd25c\/download","text":"URN:NBN:fi:jyu-201908143828.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate	2019
record_format	qdc
source_str_mv	jyx
spellingShingle	Voutilainen, Janne Machine learning and intelligence cycle : enhancing the cyber intelligence process Tietojenkäsittelytiede Computer Science 601 koneoppiminen tiedustelu kyberturvallisuus machine learning intelligence and reconnaissance cyber security
title	Machine learning and intelligence cycle : enhancing the cyber intelligence process
title_full	Machine learning and intelligence cycle : enhancing the cyber intelligence process
title_fullStr	Machine learning and intelligence cycle : enhancing the cyber intelligence process Machine learning and intelligence cycle : enhancing the cyber intelligence process
title_full_unstemmed	Machine learning and intelligence cycle : enhancing the cyber intelligence process Machine learning and intelligence cycle : enhancing the cyber intelligence process
title_short	Machine learning and intelligence cycle
title_sort	machine learning and intelligence cycle enhancing the cyber intelligence process
title_sub	enhancing the cyber intelligence process
title_txtP	Machine learning and intelligence cycle : enhancing the cyber intelligence process
topic	Tietojenkäsittelytiede Computer Science 601 koneoppiminen tiedustelu kyberturvallisuus machine learning intelligence and reconnaissance cyber security
topic_facet	601 Computer Science Tietojenkäsittelytiede cyber security intelligence and reconnaissance koneoppiminen kyberturvallisuus machine learning tiedustelu
url	https://jyx.jyu.fi/handle/123456789/65229 http://www.urn.fi/URN:NBN:fi:jyu-201908143828
work_keys_str_mv	AT voutilainenjanne machinelearningandintelligencecycleenhancingthecyberintelligenceprocess

Machine learning and intelligence cycle enhancing the cyber intelligence process

Similar Items