Architectural Tactics for Big Data Cybersecurity Analytics Systems: A Review

Abstract Context B ig D ata C ybersecurity A nalytics (BDCA) systems leverage big data technologies for analyzing security events data to protect organizational networks, computers, and data from cyber attacks. Objective We aimed at identifying the most frequently reported quality attributes and architectural tactics for BDCA systems. Method We used Systematic Literature Review (SLR) method for reviewing 74 papers. Result Our findings are twofold: (i) identification of 12 most frequently reported quality attributes for BDCA systems; and (ii) identification and codification of 17 architectural tactics for addressing the identified quality attributes. The identified tactics include six performance tactics, four accuracy tactics, two scalability tactics, three reliability tactics, and one security and usability tactic each. Conclusion Our study reveals that in the context of BDCA (a) performance, accuracy and scalability are the most important quality concerns (b) data analytics is the most critical architectural component (c) despite the significance of interoperability, modifiability, adaptability, generality, stealthiness, and privacy assurance, these quality attributes lack explicit architectural support (d) empirical investigation is required to evaluate the impact of the codified tactics and explore the quality trade-offs and dependencies among the tactics and (e) the reported tactics need to be modelled using a standardized modelling language such as UML.