图片:使用上下文感知数据分析的半自动网络防御

2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) Pub Date : 2017-06-19 DOI:10.1109/CyberSA.2017.8073399

Arnau Erola, Ioannis Agrafiotis, J. Happa, M. Goldsmith, S. Creese, P. Legg

{"title":"图片:使用上下文感知数据分析的半自动网络防御","authors":"Arnau Erola, Ioannis Agrafiotis, J. Happa, M. Goldsmith, S. Creese, P. Legg","doi":"10.1109/CyberSA.2017.8073399","DOIUrl":null,"url":null,"abstract":"In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision-making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further.","PeriodicalId":365296,"journal":{"name":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-06-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"RicherPicture: Semi-automated cyber defence using context-aware data analytics\",\"authors\":\"Arnau Erola, Ioannis Agrafiotis, J. Happa, M. Goldsmith, S. Creese, P. Legg\",\"doi\":\"10.1109/CyberSA.2017.8073399\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision-making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further.\",\"PeriodicalId\":365296,\"journal\":{\"name\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSA.2017.8073399\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSA.2017.8073399","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

在不断发展的网络威胁环境中，检测和预防网络攻击已成为一项复杂的任务。技术的发展使组织将其大部分业务数字化。然而，这种做法有其风险，因为网络空间提供了一个新的攻击面。负责保护组织免受这些威胁的机构主要利用网络数据，当涉及保护运营方面时，他们的事件响应策略仍然忽略了组织的需求。本文提出了一个能够结合威胁情报数据、攻击趋势数据和组织数据(以及其他可用数据源)的系统，以实现自动化的网络防御行动。我们的方法结合了机器学习、视觉分析和来自业务流程的信息，以指导安全运营中心环境的决策过程。我们在两个综合场景中测试了我们的系统，并表明将网络数据与非网络数据相关联以实现自动化网络防御是可能的，值得进一步研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

RicherPicture: Semi-automated cyber defence using context-aware data analytics

In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision-making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA)

自引率

0.00%

发文量