{"title":"社区网络事件检测和响应所需的信息共享要求和框架","authors":"K. Harrison, G. White","doi":"10.1109/THS.2012.6459893","DOIUrl":null,"url":null,"abstract":"Communities, and the critical infrastructure that they rely upon, are becoming ever increasingly integrated into cyberspace. At the same time, communities are experiencing increasing activity and sophistication from a variety of threat agents. The effect of cyber attacks on communities has been observed, and the frequency and devastation of these attacks can only increase in the foreseeable future. Early detection of these attacks is critical for a fast and effective response. We propose detecting community cyber incidents by comparing indicators from community members across space and time. Performing spatiotemporal differentiation on these indicators requires that community members, such as private and governmental organizations, share information about these indicators. However, community members are, for good reasons, reluctant to share sensitive security related information. Additionally, sharing large amounts of information with a trusted, centralized location introduces scalability and reliability problems. In this paper we define the information sharing requirements necessary for fast, effective community cyber incident detection and response, while addressing both privacy and scalability concerns. Furthermore, we introduce a framework to meet these requirements, and analyze a proof of concept implementation.","PeriodicalId":355549,"journal":{"name":"2012 IEEE Conference on Technologies for Homeland Security (HST)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":"{\"title\":\"Information sharing requirements and framework needed for community cyber incident detection and response\",\"authors\":\"K. Harrison, G. White\",\"doi\":\"10.1109/THS.2012.6459893\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Communities, and the critical infrastructure that they rely upon, are becoming ever increasingly integrated into cyberspace. At the same time, communities are experiencing increasing activity and sophistication from a variety of threat agents. The effect of cyber attacks on communities has been observed, and the frequency and devastation of these attacks can only increase in the foreseeable future. Early detection of these attacks is critical for a fast and effective response. We propose detecting community cyber incidents by comparing indicators from community members across space and time. Performing spatiotemporal differentiation on these indicators requires that community members, such as private and governmental organizations, share information about these indicators. However, community members are, for good reasons, reluctant to share sensitive security related information. Additionally, sharing large amounts of information with a trusted, centralized location introduces scalability and reliability problems. In this paper we define the information sharing requirements necessary for fast, effective community cyber incident detection and response, while addressing both privacy and scalability concerns. Furthermore, we introduce a framework to meet these requirements, and analyze a proof of concept implementation.\",\"PeriodicalId\":355549,\"journal\":{\"name\":\"2012 IEEE Conference on Technologies for Homeland Security (HST)\",\"volume\":\"80 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"17\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE Conference on Technologies for Homeland Security (HST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/THS.2012.6459893\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Conference on Technologies for Homeland Security (HST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/THS.2012.6459893","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information sharing requirements and framework needed for community cyber incident detection and response
Communities, and the critical infrastructure that they rely upon, are becoming ever increasingly integrated into cyberspace. At the same time, communities are experiencing increasing activity and sophistication from a variety of threat agents. The effect of cyber attacks on communities has been observed, and the frequency and devastation of these attacks can only increase in the foreseeable future. Early detection of these attacks is critical for a fast and effective response. We propose detecting community cyber incidents by comparing indicators from community members across space and time. Performing spatiotemporal differentiation on these indicators requires that community members, such as private and governmental organizations, share information about these indicators. However, community members are, for good reasons, reluctant to share sensitive security related information. Additionally, sharing large amounts of information with a trusted, centralized location introduces scalability and reliability problems. In this paper we define the information sharing requirements necessary for fast, effective community cyber incident detection and response, while addressing both privacy and scalability concerns. Furthermore, we introduce a framework to meet these requirements, and analyze a proof of concept implementation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
