现代信息和通信技术生态系统的蜂群智能

IF 2.4 4区 计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS
George Hatzivasilis, Eftychia Lakka, Manos Athanatos, Sotiris Ioannidis, Grigoris Kalogiannis, Manolis Chatzimpyrros, George Spanoudakis, Spyros Papastergiou, Stylianos Karagiannis, Andreas Alexopoulos, Dimitry Amelin, Stephan Kiefer
{"title":"现代信息和通信技术生态系统的蜂群智能","authors":"George Hatzivasilis, Eftychia Lakka, Manos Athanatos, Sotiris Ioannidis, Grigoris Kalogiannis, Manolis Chatzimpyrros, George Spanoudakis, Spyros Papastergiou, Stylianos Karagiannis, Andreas Alexopoulos, Dimitry Amelin, Stephan Kiefer","doi":"10.1007/s10207-024-00869-1","DOIUrl":null,"url":null,"abstract":"<p>Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"24 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Swarm-intelligence for the modern ICT ecosystems\",\"authors\":\"George Hatzivasilis, Eftychia Lakka, Manos Athanatos, Sotiris Ioannidis, Grigoris Kalogiannis, Manolis Chatzimpyrros, George Spanoudakis, Spyros Papastergiou, Stylianos Karagiannis, Andreas Alexopoulos, Dimitry Amelin, Stephan Kiefer\",\"doi\":\"10.1007/s10207-024-00869-1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"24 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-06-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00869-1\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00869-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

数字化正在不断促进我们的日常生活。世界前所未有地相互连接,使人们、企业或其他组织紧密相连。然而,黑客也在靠近。新的业务和运营模式要求实时收集和处理海量数据,涉及利用复杂的信息系统、大型供应链、个人设备等。在这一网络安全相互作用的过程中,一方面,对手可以利用这些优势(例如,保护或监控薄弱的元件、安全更新/升级缓慢且很少受到关注的元件等),另一方面,防御者也会面临许多困难(例如,管理具有高度动态性的大型复杂系统)。对信息和通信技术系统、关键基础设施和供应网络的严重攻击以及网络战争,都要求采取更有效的防御措施。本文介绍了一种用于事件处理和响应的蜂群智能解决方案。网络威胁情报(CTI)被持续集成到系统中(如 MISP、CVE、STIX 等),人工智能(AI)/机器学习(ML)被集成到风险评估和事件评价流程中。若干事件处理和响应子程序已实现自动化,从而提高了效率并缩短了响应时间。有关已识别恶意活动的信息以开放式循环的方式(即通过 MISP 信息共享平台)反馈给社区。该建议适用于欧洲医疗机构的供应链(同时考虑到欧盟数据保护法规)。不过,这是一个通用解决方案,可应用于任何领域。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

Swarm-intelligence for the modern ICT ecosystems

Swarm-intelligence for the modern ICT ecosystems

Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Information Security
International Journal of Information Security 工程技术-计算机:理论方法
CiteScore
6.30
自引率
3.10%
发文量
52
审稿时长
12 months
期刊介绍: The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信