| 1. |
|
|
| 2. |
- Bhatt, Parth, et al.
(författare)
-
A Cyber Security Situational Awareness Framework to Track and Project Multistage Cyber Attacks
- 2014
-
Ingår i: Proceedings of the 9Th International Conference on Cyber Warfare and Security (ICCWS-2014). - Reading : Academic Conferences Limited. - 9781909507111 - 9781632660626 - 9781909507050 ; , s. 356-360
-
Konferensbidrag (refereegranskat)abstract
- In Security Operations Center there is a need to perceive, comprehend and project cyber activities. Therefore it requires developing Cyber Situational Awareness (CSA) capability that involves perception of different security events, comprehension of the meaning of the current cyber security situation in the organization, and the projection of future status in order to select better positioning of security mechanisms. Current techniques of CSA are limited by the high speed of events generation, large volume of information from multiple sensors, and the complexity of interactions of highly automated services that shape the Cyberspace. This study presents a framework to track and project multistage cyber-attacks supporting CSA activities and enables a faster correlation of event logs using Big Data Technologies.
|
|
| 3. |
- Bhatt, Parth, et al.
(författare)
-
Towards a Framework to Detect Multi-Stage Advanced Persistent Threats Attacks
- 2014
-
Ingår i: Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium. - : IEEE Computer Society. - 9781479925049
-
Konferensbidrag (refereegranskat)abstract
- Detecting and defending against Multi-Stage Advanced Persistent Threats (APT) Attacks is a challenge for mechanisms that are static in its nature and are based on blacklisting and malware signature techniques. Blacklists and malware signatures are designed to detect known attacks. But multi-stage attacks are dynamic, conducted in parallel and use several attack paths and can be conducted in multi-year campaigns, in order to reach the desired effect. In this paper the design principles of a framework are presented that model Multi-Stage Attacks in a way that both describes the attack methods as well as the anticipated effects of attacks. The foundation to model behaviors is by the combination of the Intrusion Kill-Chain attack model and defense patterns (i.e. a hypothesis based approach of known patterns). The implementation of the framework is made by using Apache Hadoop with a logic layer that supports the evaluation of a hypothesis.
|
|
| 4. |
- Yano, Edgar Toshiro, et al.
(författare)
-
Towards a Methodology for Cybersecurity Risk Management Using Agents Paradigm
- 2014
-
Ingår i: JISIC 2014. - Piscataway : IEEE. - 9781479963645 ; , s. 325-
-
Konferensbidrag (övrigt vetenskapligt/konstnärligt)abstract
- In order to deal with shortcomings of security management systems, this work proposes a methodology based on agents paradigm for cybersecurity risk management. In this approach a system is decomposed in agents that may be used to attain goals established by attackers. Threats to business are achieved by attacker's goals in service and deployment agents. To support a proactive behavior, sensors linked to security mechanisms are analyzed accordingly with a model for Situational Awareness(SA)[4].
|
|
