Feature trade-off analysis for reconnaissance detection.

An effective cyber early warning system (CEWS) should pick up threat activity at an early stage, with an emphasis on establishing hypotheses and predictions as well as generating alerts on (unclassified) situations based on preliminary indications. The design and implementation of such early warning systems involve numerous challenges such as generic set of indicators, intelligence gathering, uncertainty reasoning and information fusion. This chapter begins with an understanding of the behaviours of intruders and then related literature is followed by the proposed methodology using a Bayesian inference-based system. It also includes a carefully deployed empirical analysis on a data set labelled for reconnaissance activity. Finally, the chapter concludes with a discussion on results, research challenges and necessary suggestions to move forward in this research line

SOC ATTACKER CENTRIC - Analysis of a prevention oriented SOC

This thesis will explain what a Security Operation Center (SOC) is and how it works, analyzing all the different phases and modules that make up the final product. Typically, a SOC centralizes all of the company’s information in one place where it can constantly keep an eye on the data and monitor the system. The IT infrastructure is analyzed in real time for anomalies, malicious activities, or intrusion attempts. Not only the data sent from one machine to another, but also the physical state and resources (e.g., memory and CPU) are constantly monitored. Through the creation and use of multiple detection rules, various alerts are generated and are then reviewed by the SOC analyst team, which promptly informs customers in case of need. The State of the Art will be explored to study current SOCs and best practices adopted. Then the innovative SOC Attacker Centric developed by the company Wuerth Phoenix will be analyzed. The functioning of the SOC-AC will be studied and explained, highlighting how it adds to the classic suite of services offered by a SOC an extra part, focused on the attacker’s point of view. This SOC-AC is capable of covering the reconnaissance phase, usually neglected by SOCs, in which attackers gather information about a target in order to find the best strategy to break in and successfully carry out the attack. In the last part of the thesis, the design and implementation of an automatic SOC reporting functionality will be shown. An important feature is to have an efficient communication channel with the customer and to provide them with data on the status of the SOC they are paying for. Initially, this procedure was a static, manually executed, error-prone process. The procedure was improved by creating a semi-automatic system of report generation and delivery using the Elastic SIEM and several languages such as python, bash, Lucene, Elastic, and Kibana Query Languages, leaving the reporter with fewer parts to analyze and document, saving time and resources

Time constrained fault tolerance and management framework for k-connected distributed wireless sensor networks based on composite event detection

Wireless sensor nodes themselves are exceptionally complex systems where a variety of components interact in a complex way. In enterprise scenarios it becomes highly important to hide the details of the underlying sensor networks from the applications and to guarantee a minimum level of reliability of the system. One of the challenges faced to achieve this level of reliability is to overcome the failures frequently faced by sensor networks due to their tight integration with the environment. Failures can generate false information, which may trigger incorrect business processes, resulting in additional costs. Sensor networks are inherently fault prone due to the shared wireless communication medium. Thus, sensor nodes can lose synchrony and their programs can reach arbitrary states. Since on-site maintenance is not feasible, sensor network applications should be local and communication-efficient self-healing. Also, as per my knowledge, no such general framework exist that addresses all the fault issues one may encounter in a WSN, based on the extensive, exhaustive and comprehensive literature survey in the related areas of research. As one of the main goals of enterprise applications is to reduce the costs of business processes, a complete and more general Fault Tolerance and management framework for a general WSN, irrespective of the node types and deployment conditions is proposed which would help to mitigate the propagation of failures in a business environment, reduce the installation and maintenance costs and to gain deployment flexibility to allow for unobtrusive installation