Comprehensive Security Framework for Global Threats Analysis

Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios

Run-time risk management in adaptive ICT systems

We will present results of the SERSCIS project related to risk management and mitigation strategies in adaptive multi-stakeholder ICT systems. The SERSCIS approach involves using semantic threat models to support automated design-time threat identification and mitigation analysis. The focus of this paper is the use of these models at run-time for automated threat detection and diagnosis. This is based on a combination of semantic reasoning and Bayesian inference applied to run-time system monitoring data. The resulting dynamic risk management approach is compared to a conventional ISO 27000 type approach, and validation test results presented from an Airport Collaborative Decision Making (A-CDM) scenario involving data exchange between multiple airport service providers

Towards an ontology for process monitoring and mining

Business Process Analysis (BPA) aims at monitoring, diagnosing, simulating and mining enacted processes in order to support the analysis and enhancement of process models. An effective BPA solution must provide the means for analysing existing e-businesses at three levels of abstraction: the Business Level, the Process Level and the IT Level. BPA requires semantic information that spans these layers of abstraction and which should be easily retrieved from audit trails. To cater for this, we describe the Process Mining Ontology and the Events Ontology which aim to support the analysis of enacted processes at different levels of abstraction spanning from fine grain technical details to coarse grain aspects at the Business Level

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Ontology-based collaborative framework for disaster recovery scenarios

This paper aims at designing of adaptive framework for supporting collaborative work of different actors in public safety and disaster recovery missions. In such scenarios, firemen and robots interact to each other to reach a common goal; firemen team is equipped with smart devices and robots team is supplied with communication technologies, and should carry on specific tasks. Here, reliable connection is mandatory to ensure the interaction between actors. But wireless access network and communication resources are vulnerable in the event of a sudden unexpected change in the environment. Also, the continuous change in the mission requirements such as inclusion/exclusion of new actor, changing the actor's priority and the limitations of smart devices need to be monitored. To perform dynamically in such case, the presented framework is based on a generic multi-level modeling approach that ensures adaptation handled by semantic modeling. Automated self-configuration is driven by rule-based reconfiguration policies through ontology

Controlling services in a mobile context-aware infrastructure

Context-aware application behaviors can be described as logic rules following the Event-Control-Action (ECA) pattern. In this pattern, an Event models an occurrence of interest (e.g., a change in context); Control specifies a condition that must hold prior to the execution of the action; and an Action represents the invocation of arbitrary services. We have defined a Controlling service aiming at facilitating the dynamic configuration of ECA rule specifications by means of a mobile rule engine and a mechanism that distributes context reasoning activities to a network of context processing nodes. In this paper we present a novel context modeling approach that provides application developers and users with more appropriate means to define context information and ECA rules. Our approach makes use of ontologies to model context information and has been developed on top of web services technology

Semantic reasoning for intelligent emergency response applications

Emergency response applications require the processing of large amounts of data, generated by a diverse set of sensors and devices, in order to provide for an accurate and concise view of the situation at hand. The adoption of semantic technologies allows for the definition of a formal domain model and intelligent data processing and reasoning on this model based on generated device and sensor measurements. This paper presents a novel approach to emergency response applications, such as fire fighting, integrating a formal semantic domain model into an event-based decision support system, which supports reasoning on this model. The developed model consists of several generic ontologies describing concepts and properties which can be applied to diverse context-aware applications. These are extended with emergency response specific ontologies. Additionally, inference on the model performed by a reasoning engine is dynamically synchronized with the rest of the architectural components. This allows to automatically trigger events based on predefined conditions. The proposed ontology and developed reasoning methodology is validated on two scenarios, i.e. (i) the construction of an emergency response incident and corresponding scenario and (ii) monitoring of the state of a fire fighter during an emergency response

Hierarchical video surveillance architecture: a chassis for video big data analytics and exploration

There is increasing reliance on video surveillance systems for systematic derivation, analysis and interpretation of the data needed for predicting, planning, evaluating and implementing public safety. This is evident from the massive number of surveillance cameras deployed across public locations. For example, in July 2013, the British Security Industry Association (BSIA) reported that over 4 million CCTV cameras had been installed in Britain alone. The BSIA also reveal that only 1.5% of these are state owned. In this paper, we propose a framework that allows access to data from privately owned cameras, with the aim of increasing the efficiency and accuracy of public safety planning, security activities, and decision support systems that are based on video integrated surveillance systems. The accuracy of results obtained from government-owned public safety infrastructure would improve greatly if privately owned surveillance systems ‘expose’ relevant video-generated metadata events, such as triggered alerts and also permit query of a metadata repository. Subsequently, a police officer, for example, with an appropriate level of system permission can query unified video systems across a large geographical area such as a city or a country to predict the location of an interesting entity, such as a pedestrian or a vehicle. This becomes possible with our proposed novel hierarchical architecture, the Fused Video Surveillance Architecture (FVSA). At the high level, FVSA comprises of a hardware framework that is supported by a multi-layer abstraction software interface. It presents video surveillance systems as an adapted computational grid of intelligent services, which is integration-enabled to communicate with other compatible systems in the Internet of Things (IoT)