Cybersecurity knowledge graphs

Cybersecurity knowledge graphs, which represent cyber-knowledge with a graph-based data model, provide holistic approaches for processing massive volumes of complex cybersecurity data derived from diverse sources. They can assist security analysts to obtain cyberthreat intelligence, achieve a high level of cyber-situational awareness, discover new cyber-knowledge, visualize networks, data flow, and attack paths, and understand data correlations by aggregating and fusing data. This paper reviews the most prominent graph-based data models used in this domain, along with knowledge organization systems that define concepts and properties utilized in formal cyber-knowledge representation for both background knowledge and specific expert knowledge about an actual system or attack. It is also discussed how cybersecurity knowledge graphs enable machine learning and facilitate automated reasoning over cyber-knowledge

Context-aware Security for Vehicles and Fleets: A Survey

Vehicles are becoming increasingly intelligent and connected. Interfaces for communication with the vehicle, such as WiFi and 5G, enable seamless integration into the user’s life, but also cyber attacks on the vehicle. Therefore, research is working on in-vehicle countermeasures such as authentication, access controls, or intrusion detection. Recently, legal regulations have also become effective that require automobile manufacturers to set up a monitoring system for fleet-wide security analysis. The growing amount of software, networking, and the automation of driving create new challenges for security. Context-awareness, situational understanding, adaptive security, and threat intelligence are necessary to cope with these ever-increasing risks. In-vehicle security should be adaptive to secure the car in an infinite number of (driving) situations. For fleet-wide analysis and alert triage, knowledge and understanding of the circumstances are required. Context-awareness, nonetheless, has been sparsely considered in the field of vehicle security. This work aims to be a precursor to context-aware, adaptive and intelligent security for vehicles and fleets. To this end, we provide a comprehensive literature review that analyzes the vehicular as well as related domains. Our survey is mainly characterized by the detailed analysis of the context information that is relevant for vehicle security in the future

Técnicas de detección de ataques en un sistema SIEM (Security Information and Event Management)

Technology advance has achieved an almost entirely globalized world. New inventions are achieved at a speed that has revolutionized people’s pace of life. Information has become a very helpful and of great value resource. This has made the protection of information a demanded work. Globalization and the Internet have managed to maintain in contact to people all around the world. Due to this progress cyber-attacks to networks have become a main objective for hackers that attempt to gain people credentials or not allowing the availability of network resources. System Information and Event Management (SIEM) have become the main defense against those attacks. How to detect attacks and prepare procedures and algorithms to protect information is the objective of this work that develops solutions when understanding theory and systems behind every cyber-attack.El avance de la tecnología ha logrado un mundo casi enteramente globalizado. La velocidad con la que se consigue nuevos inventos ya sean digitales o no, ha revolucionado el ritmo de vida en la mayoría de las personas. La información se ha vuelto un recurso muy utilizado y de mucho valor, por lo que proteger dicha información se ha vuelto un trabajo muy demandado. La globalización y la interconectividad de redes (el Internet) han logrado mantener en contacto a seres humanos muy alejados unos de otros. Debido a estos avances, los ataques informáticos a las redes se han vuelto objetivos por parte de atacantes que intentan conseguir información confidencial o no permitir la disponibilidad de recursos en la red. Los sistemas de información y manejo de eventos (SIEM por sus siglas en inglés) se han vuelto la defensa a estos ataques. Como detectar ataques y preparar procedimientos y algoritmos para proteger información es el objetivo de este trabajo que desarrolla soluciones a base de entender los sistemas y la teoría detrás de cada ataque informático