331 research outputs found
CopAS: A Big Data Forensic Analytics System
With the advancing digitization of our society, network security has become
one of the critical concerns for most organizations. In this paper, we present
CopAS, a system targeted at Big Data forensics analysis, allowing network
operators to comfortably analyze and correlate large amounts of network data to
get insights about potentially malicious and suspicious events. We demonstrate
the practical usage of CopAS for insider threat detection on a publicly
available PCAP dataset and show how the system can be used to detect insiders
hiding their malicious activity in the large amounts of networking data streams
generated during the daily activities of an organization
Web Application Weakness Ontology Based on Vulnerability Data
Web applications are becoming more ubiquitous. All manner of physical devices
are now connected and often have a variety of web applications and
web-interfaces. This proliferation of web applications has been accompanied by
an increase in reported software vulnerabilities. The objective of this
analysis of vulnerability data is to understand the current landscape of
reported web application flaws. Along those lines, this work reviews ten years
(2011 - 2020) of vulnerability data in the National Vulnerability Database.
Based on this data, most common web application weaknesses are identified and
their profiles presented. A weakness ontology is developed to capture the
attributes of these weaknesses. These include their attack method and attack
vectors. Also described is the impact of the weaknesses to software quality
attributes. Additionally, the technologies that are susceptible to each
weakness are presented, they include programming languages, frameworks,
communication protocols, and data formats
Real-Time Cybersecurity Situation Awareness Through a User-Centered Network Security Visualization
One of the most common problems amongst cybersecurity defenders is lack of network visibility, leading to decreased situation awareness and overlooked indicators of compromise. This presents an opportunity for the use of information visualization in the field of cybersecurity. Prior research has looked at applying visual analytics to computer network defense, which has led to the development of visualizations for a variety of use cases in the security field. However, many of these visualizations do not consider user needs and requirements or require some predetermined user knowledge about the network to create the visuals, leading to low adoption in practice. With this in mind, I took a bottom-up, user-centered approach using interviews to gather user-desired components for the design, development, and evaluation of a network security visualization tool, called Riverside.
I designed a visualization that attempts to balance providing a comprehensive view of an environment while supplying details-on-demand. Riverside’s key contribution is a data-driven, dynamic view of a network’s security state over time, meant to supplement an analyst’s real-time situation awareness of their network. Riverside’s system automatically partitions internal from external network components to visualize potential attack vectors across the entire environment. This research supports the need for further incorporation of users into the cybersecurity visualization development lifecycle. I call attention to key requirements for creating effective cybersecurity visualizations and specific use cases where visualizations can be leveraged to augment operational cybersecurity capabilities
A Situational Awareness Dashboard for a Security Operations Center
As a result of this dissertation, a solution was developed which would provide visibility
into an institution’s security posture and its exposure to risk. Achieving this required
the development of a Situational Awareness Dashboard in a cybersecurity context. This
Dashboard provides a unified point of view where workers ranging from analysts to
members of the executive board can consult and interact with a visual interface that
aggregates a set of strategically picked metrics. These metrics provide insight regarding
two main topics, the performance and risk of the organization’s Security Operations
Center (SOC).
The development of the dashboard was performed while working with the multinational
enterprise entitled EY. During this time frame, two dashboards were developed
one for each of two of EY’s clients inserted in the financial sector. Even though the first
solution did not enter production, hence not leaving testing, the dashboard that was developed
for the second client successfully was delivered fulfilling the set of objectives
that were proposed initially.
One of those objectives was enabling the solution to be as autonomous and selfsustained
as possible, through its system architecture. Despite having different architectural
components, both solutions were based on the same three-layered model. Whereas
the first component runs all data ingestion, parsing and transformation operations, the
second is in charge of the storage of said information into a database. Finally, the last
component, possibly the most important one, is the visualization software tasked with
displaying the previous information into actionable intelligence through the power of
data visualization.
All in all, the key points listed above converged into the development of a Situational
Awareness Dashboard which ultimately allows organizations to have visibility into the
SOC’s activities, as well as a perception of the performance and associated risks it faces.Como resultado desta dissertação, foi desenvolvida uma solução que proporcionaria visibilidade
sobre a postura de segurança de uma instituição e sua exposição ao risco. Para
tal foi necessário o desenvolvimento de um Situational Awareness Dashboard num contexto
de cibersegurança. Este Dashboard pretende fornecer um ponto de vista unificado
onde os trabalhadores, desde analistas a membros do conselho executivo, podem consultar
e interagir com uma interface visual que agrega um conjunto de métricas escolhidas
estrategicamente. Essas métricas fornecem informações sobre dois tópicos principais, o
desempenho e o risco do Security Operations Center (SOC) da organização.
O desenvolvimento do Dashboard foi realizado em parceria com a empresa multinacional
EY. Nesse perÃodo, foram desenvolvidos dois dashboards, um para cada um dos dois
clientes da EY inseridos no setor financeiro. Apesar de a primeira solução não ter entrado
em produção, não saindo de teste, o painel que foi desenvolvido para o segundo cliente
foi entregue com sucesso cumprindo o conjunto de objetivos inicialmente proposto.
Umdesses objetivos era permitir que a solução fosse o mais autónoma e auto-sustentável
possÃvel, através da sua arquitetura de sistema. Apesar de terem diferentes componentes
arquiteturais, ambas as soluções foram baseadas no mesmo modelo de três camadas.
Enquanto a primeiro componente executa todas as operações de ingestão, análise e transformação
de dados, a segundo é responsável pelo armazenamento dessas informações
numa base de dados. Finalmente, o último componente, possivelmente o mais importante,
é o software de visualização encarregue em exibir as informações anteriores em
inteligência acionável através do poder da visualização de dados.
Em suma, os pontos-chave listados acima convergiram no desenvolvimento de um
Situational Awareness Dashboard que, em última análise, permite que as organizações
tenham visibilidade das atividades do SOC, bem como uma percepção do desempenho e
dos riscos que esta enfrenta
InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data
Monitoring systems are paramount to the proactive detection and mitigation of problems in computer networks related to performance and security. Degraded performance and compromised end-nodes can cost computer networks downtime, data loss and reputation. InSight2 is a platform that models, analyzes and visualizes large scale Argus network flow data using up-to-date geographical data, organizational information, and emerging threats. It is engineered to meet the needs of network administrators with flexibility and modularity in mind. Scalability is ensured by devising multi-core processing by implementing robust software architecture. Extendibility is achieved by enabling the end user to enrich flow records using additional user provided databases. Deployment is streamlined by providing an automated installation script. State-of-the-art visualizations are devised and presented in a secure, user friendly web interface giving greater insight about the network to the end user
Challenges in Cybersecurity and Privacy - the European Research Landscape
Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects
Challenges in Cybersecurity and Privacy - the European Research Landscape
Cybersecurity and Privacy issues are becoming an important barrier for a trusted and dependable global digital society development. Cyber-criminals are continuously shifting their cyber-attacks specially against cyber-physical systems and IoT, since they present additional vulnerabilities due to their constrained capabilities, their unattended nature and the usage of potential untrustworthiness components. Likewise, identity-theft, fraud, personal data leakages, and other related cyber-crimes are continuously evolving, causing important damages and privacy problems for European citizens in both virtual and physical scenarios. In this context, new holistic approaches, methodologies, techniques and tools are needed to cope with those issues, and mitigate cyberattacks, by employing novel cyber-situational awareness frameworks, risk analysis and modeling, threat intelligent systems, cyber-threat information sharing methods, advanced big-data analysis techniques as well as exploiting the benefits from latest technologies such as SDN/NFV and Cloud systems. In addition, novel privacy-preserving techniques, and crypto-privacy mechanisms, identity and eID management systems, trust services, and recommendations are needed to protect citizens’ privacy while keeping usability levels. The European Commission is addressing the challenge through different means, including the Horizon 2020 Research and Innovation program, thereby financing innovative projects that can cope with the increasing cyberthreat landscape. This book introduces several cybersecurity and privacy research challenges and how they are being addressed in the scope of 15 European research projects. Each chapter is dedicated to a different funded European Research project, which aims to cope with digital security and privacy aspects, risks, threats and cybersecurity issues from a different perspective. Each chapter includes the project’s overviews and objectives, the particular challenges they are covering, research achievements on security and privacy, as well as the techniques, outcomes, and evaluations accomplished in the scope of the EU project. The book is the result of a collaborative effort among relative ongoing European Research projects in the field of privacy and security as well as related cybersecurity fields, and it is intended to explain how these projects meet the main cybersecurity and privacy challenges faced in Europe. Namely, the EU projects analyzed in the book are: ANASTACIA, SAINT, YAKSHA, FORTIKA, CYBECO, SISSDEN, CIPSEC, CS-AWARE. RED-Alert, Truessec.eu. ARIES, LIGHTest, CREDENTIAL, FutureTrust, LEPS. Challenges in Cybersecurity and Privacy - the European Research Landscape is ideal for personnel in computer/communication industries as well as academic staff and master/research students in computer science and communications networks interested in learning about cyber-security and privacy aspects
A Relevance Model for Threat-Centric Ranking of Cybersecurity Vulnerabilities
The relentless and often haphazard process of tracking and remediating vulnerabilities is a top concern for cybersecurity professionals. The key challenge they face is trying to identify a remediation scheme specific to in-house, organizational objectives. Without a strategy, the result is a patchwork of fixes applied to a tide of vulnerabilities, any one of which could be the single point of failure in an otherwise formidable defense. This means one of the biggest challenges in vulnerability management relates to prioritization. Given that so few vulnerabilities are a focus of real-world attacks, a practical remediation strategy is to identify vulnerabilities likely to be exploited and focus efforts towards remediating those vulnerabilities first. The goal of this research is to demonstrate that aggregating and synthesizing readily accessible, public data sources to provide personalized, automated recommendations that an organization can use to prioritize its vulnerability management strategy will offer significant improvements over what is currently realized using the Common Vulnerability Scoring System (CVSS). We provide a framework for vulnerability management specifically focused on mitigating threats using adversary criteria derived from MITRE ATT&CK. We identify the data mining steps needed to acquire, standardize, and integrate publicly available cyber intelligence data sets into a robust knowledge graph from which stakeholders can infer business logic related to known threats. We tested our approach by identifying vulnerabilities in academic and common software associated with six universities and four government facilities. Ranking policy performance was measured using the Normalized Discounted Cumulative Gain (nDCG). Our results show an average 71.5% to 91.3% improvement towards the identification of vulnerabilities likely to be targeted and exploited by cyber threat actors. The ROI of patching using our policies resulted in a savings in the range of 23.3% to 25.5% in annualized unit costs. Our results demonstrate the efficiency of creating knowledge graphs to link large data sets to facilitate semantic queries and create data-driven, flexible ranking policies. Additionally, our framework uses only open standards, making implementation and improvement feasible for cyber practitioners and academia
- …