Cyber onboarding is ‘broken'

Cyber security operations centre (CSOC) is a horizontal business function responsible primarily for managing cyber incidents, in addition to cyber-attack detection, security monitoring, security incident triage, analysis and coordination. To monitor systems, networks, applications and services the CSOC must first on-board the systems and services onto their security monitoring and incident management platforms. Cyber Onboarding (a.k.a. Onboarding) is a specialist technical process of setting up and configuring systems and services to produce appropriate events, logs and metrics which are monitored through the CSOC security monitoring and incident management platform. First, logging must be enabled on the systems and applications, second, they must produce the right set of computing and security logs, events, traps and messages which are analysed by the detection controls, security analytics systems and security event monitoring systems such as SIEM, and sensors etc.; and further, network-wide information e.g. flow data, heartbeats and network traffic information are collected and analysed, and finally, threat intelligence data are ingested in real-time to detect, or be informed of threats which are out in the wild. While setting up a CSOC could be straightforward, unfortunately, the ‘people’ and ‘process’ aspects that underpin the CSOC are often challenging, complicated and occasionally unworkable. In this paper, CSOC and Cyber Onboarding are thoroughly discussed, and the differences between SOC vs SIEM are explained. Key challenges to Cyber Onboarding are identified through the reframing matrix methodology, obtained from four notable perspectives – Cyber Onboarding Perspective, CSOC Perspective, Client Perspective and Senior Management Team Perspective. Each of the views and interests are discussed, and finally, recommendations are provided based on lessons learned implementing CSOCs for many organisations – e.g. government departments, financial institutions and private sectors

SOTER: a playbook for cyber security incident management

SOTER, a cyber security incident management playbook, is developed to provide a comprehensive model to manage cyber security incidents, particularly for the cyber security operations centre. The proposed playbook is adaptive, cross-sectorial, and process driven. Each key components of the incident management playbook are outlined and discussed. Further, a lexicon based on equivalence mapping is developed and used to map existing cyber security incident vocabulary and taxonomy into a common and consistent lexicon to aid understanding among incident management stakeholder communities – national, government and private sectors. A versatile workbook model has been explored which proves to be adaptable to serve a wide range of cases for successfully managing government and private sector security operations centre. Cyber security incident sharing partnership, formalism for metric and measurements of cyber security incident parameters, and cyber security incident classification and prioritisation schemes are presented, and finally, cyber security incident ‘plays’ and playbook templates are discussed

Two-level architecture for rule-based business process management

One of the main challenges in Business Process Management (BPM) systems is the need to adapt business rules in real time. A serious obstacle is the lack of adaptable formal models for managing dynamic business rules. This is, due to the inadequacy of the models ability to describe the rule components, meta-rules, relationships and logical dependencies. To overcome this drawback, this paper presents a two-level rule-based approach to control BPM systems. The model accounts for logical representation of rules components and their relationships in Process-based Systems, as well as a method for incremental indexing of the business rules. The incremental indexing mechanism is described as an approach to control process execution and adaptation of business rules in real time based on rules propagation. Therefore this model provides a basis for an efficient and adaptable solution for managing business rules changes

OntoCarer: an ontological framework for assistive agents for the disabled

The OntoCarer Framework is a research programme of the Centre for Intelligent Systems Research of London Metropolitan University which aims at utilizing contemporary Web and Mobile Internet technologies for assisting disabled, elderly and impaired people. In this framework software agents will act on behalf of both the assisted and the assisting people. Its conceptual foundation is based on the World Health Organisation classification of Functioning, Disability and Health. The software agents will be located on their mobile telephones, and coordinated through service organisation agent. The representations used for the agent profiles will be Semantic Web ones built using RDF/OWL. The agent planning in the framework is organized on two-levels, combining an offline deductive planner, based on the BDI theory of rational behaviour and semantic pattern matching, and a continuous online planning, based on an action ontology and event-driven programming. This paper presents the pilot implementation of the framework which utilizes only standard communications infrastructure, public service hosting, open source software and inexpensive mobile devices

Parallel querying of distributed ontologies with shared vocabulary

Ontologies and various semantic repositories became a convenient approach for implementing model-driven architectures of distributed systems on the Web. SPARQL is the standard query language for querying such. However, although SPARQL is well-established standard for querying semantic repositories in RDF and OWL format and there are commonly used APIs which supports it, like Jena for Java, its parallel option is not incorporated in them. This article presents a complete framework consisting of an object algebra for parallel RDF and an index-based implementation of the parallel query engine capable of dealing with the distributed RDF ontologies which share common vocabulary. It has been implemented in Java, and for validation of the algorithms has been applied to the problem of organizing virtual exhibitions on the Web

3D Simulation-based Analysis of Individual and Group Dynamic Behaviour in Video Surveillance

The visual behaviour analysis of individual and group dynamics is a subject of extensive research in both academia and industry. However, despite the recent technological advancements, the problem remains difficult. Most of the approaches concentrate on direct extraction and classification of graphical features from the video feed, analysing the behaviour directly from the source. The major obstacle, which impacts the real-time performance, is the necessity of combining processing of enormous volume of video data with complex symbolic data analysis. In this paper, we present the results of the experimental validation of a new method for dynamic behaviour analysis in visual analytics framework, which has as a core an agent-based, event-driven simulator. Our method utilizes only limited data extracted from the live video to analyse the activities monitored by surveillance cameras. Through combining the ontology of the visual scene, which accounts for the logical features of the observed world, with the patterns of dynamic behaviour, approximating the visual dynamics of the world, the framework allows recognizing the behaviour patterns on the basis of logical events rather than on physical appearance. This approach has several advantages. Firstly, the simulation reduces the complexity of data processing by eliminating the need of precise graphic data. Secondly, the granularity and precision of the analysed behaviour patterns can be controlled by parameters of the simulation itself. The experiments prove in a convincing manner that the simulation generates rich enough data to analyse the dynamic behaviour in real time with sufficient precision, completely adequate for many applications of video surveillance

Simulation-based visual analysis of individual and group dynamic behavior

The article presents a new framework for individual and group dynamic behavior analysis with wide applicability to video surveillance and security, accidents and safety management, customer insight and computer games. It combines graphical multi-agent simulation and motion pattern recognition for performing visual data analysis using an object-centric approach. The article describes the simulation model used for modeling the individual and group dynamics which is based on the analytical description of dynamic trajectories in closed micro-worlds and the individual and group behavior patterns exhibited by the agents in the visual scene. The simulator is implemented using 3D graphics tools and supports real-time event log analysis for pattern recognition and classification of the individual and group agent’s behavior

Adaptive business rules framework for workflow management

Changing scattered and dynamic business rules in Business Workflow Systems has become a growing problem that hinders the use and configuration of workflow-based applications. There is a gap in the existing research studies which currently focus on solutions that are application specific, without accounting for the universal logical dependencies between the business rules and, as a result, do not support adaptation of the business rules in real time. Design/methodology/approach – To tackle the above problems, this paper adopts a bottom-up approach, which puts forward a component model of the business process workflows and business rules based on purely logical specification which allows incremental development of the workflows and indexing of the rules which govern them during the initial acquisition and real-time execution. Results – The paper introduces a component-based event-driven model for development of business workflows which is purely logic based and can be easily implemented using an object-oriented technology together with a formal model for accounting the business rules dependencies together with a new method for incremental indexing of the business rules controlling the workflows. It proposes a two-level inference mechanism as a vehicle for controlling the business process execution and adaptation of the business rules at real time based on propagating the dependencies between the rules. Originality/value –The major achievement of this research is the universal, strictly logic-based event-driven framework for business process modelling and control which allows automatic adaptation of the business rules governing the business workflows based on accounting for their structural dependencies. An additional advantage of the framework is its support for object-oriented technology which can be implemented with enterprise-level quality and efficiency. Although developed primarily for application in construction industry the framework is entirely domain-independent and can be used in other industries, too

K-Nearest Neighbours Based Classifiers for Moving Object Trajectories Reconstruction

This article presents an exemplary prototype implementation of an Application Programming Interface (API) for incremental reconstruction of the trajectories of moving objects captured by Closed-Circuit Television (CCTV) and High-Definition Television (HDTV) cameras based on KNearest Neighbor (KNN) classifiers. This paper proposes a model-driven approach for trajectory reconstruction based on machine learning algorithms which is more efficient than other approaches for dynamic tracking, such as RGB-D (Red, Green and Red Color model with Depth) images or scale or rotation approaches. The existing approaches typically need a low-level information from the input video stream but the environment factors (indoor light, outdoor light) affect the results. The use of a predefined model allows to avoid this since the data is naturally filtered. Experiments on different input video streams demonstrate that the proposed approach is efficient for solving the tracking of moving objects in input streams in real time because it needs less granular information from the input stream. The research reported here is part of a research program of the Cyber Security Research Centre of London Metropolitan University for real-time video analytics with applicability to surveillance in security, disaster recovery and safety management, and customer insight

A Comprehensive Analysis of the Role of Artificial Intelligence and Machine Learning in Modern Digital Forensics and Incident Response

In the dynamic landscape of digital forensics, the integration of Artificial Intelligence (AI) and Machine Learning (ML) stands as a transformative technology, poised to amplify the efficiency and precision of digital forensics investigations. However, the use of ML and AI in digital forensics is still in its nascent stages. As a result, this paper gives a thorough and in-depth analysis that goes beyond a simple survey and review. The goal is to look closely at how AI and ML techniques are used in digital forensics and incident response. This research explores cutting-edge research initiatives that cross domains such as data collection and recovery, the intricate reconstruction of cybercrime timelines, robust big data analysis, pattern recognition, safeguarding the chain of custody, and orchestrating responsive strategies to hacking incidents. This endeavour digs far beneath the surface to unearth the intricate ways AI-driven methodologies are shaping these crucial facets of digital forensics practice. While the promise of AI in digital forensics is evident, the challenges arising from increasing database sizes and evolving criminal tactics necessitate ongoing collaborative research and refinement within the digital forensics profession. This study examines the contributions, limitations, and gaps in the existing research, shedding light on the potential and limitations of AI and ML techniques. By exploring these different research areas, we highlight the critical need for strategic planning, continual research, and development to unlock AI's full potential in digital forensics and incident response. Ultimately, this paper underscores the significance of AI and ML integration in digital forensics, offering insights into their benefits, drawbacks, and broader implications for tackling modern cyber threats