Detecting and correlating supranational threats for critical infrastructures
As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.
Detecting and correlating supranational threats for critical infrastructures
15th European Conference on Cyber Warfare and Security
| Authors: | Konstantin Böttinger, Gerhard Hansch, and Bartol Filipovic |
| Year/month: | 2016/7 |
| Booktitle: | 15th European Conference on Cyber Warfare and Security |
| Pages: | 34-41 |
| Address: | Universitat der Bundeswehr Munich, Germany |
| Fulltext: |
Abstract |
|
| As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph. | |
Bibtex:
@inproceedings { eu_ec_2016_1,author = { Konstantin Böttinger and Gerhard Hansch and Bartol Filipovic},
title = { Detecting and correlating supranational threats for critical infrastructures },
year = { 2016 },
month = { July },
booktitle = { 15th European Conference on Cyber Warfare and Security },
address = { Universitat der Bundeswehr Munich, Germany },
pages = { 34-41 },
}