RicherPicture: Semi-automated cyber defence using context-aware data analytics
| Title | RicherPicture: Semi-automated cyber defence using context-aware data analytics |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Erola, A., Agrafiotis, I., Happa, J., Goldsmith, M., Creese, S., Legg, P. A. |
| Conference Name | 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) |
| Date Published | June 2017 |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-5060-4 |
| Keywords | attack-surface, attack-trend data, automated network defences, automated network-defence actions, Automated Response Actions, Business, composability, Computer crime, Computer science, context-aware data analytics, correlating network data, cyber attacks detection, cyber attacks prevention, Cyber defence, cyber-threat landscape, Data analysis, data sources, data visualisation, decision making, decision-making process, Electronic mail, incident response strategy, information, learning (artificial intelligence), nonnetwork data, operational aspects, organisation, organisational data, pubcrawl, Resiliency, RicherPicture, security, security of data, Security Operation Centre environment, synthetic scenarios, technological developments, threat intelligence data, Tools, visual analytics |
| Abstract | In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision-making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further. |
| URL | https://ieeexplore.ieee.org/document/8073399 |
| DOI | 10.1109/CyberSA.2017.8073399 |
| Citation Key | erola_richerpicture:_2017 |
- Resiliency
- Electronic mail
- incident response strategy
- information
- learning (artificial intelligence)
- nonnetwork data
- operational aspects
- organisation
- organisational data
- pubcrawl
- decision-making process
- RicherPicture
- security
- security of data
- Security Operation Centre environment
- synthetic scenarios
- technological developments
- threat intelligence data
- tools
- visual analytics
- correlating network data
- attack-trend data
- automated network defences
- automated network-defence actions
- Automated Response Actions
- Business
- composability
- Computer crime
- computer science
- context-aware data analytics
- attack-surface
- cyber attacks detection
- cyber attacks prevention
- Cyber defence
- cyber-threat landscape
- data analysis
- data sources
- data visualisation
- Decision Making