An orchestration approach for unwanted Internet traffic identification

Abstract: The fulfillment of this Thesis would not have been possible without the contribution of a large number of persons. The first persons I am deeply indebted to are my wife Livia Soraya and my children"s Gabriel, Bruna and Luísa. While they did not contribute to this Thesis directly, but I would like to thank them for their support and love. I would also like to thank my parents, Clarice and José Ribamar, for their important support. I owe a big thank-you to my Thesis advisor, Djamel Sadok, who offered the opportu… Show more

“…Example of IOC can be forensics artifacts, virus signatures, IPs/ domain of botnets, and MD5 hashes of attacks files. Most of the security orchestration platforms have considered threat intelligence as an essential element to identify attack behavior at an early stage [30,49,51]. Security orchestration with Global Threat Intelligence Platform (GTIP) [30] incorporates proactive defense technologies including threat intelligence.…”

“…The proposed XX:17 ontology-based event correlation architecture has a correlation module, that works as a reasoner. Feitosa et al [49] proposed a collaborative solution to detect intrusion and anomalies by analyzing the co-creation of events and alerts among different subnetworks. It derives policy decision based on the contextual data it receives from an orchestration engine [49].…”

“…Feitosa et al [49] proposed a collaborative solution to detect intrusion and anomalies by analyzing the co-creation of events and alerts among different subnetworks. It derives policy decision based on the contextual data it receives from an orchestration engine [49]. The solution proposed by [47] tried to find correlation among IOC data to check relation among threat data.…”

“…The remediation module brings automation in security orchestration solutions and delivers significant ROI and drive downtime to remediation [90]. The OADS system proposed in [49] has a central controller to implement the established sequence of actions with a process, including exceptions and conditions. Enterprise level security orchestrator [16] has a remediation module that has two main elements: response storage and remediation engine.…”

“…Moreover, organizations lack a single security tool that can encompass the whole of the security operations. Isolated security tools are considered as a lousy communicator and cannot always assume the presence of another tool [12,30,31,49,84,101]. Several security tools fail to guarantee the protection of an organization's infrastructure as they work in an isolated way and focus on solving the specific problem [62,65,86].…”

A Multi-Vocal Review of Security Orchestration

“…Example of IOC can be forensics artifacts, virus signatures, IPs/ domain of botnets, and MD5 hashes of attacks files. Most of the security orchestration platforms have considered threat intelligence as an essential element to identify attack behavior at an early stage [30,49,51]. Security orchestration with Global Threat Intelligence Platform (GTIP) [30] incorporates proactive defense technologies including threat intelligence.…”

“…The proposed XX:17 ontology-based event correlation architecture has a correlation module, that works as a reasoner. Feitosa et al [49] proposed a collaborative solution to detect intrusion and anomalies by analyzing the co-creation of events and alerts among different subnetworks. It derives policy decision based on the contextual data it receives from an orchestration engine [49].…”

“…Feitosa et al [49] proposed a collaborative solution to detect intrusion and anomalies by analyzing the co-creation of events and alerts among different subnetworks. It derives policy decision based on the contextual data it receives from an orchestration engine [49]. The solution proposed by [47] tried to find correlation among IOC data to check relation among threat data.…”

“…The remediation module brings automation in security orchestration solutions and delivers significant ROI and drive downtime to remediation [90]. The OADS system proposed in [49] has a central controller to implement the established sequence of actions with a process, including exceptions and conditions. Enterprise level security orchestrator [16] has a remediation module that has two main elements: response storage and remediation engine.…”

“…Moreover, organizations lack a single security tool that can encompass the whole of the security operations. Isolated security tools are considered as a lousy communicator and cannot always assume the presence of another tool [12,30,31,49,84,101]. Several security tools fail to guarantee the protection of an organization's infrastructure as they work in an isolated way and focus on solving the specific problem [62,65,86].…”

A Multi-Vocal Review of Security Orchestration

Automated Interpretation and Integration of Security Tools Using Semantic Knowledge

Architecture-Centric Support for Integrating Security Tools in a Security Orchestration Platform