Cyber Situation Awareness via IP Flow Monitoring

Jirsík, Tomáš; Čeleda, Pavel

doi:10.1109/noms47738.2020.9110327

Cited by 6 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hence, identifying various network vulnerabilities impact assessments will provide knowledge of future impact projection. Prior studies have discussed different techniques to improve cyber situational awareness [7], [24], [25], mainly for analyzing the trends in network traffic. With the evolution of grid networks, there are increasing security threats due to the expanding volume of data transmitted on the grid.…”

Section: Networkmentioning

confidence: 99%

Predicting Cyber-Attack using Cyber Situational Awareness: The Case of Independent Power Producers (IPPs)

Matey¹,

Danquah²,

Koi-Akrofi³

2022

IJACSA

View full text Add to dashboard Cite

The increasing critical dependencies on Internetof-Things (IoT) have raised security concerns; its application on the critical infrastructures (CIs) for power generation has come under massive cyber-attack over the years. Prior research efforts to understand cybersecurity from Cyber Situational Awareness (CSA) perspective fail to critically consider the various Cyber Situational Awareness (CSA) security vulnerabilities from a human behavioural perspective in line with the CI. This study evaluates CSA elements to predict cyber-attacks in the power generation sector. Data for this research article was collected from IPPs using the survey method. The analysis method was employed through Partial Least Squares Structural Equation Modeling (PLS-SEM) to assess the proposed model. The results revealed negative effects on people and cyber-attack, but significant in predicting cyber-attacks. The study also indicated that information handling is significant and positively influences cyber-attack. The study also reveals no mediation effect between the association of People and Attack and Information and Attack. It could result from an effective cyber security control implemented by the IPPs. Finally, the study also shows no sign of network infrastructure cyber-attack predictions. The reasons could be because managers of IPPs had adequate access policies and security measures in place.

show abstract

Section: Networkmentioning

confidence: 99%

Predicting Cyber-Attack using Cyber Situational Awareness: The Case of Independent Power Producers (IPPs)

Matey¹,

Danquah²,

Koi-Akrofi³

2022

IJACSA

View full text Add to dashboard Cite

show abstract

“…Analytic hierarchy process [ 31 , 32 ], along with D-S evidence theory [ 33 ], was utilized to fuse multi-source data, and eventually streamline the cyber-situational assessment process. Finally, T. Jirsik et al in [ 34 , 35 ] approached situational awareness in a more traditional manner. They introduced a new and enhanced way to analyze network flows by taking advantage of the integrated meta-data that IPFIX [ 36 ] provides, resulting in a more detailed understanding of the network while eliminating the need for extra parsers, like syslog, due to the extra, non-network data from IPFIX.…”

Section: State Of the Artmentioning

confidence: 99%

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Nikoloudakis

Kefaloukos

Stylianos

et al. 2021

Sensors

View full text Add to dashboard Cite

The ever-increasing number of internet-connected devices, along with the continuous evolution of cyber-attacks, in terms of volume and ingenuity, has led to a widened cyber-threat landscape, rendering infrastructures prone to malicious attacks. Towards addressing systems’ vulnerabilities and alleviating the impact of these threats, this paper presents a machine learning based situational awareness framework that detects existing and newly introduced network-enabled entities, utilizing the real-time awareness feature provided by the SDN paradigm, assesses them against known vulnerabilities, and assigns them to a connectivity-appropriate network slice. The assessed entities are continuously monitored by an ML-based IDS, which is trained with an enhanced dataset. Our endeavor aims to demonstrate that a neural network, trained with heterogeneous data stemming from the operational environment (common vulnerability enumeration IDs that correlate attacks with existing vulnerabilities), can achieve more accurate prediction rates than a conventional one, thus addressing some aspects of the situational awareness paradigm. The proposed framework was evaluated within a real-life environment and the results revealed an increase of more than 4% in the overall prediction accuracy.

show abstract

“…Accurate identification of IP flows and proper management of lambda connections are important tasks to achieve the desired move. Two approaches are currently used for that [17]: conventional management and GMPLS signaling. The former is characterized by a centralized management entity such as a human manager or an automated management process, that oversees establishing lambda-connections and deciding which IP flows should be moved to the optical level.…”

Section: Lambda Architecture Explainedmentioning

confidence: 99%

Review of Knowledge Management in Optical Networks, Lambda Architecture using Database Technologies in Cloud Settings

Fofanah¹,

Koroma²,

Fofana³

2021

IJSRP

View full text Add to dashboard Cite

In this paper, we present concepts, theories, and overview of knowledge management in an autonomous optical networks and Lamba Architecture in cloud related environment. This study presents some illustrative cases that has been used to illustrate the potential application of KM architecture and to evaluate the various policies for the knowledge sharing and integration algorithm. Here the knowledge is used at the optical transponder system level, sharing, and integration implemented at the node level and supervising and data analytics (SDA) controller level. The KM process has been evaluated by integrating on a metro-network situation in terms of model error convergence time and the data shared among agents. Indeed, the propagation and reinforcement actions illustrated by similar convergence time than data-based policies at various phases of the network learning process without compromising the convergence accuracy of the model prediction. The Lambda Architecture is the new model for Big Data and database research focus, that helps in data processing with a balance on throughput, latency, and fault-tolerance. To provide a complete solution and better accuracy, low latency, and high throughput, there exists no single tool. This introduced the idea to use a set of tools and methods to build a comprehensive Big Data approach. Although this paper does not provide a developed and working tool, however, provides an outline and the methods used by researchers to overcome some of the shortcomings of Lambda Architecture. The Lambda Architecture defines a set of layers to fit in a set of tools and methods rightly for constructing a comprehensive Big Data scheme: Speed Layer, Serving Layer, Batch Layer. Each layer satisfies a set of features and builds upon the functionality delivered by the layers beneath it. The Batch Layer is the place where the master dataset is warehoused, which is an unchangeable and add-only set of raw data. Also, the batch layer computes before the results using a distributed processing system like Hadoop, Apache Spark that can manage large amounts of data. The Speed Layer encapsulates new data coming in real-time and processes it. The Serving Layer comprises a parallel processing query steam engine, that takes results from both Batch and Speed Layers and responds to questions and requests in real-time with low latency. Stack Overflow is a Question-and-Answer forum with an enormous user community, millions of posts with rapid growth over the years. This paper demonstrates the Lambda Architecture by constructing a data pipeline, to add a new "Recommended Questions" section in the Stack Overflow user profile and update the questions suggested in real-time. Additionally, various indicators such as trending tags, user performance numbers such as are shown in user dashboard by querying through batch processing layer. Finally, this paper provides a seamless search of the various methods or techniques used to help solve complex databases which are provided by Stack Overflow platform infrastructure.

show abstract

Cyber Situation Awareness via IP Flow Monitoring

Cited by 6 publications

References 18 publications

Predicting Cyber-Attack using Cyber Situational Awareness: The Case of Independent Power Producers (IPPs)

Predicting Cyber-Attack using Cyber Situational Awareness: The Case of Independent Power Producers (IPPs)

Towards a Machine Learning Based Situational Awareness Framework for Cybersecurity: An SDN Implementation

Review of Knowledge Management in Optical Networks, Lambda Architecture using Database Technologies in Cloud Settings

Contact Info

Product

Resources

About