Incidents Information Sharing Platform for Distributed Attack Detection

Fotiadou, Konstantina; Velivassaki, Terpsichori-Helen; Voulkidis, Artemis; Railis, Konstantinos; Trakadas, Panagiotis; Zahariadis, Theodore

doi:10.1109/ojcoms.2020.2989925

Cited by 10 publications

(8 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This paper provides a modification of our previous work [54] in designing a formulation that uploads, monitors and analyses network logs utilizing the pfSense software [1]. For each new network log that arrives our system, Apache Spark Streaming [3] is used for its monitoring in (semi) real-time conditions.…”

Section: Proposed Formulationmentioning

confidence: 99%

Network Traffic Anomaly Detection via Deep Learning

et al. 2021

Self Cite

View full text Add to dashboard Cite

Network intrusion detection is a key pillar towards the sustainability and normal operation of information systems. Complex threat patterns and malicious actors are able to cause severe damages to cyber-systems. In this work, we propose novel Deep Learning formulations for detecting threats and alerts on network logs that were acquired by pfSense, an open-source software that acts as firewall on FreeBSD operating system. pfSense integrates several powerful security services such as firewall, URL filtering, and virtual private networking among others. The main goal of this study is to analyse the logs that were acquired by a local installation of pfSense software, in order to provide a powerful and efficient solution that controls traffic flow based on patterns that are automatically learnt via the proposed, challenging DL architectures. For this purpose, we exploit the Convolutional Neural Networks (CNNs), and the Long Short Term Memory Networks (LSTMs) in order to construct robust multi-class classifiers, able to assign each new network log instance that reaches our system into its corresponding category. The performance of our scheme is evaluated by conducting several quantitative experiments, and by comparing to state-of-the-art formulations.

show abstract

Section: Proposed Formulationmentioning

confidence: 99%

Network Traffic Anomaly Detection via Deep Learning

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Security information and event management (SIEM) solutions aim at providing real time analysis and management of security alerts. They are commonly used in production environments, to have a global picture of the security status of an IT infrastructure, and can allow administrators to perceive a threat before it can maximize its damage [ 44 ].…”

Section: Review Of the State-of-the-artmentioning

confidence: 99%

Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture

Masip-Bruin

Marín‐Tordera

Ruiz

et al. 2021

Sensors

Self Cite

View full text Add to dashboard Cite

The specific demands of supply chains built upon large and complex IoT systems, make it a must to design a coordinated framework for cyber resilience provisioning, intended to guarantee trusted supply chains of ICT systems, built upon distributed, dynamic, potentially insecure, and heterogeneous ICT infrastructures. As such, the solution proposed in this paper is envisioned to deal with the whole supply chain system components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability, and mitigation strategies, as well as security metrics and evidence-based security assurance. In this paper, we present FISHY as a preliminary architecture that is designed to orchestrate existing and beyond state-of-the-art security appliances in composed ICT scenarios. To this end, the FISHY architecture leverages the capabilities of programmable networks and IT infrastructure through seamless orchestration and instantiation of novel security services, both in real-time and proactively. The paper also includes a thorough business analysis to go far beyond the technical benefits of a potential FISHY adoption, as well as three real-world use cases highlighting the envisioned benefits of a potential FISHY adoption.

show abstract

“…Security Information and Event Management (SIEM) solutions aim at providing real-time analysis and management of security alerts. They are commonly used in production environments to have a global picture of the security status of an IT infrastructure and can allow administrators to perceive a threat before it can maximize its damage [43].…”

Section: Threat Intelligence and Information Sharingmentioning

confidence: 99%

Provisioning Cybersecurity in ICT Complex Supply Chains: An Overview, Key Issues and a Relevant Architecture

Masip-Bruin¹,

Marín‐Tordera²,

Ruiz³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

The specific demands inherent to supply chains built upon large IoT systems, make a must the design of a coordinated framework for cyber resilience provisioning intended to guaranteeing trusted supply chains of ICT systems, built upon distributed, dynamic, potentially insecure and heterogeneous ICT infrastructures. As such, the proposed solution is envisioned to deal with the whole supply chain system components, from the IoT ecosystem to the infrastructure connecting them, addressing security and privacy functionalities related to risks and vulnerabilities management, accountability and mitigation strategies as well as security metrics and evidence-based security assurance. In this paper we present FISHY, as a preliminary designed architecture, designed to orchestrate both existing and beyond state-of-the-art security appliances in composed ICT scenarios and also leveraging capabilities of programmable network and IT infrastructure through seamless orchestration and instantiation of novel security services, both in real-time and proactively. The paper also includes a thorough business analysis to go far beyond the technical benefits of a potential FISHY adoption as well as three real-world use cases where to strongly support the envisioned benefits of a FISHY adoption.

show abstract

Incidents Information Sharing Platform for Distributed Attack Detection

Cited by 10 publications

References 33 publications

Network Traffic Anomaly Detection via Deep Learning

Network Traffic Anomaly Detection via Deep Learning

Cybersecurity in ICT Supply Chains: Key Challenges and a Relevant Architecture

Provisioning Cybersecurity in ICT Complex Supply Chains: An Overview, Key Issues and a Relevant Architecture

Contact Info

Product

Resources

About