The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Demertzis, Konstantinos; Tziritas, Nikos; Kikiras, Panayiotis; Sánchez, Salvador Llopis; Iliadis, Lazaros

doi:10.3390/bdcc3010006

Cited by 30 publications

(13 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deception-based defenses are potent weapons that have been proven to work in various domains. Their efficacy is based on the fact that they are programmed to exploit key biases to appear realistic but misleading substitutes to the hidden reality [ 79 , 80 , 81 , 82 , 83 , 84 , 85 , 86 , 87 , 88 , 89 , 90 , 91 , 92 , 93 , 94 , 95 , 96 , 97 , 98 , 99 , 100 , 101 , 102 , 103 , 104 , 105 , 106 , 107 , 108 ]. As a result, one will require a thorough understanding of both offensive and defensive trickery to implement a perfect Deception strategy.…”

Section: Discussionmentioning

confidence: 99%

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

With information systems worldwide being attacked daily, analogies from traditional warfare are apt, and deception tactics have historically proven effective as both a strategy and a technique for Defense. Defensive Deception includes thinking like an attacker and determining the best strategy to counter common attack strategies. Defensive Deception tactics are beneficial at introducing uncertainty for adversaries, increasing their learning costs, and, as a result, lowering the likelihood of successful attacks. In cybersecurity, honeypots and honeytokens and camouflaging and moving target defense commonly employ Defensive Deception tactics. For a variety of purposes, deceptive and anti-deceptive technologies have been created. However, there is a critical need for a broad, comprehensive and quantitative framework that can help us deploy advanced deception technologies. Computational intelligence provides an appropriate set of tools for creating advanced deception frameworks. Computational intelligence comprises two significant families of artificial intelligence technologies: deep learning and machine learning. These strategies can be used in various situations in Defensive Deception technologies. This survey focuses on Defensive Deception tactics deployed using the help of deep learning and machine learning algorithms. Prior work has yielded insights, lessons, and limitations presented in this study. It culminates with a discussion about future directions, which helps address the important gaps in present Defensive Deception research.

show abstract

Section: Discussionmentioning

confidence: 99%

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Mohan

Dixit

Gyaneshwar

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…We consider visualization as not a key tactic for a SOC, but a technique for human analysis. Especially when dealing with big data environments, situational awareness in any of its forms is an important decision-support mechanism [43] [44] for Computer Network Defense. From an architectural point of view, the layers of a SOC have also been analyzed in works such as [35] or [5].…”

Section: Figure 3: Soc Funnelmentioning

confidence: 99%

SOC Critical Path: A Defensive Kill Chain Model

2022

View full text Add to dashboard Cite

Different kill chain models have been defined and analyzed to provide a common sequence of actions followed in offensive cyber operations. These models allow analysts to identify these operations and to understand how they are executed. However, there is a lack of an equivalent model from a defensive point of view: this is, there is no common sequence of actions for the detection of threats and their accurate response. This lack causes not only problems such as unstructured approaches and conceptual errors but, what is most important, inefficiency in the detection and response to threats, as defensive tactics are not well identified. For this reason, in this work we present a defensive kill chain approach where tactics for teams in charge of cyber defense activities are structured and arranged. We introduce the concept of SOC Critical Path (SCP), a novel kill chain model to detect and neutralize threats. SCP is a technology-independent model that provides an arrangement of mandatory steps, in the form of tactics, to be executed by Computer Network Defense teams to detect hostile cyber operations. By adopting this novel model, these teams increase the performance and the effectiveness of their capabilities through a common framework that formalizes the steps to follow for the detection and neutralization of threats. In this way, our work can be used not only to identify detection and response gaps, but also to implement a continuous improvement cycle over time.

show abstract

“…As Jajodia et al stated in [27]: to protect critical network infrastructures and missions, we must understand not only the vulnerabilities of each individual system, but also their inter-dependencies and how they support missions, which gains difficulty when operating on emerging technological ecosystems [28,29], combining the perception of both insider and outsider threats [30] or facing adversarial evasion tactics [31,32] . At the same time, they proposed a framework to obtain mission-centric SA (Cauldron) combining data fusion, network paths of vulnerabilities, alert correlation, mission impact analysis and recommended reactive/proactive mitigation actions [33,34].…”

Section: Mission-centric Cyber Situational Awarenessmentioning

confidence: 99%

Understanding and Assessment of Mission-Centric Key Cyber Terrains for joint Military Operations

Martínez¹,

Vidal²,

González³

2021

Preprint

View full text Add to dashboard Cite

Since the cyberspace consolidated as fifth warfare dimension, the different actors of the defense sector began an arms race toward achieving cyber superiority, on which research, academic and industrial stakeholders contribute from a dual vision, mostly linked to a large and heterogeneous heritage of developments and adoption of civilian cybersecurity capabilities. In this context, augmenting the conscious of the context and warfare environment, risks and impacts of cyber threats on kinetic actuations became a critical rule-changer that military decision-makers are considering. A major challenge on acquiring mission-centric Cyber Situational Awareness (CSA) is the dynamic inference and assessment of the vertical propagations from situations that occurred at the mission supportive Information and Communications Technologies (ICT), up to their relevance at military tactical, operational and strategical views. In order to contribute on acquiring CSA, this paper addresses a major gap in the cyber defence state-of-the-art: the dynamic identification of Key Cyber Terrains (KCT) on a mission-centric context. Accordingly, the proposed KCT identification approach explores the dependency degrees among tasks and assets defined by commanders as part of the assessment criteria. These are correlated with the discoveries on the operational network and the asset vulnerabilities identified thorough the supported mission development. The proposal is presented as a reference model that reveals key aspects for mission-centric KCT analysis and supports its enforcement and further enforcement by including an illustrative application case.

show abstract

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Cited by 30 publications

References 50 publications

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

Leveraging Computational Intelligence Techniques for Defensive Deception: A Review, Recent Advances, Open Problems and Future Directions

SOC Critical Path: A Defensive Kill Chain Model

Understanding and Assessment of Mission-Centric Key Cyber Terrains for joint Military Operations

Contact Info

Product

Resources

About