CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

Logo poskytovatele

Varování

Publikace nespadá pod Pedagogickou fakultu, ale pod Ústav výpočetní techniky. Oficiální stránka publikace je na webu muni.cz.
Autoři

HUSÁK Martin SADLEK Lukáš ŠPAČEK Stanislav LAŠTOVIČKA Martin JAVORNÍK Michal KOMÁRKOVÁ Jana

Rok publikování 2022
Druh Článek v odborném periodiku
Časopis / Zdroj Computers & Security
Fakulta / Pracoviště MU

Ústav výpočetní techniky

Citace
www https://www.sciencedirect.com/science/article/pii/S0167404822000086
Doi http://dx.doi.org/10.1016/j.cose.2022.102609
Klíčová slova Cyber situational awareness;OODA Loop;Decision support;Network monitoring;Incident response
Přiložené soubory
Popis The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.
Související projekty:

Používáte starou verzi internetového prohlížeče. Doporučujeme aktualizovat Váš prohlížeč na nejnovější verzi.