On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F23%3A00130688" target="_blank" >RIV/00216224:14610/23:00130688 - isvavai.cz</a>
Result on the web
<a href="https://link.springer.com/chapter/10.1007/978-3-031-44355-8_12" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-44355-8_12</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/978-3-031-44355-8_12" target="_blank" >10.1007/978-3-031-44355-8_12</a>
Alternative languages
Result language
angličtina
Original language name
On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics
Original language description
In this paper, we posit how semi-static (i.e., not changing very often) complex computer network-based intelligence using graphbased analytics can become enablers of Cyber Situational Awareness (CSA) (i.e., perception, comprehension, and projection of situations in a cyber environment). A plethora of newly surfaced cyber security researchers have used graph-based analytics to facilitate particular down tasks in dynamic complex cyber environments. This includes graph-, node- and edge-level detection, classification, and others (e.g., credit card fraudulent transactions as an edge classification problem). To the best of our knowledge, very limited efforts have consolidated the outputs of heterogeneous computer network monitoring and reconnaissance tools (e.g., Nmap) in enabling actionable CSA. As such, in this work, we address this literature gap while describing several use cases of graph traversal, graph measures, and subgraph mining in vulnerability and security state assessment, attack projection and mitigation, and device criticality estimation. We highlight the benefits of the graph-based approaches compared to traditional methods. Finally, we postulate open research and application challenges in graph-based analytics for CSA to prompt promising research directions and operational capabilities.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10200 - Computer and information sciences
Result continuities
Project
<a href="/en/project/EH22_010%2F0003229" target="_blank" >EH22_010/0003229: MSCAfellow5_MUNI</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2023
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Complex Computational Ecosystems
ISBN
9783031443541
ISSN
0302-9743
e-ISSN
—
Number of pages
13
Pages from-to
167-179
Publisher name
Springer Nature
Place of publication
Cham, Switzerland
Event location
Baku
Event date
Apr 25, 2023
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
—