System for Continuous Collection of Contextual Information for Network Security Management and Incident Handling

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F21%3A00122049" target="_blank" >RIV/00216224:14610/21:00122049 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/abs/10.1145/3465481.3470037" target="_blank" >https://dl.acm.org/doi/abs/10.1145/3465481.3470037</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3465481.3470037" target="_blank" >10.1145/3465481.3470037</a>

Jazyk výsledku

angličtina

Název v původním jazyce

System for Continuous Collection of Contextual Information for Network Security Management and Incident Handling

Popis výsledku v původním jazyce

In this paper, we describe a system for the continuous collection of data for the needs of network security management. When a cybersecurity incident occurs in the network, the contextual information on the involved assets facilitates estimating the severity and impact of the incident and selecting an appropriate incident response. We propose a system based on the combination of active and passive network measurements and the correlation of the data with third-party systems. The system enumerates devices and services in the network and their vulnerabilities via fingerprinting of operating systems and applications. Further, the system pairs the hosts in the network with contacts on responsible administrators and highlights critical infrastructure and its dependencies. The system concentrates all the information required for common incident handling procedures and aims to speed up incident response, reduce the time spent on the manual investigation, and prevent errors caused by negligence or lack of information.

Název v anglickém jazyce

System for Continuous Collection of Contextual Information for Network Security Management and Incident Handling

Popis výsledku anglicky

In this paper, we describe a system for the continuous collection of data for the needs of network security management. When a cybersecurity incident occurs in the network, the contextual information on the involved assets facilitates estimating the severity and impact of the incident and selecting an appropriate incident response. We propose a system based on the combination of active and passive network measurements and the correlation of the data with third-party systems. The system enumerates devices and services in the network and their vulnerabilities via fingerprinting of operating systems and applications. Further, the system pairs the hosts in the network with contacts on responsible administrators and highlights critical infrastructure and its dependencies. The system concentrates all the information required for common incident handling procedures and aims to speed up incident response, reduce the time spent on the manual investigation, and prevent errors caused by negligence or lack of information.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2021

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ARES 2021: The 16th International Conference on Availability, Reliability and Security

ISBN

9781450390514

ISSN

—

e-ISSN

—

Počet stran výsledku

8

Strana od-do

1-8

Název nakladatele

Association for Computing Machinery

Místo vydání

Virtual Event

Místo konání akce

Virtual Event

Datum konání akce

17. 8. 2021

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000749539200084