Vše

Co hledáte?

Vše
Projekty
Výsledky výzkumu
Subjekty

Rychlé hledání

  • Projekty podpořené TA ČR
  • Významné projekty
  • Projekty s nejvyšší státní podporou
  • Aktuálně běžící projekty

Chytré vyhledávání

  • Takto najdu konkrétní +slovo
  • Takto z výsledků -slovo zcela vynechám
  • “Takto můžu najít celou frázi”
CS
ČeštinaEnglish

CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

Identifikátory výsledku

  • Kód výsledku v IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00125183" target="_blank" >RIV/00216224:14610/22:00125183 - isvavai.cz</a>

  • Výsledek na webu

    <a href="https://www.sciencedirect.com/science/article/pii/S0167404822000086" target="_blank" >https://www.sciencedirect.com/science/article/pii/S0167404822000086</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1016/j.cose.2022.102609" target="_blank" >10.1016/j.cose.2022.102609</a>

Alternativní jazyky

  • Jazyk výsledku

    angličtina

  • Název v původním jazyce

    CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

  • Popis výsledku v původním jazyce

    The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.

  • Název v anglickém jazyce

    CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

  • Popis výsledku anglicky

    The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.

Klasifikace

  • Druh

    J<sub>imp</sub> - Článek v periodiku v databázi Web of Science

  • CEP obor

  • OECD FORD obor

    10200 - Computer and information sciences

Návaznosti výsledku

  • Projekt

    <a href="/cs/project/EF16_019%2F0000822" target="_blank" >EF16_019/0000822: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur</a><br>

  • Návaznosti

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Ostatní

  • Rok uplatnění

    2022

  • Kód důvěrnosti údajů

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Údaje specifické pro druh výsledku

  • Název periodika

    Computers & Security

  • ISSN

    0167-4048

  • e-ISSN

  • Svazek periodika

    115

  • Číslo periodika v rámci svazku

    April

  • Stát vydavatele periodika

    NL - Nizozemsko

  • Počet stran výsledku

    19

  • Strana od-do

    1-19

  • Kód UT WoS článku

    000754601100005

  • EID výsledku v databázi Scopus

    2-s2.0-85123054280

Podobné výsledky(10)

CRUSOE: Data Model for Cyber Situation AwarenessSoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network SecurityCyber Situation Awareness via IP Flow Monitoring