On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F23%3A00130688" target="_blank" >RIV/00216224:14610/23:00130688 - isvavai.cz</a>

Výsledek na webu

<a href="https://link.springer.com/chapter/10.1007/978-3-031-44355-8_12" target="_blank" >https://link.springer.com/chapter/10.1007/978-3-031-44355-8_12</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-031-44355-8_12" target="_blank" >10.1007/978-3-031-44355-8_12</a>

Jazyk výsledku

angličtina

Název v původním jazyce

On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics

Popis výsledku v původním jazyce

In this paper, we posit how semi-static (i.e., not changing very often) complex computer network-based intelligence using graphbased analytics can become enablers of Cyber Situational Awareness (CSA) (i.e., perception, comprehension, and projection of situations in a cyber environment). A plethora of newly surfaced cyber security researchers have used graph-based analytics to facilitate particular down tasks in dynamic complex cyber environments. This includes graph-, node- and edge-level detection, classification, and others (e.g., credit card fraudulent transactions as an edge classification problem). To the best of our knowledge, very limited efforts have consolidated the outputs of heterogeneous computer network monitoring and reconnaissance tools (e.g., Nmap) in enabling actionable CSA. As such, in this work, we address this literature gap while describing several use cases of graph traversal, graph measures, and subgraph mining in vulnerability and security state assessment, attack projection and mitigation, and device criticality estimation. We highlight the benefits of the graph-based approaches compared to traditional methods. Finally, we postulate open research and application challenges in graph-based analytics for CSA to prompt promising research directions and operational capabilities.

Název v anglickém jazyce

On the Provision of Network-Wide Cyber Situational Awareness via Graph-Based Analytics

Popis výsledku anglicky

In this paper, we posit how semi-static (i.e., not changing very often) complex computer network-based intelligence using graphbased analytics can become enablers of Cyber Situational Awareness (CSA) (i.e., perception, comprehension, and projection of situations in a cyber environment). A plethora of newly surfaced cyber security researchers have used graph-based analytics to facilitate particular down tasks in dynamic complex cyber environments. This includes graph-, node- and edge-level detection, classification, and others (e.g., credit card fraudulent transactions as an edge classification problem). To the best of our knowledge, very limited efforts have consolidated the outputs of heterogeneous computer network monitoring and reconnaissance tools (e.g., Nmap) in enabling actionable CSA. As such, in this work, we address this literature gap while describing several use cases of graph traversal, graph measures, and subgraph mining in vulnerability and security state assessment, attack projection and mitigation, and device criticality estimation. We highlight the benefits of the graph-based approaches compared to traditional methods. Finally, we postulate open research and application challenges in graph-based analytics for CSA to prompt promising research directions and operational capabilities.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10200 - Computer and information sciences

Projekt

<a href="/cs/project/EH22_010%2F0003229" target="_blank" >EH22_010/0003229: MSCAfellow5_MUNI</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Complex Computational Ecosystems

ISBN

9783031443541

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

13

Strana od-do

167-179

Název nakladatele

Springer Nature

Místo vydání

Cham, Switzerland

Místo konání akce

Baku

Datum konání akce

25. 4. 2023

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—