Lessons Learned from Automated Sharing of Intrusion Detection Alerts: The Case of the SABU Platform

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F23%3A10133583" target="_blank" >RIV/63839172:_____/23:10133583 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/00216224:14610/23:00131331

Výsledek na webu

<a href="https://dl.acm.org/doi/10.1145/3611391" target="_blank" >https://dl.acm.org/doi/10.1145/3611391</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3611391" target="_blank" >10.1145/3611391</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Lessons Learned from Automated Sharing of Intrusion Detection Alerts: The Case of the SABU Platform

Popis výsledku v původním jazyce

Sharing the alerts from intrusion detection systems among multiple computer networks and organizations allows for seeing the &quot;big picture&quot; of the network security situation and improves the capabilities of cyber incident response. However, such a task requires a number of technical and non-technical issues to be resolved, from data collection and distribution to proper categorization, data quality management, and issues of trust and privacy. In this field note, we illustrate the concepts and provide lessons learned on the example of SABU, an alert sharing and analysis platform used by academia and partner organizations in the Czech Republic. We discuss the initial willingness to share the data that was later weakened by the uncertainties around personal data protection, the issues of high volume and low quality of the data that prevented their straightforward use, and that the management of the community is a more severe issue than the technical implementation of alert sharing.

Název v anglickém jazyce

Lessons Learned from Automated Sharing of Intrusion Detection Alerts: The Case of the SABU Platform

Popis výsledku anglicky

Sharing the alerts from intrusion detection systems among multiple computer networks and organizations allows for seeing the &quot;big picture&quot; of the network security situation and improves the capabilities of cyber incident response. However, such a task requires a number of technical and non-technical issues to be resolved, from data collection and distribution to proper categorization, data quality management, and issues of trust and privacy. In this field note, we illustrate the concepts and provide lessons learned on the example of SABU, an alert sharing and analysis platform used by academia and partner organizations in the Czech Republic. We discuss the initial willingness to share the data that was later weakened by the uncertainties around personal data protection, the issues of high volume and low quality of the data that prevented their straightforward use, and that the management of the community is a more severe issue than the technical implementation of alert sharing.

Druh

J_SC - Článek v periodiku v databázi SCOPUS

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Digital Threats: Research and Practice

ISSN

2576-5337

e-ISSN

—

Svazek periodika

4

Číslo periodika v rámci svazku

4

Stát vydavatele periodika

US - Spojené státy americké

Počet stran výsledku

11

Strana od-do

1-11

Kód UT WoS článku

—

EID výsledku v databázi Scopus

2-s2.0-85171407569