Cited By
View all- Maezo RRey A(2023)Boosted CSIRT with AI powered open source framework2023 JNIC Cybersecurity Conference (JNIC)10.23919/JNIC58574.2023.10205787(1-8)Online publication date: 21-Jun-2023
System for Continuous Collection of Contextual Information for Network Security Management and Incident Handling
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security
Article No.: 112, Pages 1 - 8
Abstract
In this paper, we describe a system for the continuous collection of data for the needs of network security management. When a cybersecurity incident occurs in the network, the contextual information on the involved assets facilitates estimating the severity and impact of the incident and selecting an appropriate incident response. We propose a system based on the combination of active and passive network measurements and the correlation of the data with third-party systems. The system enumerates devices and services in the network and their vulnerabilities via fingerprinting of operating systems and applications. Further, the system pairs the hosts in the network with contacts on responsible administrators and highlights critical infrastructure and its dependencies. The system concentrates all the information required for common incident handling procedures and aims to speed up incident response, reduce the time spent on the manual investigation, and prevent errors caused by negligence or lack of information.
References
[1]
Robin Berthier, Michel Cukier, Matti Hiltunen, Dave Kormann, Gregg Vesonder, and Dan Sheleheda. 2010. Nfsight: NetFlow-based Network Awareness Tool. In Proceedings of LISA’10: 24th Large Installation System Administration Conference. 119–134.
[2]
Paul Cichonski, Tom Millar, Tim Grance, and Karen Scarfone. 2012. Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800, 61 (2012), 1–147.
[3]
Mica R. Endsley. 1995. Toward a Theory of Situation Awareness in Dynamic Systems. Human Factors 37, 1 (1995), 32–64.
[4]
Antti Evesti, Teemu Kanstrén, Tapio Frantti, Teemu Kanstren, and Tapio Frantti. 2017. Cybersecurity Situational Awareness Taxonomy. In 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA). IEEE.
[5]
Rick Hofstede, Pavel Čeleda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, and Aiko Pras. 2014. Flow Monitoring Explained: From Packet Capture to Data Analysis with NetFlow and IPFIX. IEEE Communications Surveys & Tutorials 16, 4 (2014), 2037–2064.
[6]
Martin Husák, Tomáš Jirsík, and Shanchieh Jay Yang. 2020. SoK: Contemporary Issues and Challenges to Enable Cyber Situational Awareness for Network Security. In Proceedings of the 15th International Conference on Availability, Reliability and Security (Virtual Event, Ireland). ACM, Article 2, 10 pages.
[7]
Sushil Jajodia, Peng Liu, Vipin Swarup, and Cliff Wang. 2010. Cyber situational awareness. Vol. 14. Springer.
[8]
S. Jajodia, S. Noel, P. Kalapa, M. Albanese, and J. Williams. 2011. Cauldron Mission-centric Cyber Situational Awareness with Defense in Depth. In 2011 - MILCOM 2011 Military Communications Conference. 1339–1344.
[9]
Jana Komárková, Martin Husák, Martin Laštovička, and Daniel Tovarňák. 2018. CRUSOE: Data Model for Cyber Situational Awareness. In Proceedings of the 13th International Conference on Availability, Reliability and Security. ACM, Article 36, 10 pages.
[10]
Alexander Kott, Norbou Buchler, and Kristin E. Schaefer. 2014. Cyber Defense and Situational Awareness. Vol. 62. Springer. 29–45 pages.
[11]
Patrick Kral. 2012. The Incident Handler’s Handbook. https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901.
[12]
Kiran Lakkaraju, William Yurcik, and Adam J. Lee. 2004. NVisionIP: Netflow Visualizations of System State for Security Situational Awareness. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (Washington DC, USA). ACM, 65–72.
[13]
Martin Lastovicka, Tomas Jirsik, Pavel Celeda, Stanislav Spacek, and Daniel Filakovsky. 2018. Passive OS fingerprinting methods in the jungle of wireless networks. In 2018 IEEE/IFIP Network Operations and Management Symposium.
[14]
Martin Laštovička, Antonín Dufka, and Jana Komárková. 2018. Machine Learning Fingerprinting Methods in Cyber Security Domain: Which one to Use?. In 2018 14th International Wireless Communications Mobile Computing Conference (IWCMC). 542–547.
[15]
Martin Laštovička, Martin Husák, and Lukáš Sadlek. 2020. Network Monitoring and Enumerating Vulnerabilities in Large Heterogeneous Networks. In 2020 IEEE/IFIP Network Operations and Management Symposium.
[16]
Martin Laštovička, Stanislav Špaček, Petr Velan, and Pavel Čeleda. 2020. Using TLS Fingerprints for OS Identification in Encrypted Traffic. In 2020 IEEE/IFIP Network Operations and Management Symposium.
[17]
Xiaowu Liu, Huiqiang Wang, Jibao Lai, and Ying Liang. 2007. Network security situation awareness model based on heterogeneous multi-sensor data fusion. In 2007 22nd international symposium on computer and information sciences.
[18]
Gordon Fyodor Lyon. 2008. Nmap network scanning: The official Nmap project guide to network discovery and security scanning. Insecure. Com LLC (US).
[19]
Miroslaw Maj, Roeland Reijers, and Don Stikvoort. 2010. Good Practice Guide for Incident Management. https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management.
[20]
Tamsin Moye, Reginald Sawilla, Rodney Sullivan, and Philippe Lagadec. 2015. Cyber Defence Situational Awareness Demonstration/Request for Information (RFI) from Industry and Government (CO-14068-MNCD2). NCI Agency Acquisition(2015).
[21]
S. Noel, E. Harley, K. H. Tam, M. Limiero, and M. Share. 2016. CyGraph: Graph-Based Analytics and Visualization for Cybersecurity. Handbook of Statistics 35 (2016), 117–167.
[22]
Muhammad Fahad Umer, Muhammad Sher, and Yaxin Bi. 2017. Flow-based intrusion detection: Techniques and challenges. Computers & Security 70(2017), 238–254.
[23]
Xiaoxin Yin, William Yurcik, Michael Treaster, Yifan Li, and Kiran Lakkaraju. 2004. VisFlowConnect: Netflow Visualizations of Link Relationships for Security Situational Awareness. In Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security (Washington DC, USA). ACM, 26–34.
[24]
Robert Zager and John Zager. 2017. OODA loops in cyberspace: A new cyber-defense model. Small Wars Journal 20, 11 (21 October 2017).
Recommendations
SoK: Applications and Challenges of using Recommender Systems in Cybersecurity Incident Handling and Response
ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and SecurityIncident handling, a fundamental activity of a cybersecurity incident response team, is a complex discipline that consumes a significant amount of personnel’s time and costs. There are continuous efforts to facilitate incident handling and response in ...
Incident handling: an orderly response to unexpected events
SIGUCCS '03: Proceedings of the 31st annual ACM SIGUCCS fall conferenceComputer viruses, worms, denial of service attacks, equipment failures, vandalism, theft and other unwelcome events can send your computer services staff scrambling and cause a variety of problems for your user community. Even the least of these ...
Comments
Information & Contributors
Information
Published In
August 2021
1447 pages
ISBN:9781450390514
DOI:10.1145/3465481
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 17 August 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ARES 2021
ARES 2021: The 16th International Conference on Availability, Reliability and Security
August 17 - 20, 2021
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 167Total Downloads
- Downloads (Last 12 months)20
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Oct 2024
Other Metrics
Citations
Cited By
View all- Maezo RRey A(2023)Boosted CSIRT with AI powered open source framework2023 JNIC Cybersecurity Conference (JNIC)10.23919/JNIC58574.2023.10205787(1-8)Online publication date: 21-Jun-2023
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format