Adjustable Fusion to Support Cyber Security Operators - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2015

Adjustable Fusion to Support Cyber Security Operators

Résumé

Cyber security operators use Security Information and Event Management systems to process and summarize the huge amount of heterogeneous logs and alerts. However, these systems do not give to the operator a concise view of the attack status or context, a mandatory feature to understand and remediate properly a threat. Moreover, the number of alerts to analyze for a single information system is high, and thus requires to be split into several levels of responsibility distributed among several operators. This layered security monitoring implies a decision problem as well as an automation problem tackled in this paper with the support of an attack graph-based feature. An attack graph is a risk assessment model that accurately describes, in a concise way, the threats on an information system. In this article, we describe how an attack graph can be used for pattern searching and fusion algorithms, in order to add context to the alerts. We also present recommendations for designing future interactive application based on adjustable fusion and a risk assessment model, for cyber security monitoring.
Fichier principal
Vignette du fichier
Adjustable Fusion to support Cybersecurity Operators_v1.pdf (354.92 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01191516 , version 1 (02-09-2015)

Identifiants

  • HAL Id : hal-01191516 , version 1

Citer

François-Xavier Aguessy, Olivier Bettan, Romuald Dobigny, Claire Laudy, Gaëlle Lortal, et al.. Adjustable Fusion to Support Cyber Security Operators. HAS 2015, Held as Part of HCI International 2015, Aug 2015, Los Angeles, California, United States. pp 143-153. ⟨hal-01191516⟩
90 Consultations
130 Téléchargements

Partager

Gmail Facebook X LinkedIn More