TUM Logo

Detecting and correlating supranational threats for critical infrastructures

As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.

Detecting and correlating supranational threats for critical infrastructures

15th European Conference on Cyber Warfare and Security

Authors: Konstantin Böttinger, Gerhard Hansch, and Bartol Filipovic
Year/month: 2016/7
Booktitle: 15th European Conference on Cyber Warfare and Security
Pages: 34-41
Address: Universitat der Bundeswehr Munich, Germany
Fulltext:

Abstract

As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.

Bibtex:

@inproceedings { eu_ec_2016_1,
author = { Konstantin Böttinger and Gerhard Hansch and Bartol Filipovic},
title = { Detecting and correlating supranational threats for critical infrastructures },
year = { 2016 },
month = { July },
booktitle = { 15th European Conference on Cyber Warfare and Security },
address = { Universitat der Bundeswehr Munich, Germany },
pages = { 34-41 },

}