Options
2016
Conference Paper
Titel
Detecting and correlating supranational threats for critical infrastructures
Abstract
As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.