Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Detecting and correlating supranational threats for critical infrastructures

 
: Böttinger, K.; Hansch, G.; Filipovic, B.

Koch, R.:
15th European Conference on Cyber Warfare and Security, ECCWS 2016. Proceedings : Hosted by Universitat der Bundeswehr Munich, Germany 7-8 July 2016
Reading, UK: Academic Conferences and Publishing International Limited, 2016
ISBN: 978-1-9108-1093-4 (Academic Conferences)
ISBN: 978-1-5108-2544-4 (Curran)
S.34-41
European Conference on Cyber Warfare and Security (ECCWS) <15, 2016, Munich>
Englisch
Konferenzbeitrag
Fraunhofer AISEC ()

Abstract
As critical infrastructures have become strategic targets for advanced cyber-attacks, we face the severe challenge to provide new defense technologies for their protection. We propose a distributed supranational architecture for detection, classification, and mitigation of highly sophisticated cyber incidents targeted simultaneously at multiple critical infrastructures. We build upon a three layered architecture comprised of Security Operations Centres at organizational (O-SOC), national (N-SOC), and European (E-SOC) level using IDS and SIEM solutions. In our approach we combine machine learning and automatic ontological reasoning: First, we apply methods from the field of machine learning to analyse threat indicators of different granularity. This provides classification of very specific observables collected at compromised sites. Second, we perform ontological analysis to identify large scale correlations within an incident knowledge graph.

: http://publica.fraunhofer.de/dokumente/N-422824.html