Fraunhofer-Institut für Angewandte Informationstechnik FIT

Filters

4
2 1
3 1
Reset filters

Settings
Now showing 1 - 4 of 4
  • Publication
    DGA Detection Using Similarity-Preserving Bloom Encodings
    ( 2023)
    Nitz, Lasse orcid-logo
    ;
    Mandal, Avikarsha
    The sanitization of concise data samples can be challenging, as they do not provide a clear distinction between sensitive and non-sensitive parts within individual samples. In this context, traditional sanitization and anonymization measures are not applicable. We consider the detection of algorithmically generated domains through machine learning as an example of such a case, where the benign samples may leak sensitive information. Within this scenario, we evaluate the use of a similarity-preserving Bloom encoding technique to obscure the training samples.
  • Publication
    SASP: a Semantic web-based Approach for management of Sharable cybersecurity Playbooks
    ( 2022-08)
    Akbari Gurabi, Mehdi orcid-logo
    ;
    Mandal, Avikarsha
    ;
    Popanda, Jan
    ;
    Rapp, Robert
    ;
    Decker, Stefan
    In incident management, response and recovery actions are designed to effectively mitigate ongoing or future cyberattacks. A security playbook consists of a pipeline of instructions to document necessary response and recovery actions to deal with a specific type of incident. Since many organisations lack the resources, expertise and know-how to handle incidents, sharing playbooks across organisations could significantly improve their response capabilities against cyberattacks. However, playbooks are often organisation specific and usually not machine-readable, sharable and interoperable. In this work, we propose a semantic web-based approach to capture the knowledge of incident response and recovery steps to support sharing of playbooks based on a standardised and common vocabulary. To further demonstrate our approach, we introduce SASP, a proof-of-concept tool based on Semantic MediaWiki for playbook management. In this paper, we describe the key requirements from incident handlers to share playbooks, SASP architecture design, and its core components and functionalities. We then discuss the results of our user-centric evaluation conducted on members of different Security Operation Centres and the further potential of the solution.
  • Publication
    From Collaboration to Automation: A Proof of Concept for Improved Incident Response
    ( 2022)
    Nitz, Lasse orcid-logo
    ;
    Zadnik, Martin
    ;
    Akbari Gurabi, Mehdi orcid-logo
    ;
    Obrecht, Mischa
    ;
    Mandal, Avikarsha
    Effective incident response relies on taking accurate and timely measures in reaction to cybersecurity incidents. The increase in both the number and variety of cyberattacks, however, makes it challenging for incident handlers to keep up with this task. In the H2020 project SAPPAN, we take a practical look at this problem and explore the sharing of incident handling information, the automation of incident response processes, as well as the relationship between these two topics, to assist human operators in their work.
  • Publication
    Towards Privacy-Preserving Sharing of Cyber Threat Intelligence for Effective Response and Recovery
    ( 2021)
    Nitz, Lasse orcid-logo
    ;
    Akbari Gurabi, Mehdi orcid-logo
    ;
    Mandal, Avikarsha
    ;
    Heitmann, Benjamin
    Many European organisations suffer from a lack of sufficient resources to provide satisfactory and timely response and recovery (R&R) actions when targeted by cyber-attacks. R&R capabilities can be significantly improved through sharing of information related to incident detection and handling. In this context, privacy-preserving technologies can enable data sharing, while protecting privacy- and security-critical information. The technologies to achieve this are being developed and evaluated in the SAPPAN project.