形势意识
计算机科学
计算机安全
脆弱性(计算)
软件部署
过程(计算)
情境伦理学
相(物质)
决策支持系统
控制(管理)
服务(商务)
过程管理
风险分析(工程)
软件工程
业务
人工智能
工程类
法学
化学
有机化学
营销
航空航天工程
操作系统
政治学
作者
Martin Husák,Lukáš Sadlek,Stanislav Špaček,Martin Laštovička,Michal Javorník,Jana Komárková
标识
DOI:10.1016/j.cose.2022.102609
摘要
The growing size and complexity of today's computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.
科研通智能强力驱动
Strongly Powered by AbleSci AI