Skip to main content

Research Repository

Advanced Search

RicherPicture: Semi-automated cyber defence using context-aware data analytics

Erola, Arnau; Agrafiotis, Ioannis; Happa, Jassim; Goldsmith, Michael; Creese, Sadie; Legg, Philip

Authors

Arnau Erola

Ioannis Agrafiotis

Jassim Happa

Michael Goldsmith

Sadie Creese



Abstract

In a continually evolving cyber-threat landscape, the detection and prevention of cyber attacks has become a complex task. Technological developments have led organisations to digitise the majority of their operations. This practice, however, has its perils, since cybespace offers a new attack-surface. Institutions which are tasked to protect organisations from these threats utilise mainly network data and their incident response strategy remains oblivious to the needs of the organisation when it comes to protecting operational aspects. This paper presents a system able to combine threat intelligence data, attack-trend data and organisational data (along with other data sources available) in order to achieve automated network-defence actions. Our approach combines machine learning, visual analytics and information from business processes to guide through a decision- making process for a Security Operation Centre environment. We test our system on two synthetic scenarios and show that correlating network data with non-network data for automated network defences is possible and worth investigating further.

Citation

Erola, A., Agrafiotis, I., Happa, J., Goldsmith, M., Creese, S., & Legg, P. (2017, June). RicherPicture: Semi-automated cyber defence using context-aware data analytics. Paper presented at International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2017), London

Presentation Conference Type Conference Paper (unpublished)
Conference Name International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2017)
Conference Location London
Start Date Jun 19, 2017
End Date Jun 20, 2017
Acceptance Date Mar 30, 2017
Publication Date Jun 19, 2017
Publicly Available Date Mar 29, 2024
Peer Reviewed Peer Reviewed
Public URL https://uwe-repository.worktribe.com/output/885894
Additional Information Title of Conference or Conference Proceedings : International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA 2017)