Deliverables Documents, reports (14) Reference architecture and integration plan This deliverable documents the DiSIEM reference architecture and how the contributions devised in work packages 3-5 will be integrated in existing SIEM systems. This report will be the main results from T2.2 and T2.3. Validation plan Definition of the methodology and criteria for validating the components considering the different environments provided by EDP, Amadeus and ATOS. This deliverable will be the main result of T7.1. Preliminary architecture and service model of infrastructure enhancements This deliverable presents a detailed description of the design and underlying assumptions of the components developed in the work package. This represents the partial results of T6.1, T6.2 and T6.3. Probabilistic modelling of diversity for security and of security trends This deliverable presents a detailed analysis of developed, evaluation and validation of the probabilistic models in T3.2. This deliverable will be the main result of task T3.2. Refinements of the models and metrics based on pilot deployments This deliverable presents the updates and refinements of the models and metrics defined in D3.1 and D3.2 based on feedback received from deployments in WP7. This deliverable will be the main result of task T3.3. Internal and external IT communication infrastructure The external IT communication infrastructure constitutes a guideline for communication of the DiSIEM project to external target groups including conferences, marketing measures and communication channels. Furthermore this deliverable constitutes the launch of the internal DiSIEM communication infrastructure including the establishment of mailing lists, an internal file repository (with version control), and the project website. This deliverable is marked with nature “DEC” and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievement of this deliverable. This deliverable will be a first initial result of T8.1. Data management plan This deliverable will establish the main elements of the data management policy that will be used by the applications with regard to all the datasets that will be gathered, generated and used by the project. Such datasets are fundamental for the DiSIEM project, as most of its components aim to extract useful information from big data (collected events, open-source intelligence, etc.) The data management plan is not a fixed document, but evolves during the lifespan of the project. More developed versions of the plan can therefore be included as additional deliverables at later stages. According to the Guidelines on Data Management in H2020, the data management plan should address data set reference and name, data set description, standards and metadata, data sharing and archiving and preservation (including storage and backup) on a dataset by dataset basis and should reflect the current status of reflection within the consortium about the data that will be produced. Visualisation system infrastructure and requirement analysis This report includes results that will inform and enable later stages of visualisation related developments. This deliverable will be the main result of task T5.1 Techniques and tools for OSINT-based threat analysis This deliverable presents an in-depth analysis of the security-related OSINT data sources and how the information from these sources can be extracted, including a description of tools and methods that can be employed for this. It will also contain some initial study of the models and techniques that can be used to process OSINT data for predicting threats against a given organisation. This deliverable will report the main results of T4.1 and some preliminary results of T4.2. OSINT data fusion and analysis architecture This deliverable describes the machine learning techniques and tools used to analyse the OSINT information to identify security-related trends and predict threats to the managed infrastructure. This includes detailed models and algorithms to be implemented on OSINT-based threat predictors. This deliverable will be the main result of T4.2. Results of the competition on machine learning for security This will report the results of the two iterations of the threat prediction machine learning competition that will be organized by the consortium and sponsored by the project. This document should report everything about the competition, including technical details about the wining algorithms and what was learned at the end. In-depth analysis of SIEMs extensibility This deliverable will present an indepth analysis of the state of the art in SIEM systems, with particular focus on how such systems can be extended with custom connectors and new event visualisation tools. D2.1 will be the main result from T2.1. Risk assessment plan The Risk assessment plan will include a Critical Path Analysis (CPA) of the main project activities, identifying risk points, and procedures to deal with them. This deliverable is also a result from T9.1. Security metrics and measurements This deliverable presents a detailed analysis of the reviewed security metrics and defines the metrics that we plan to integrate in the SIEMs. This deliverable will be the main result of task T3.1 Other (1) Project quality plan "The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners. This deliverable is marked with nature ""OTHER"" (software, technical diagram, etc.) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievements of the deliverable. This is a result from T9.1." Demonstrators, pilots, prototypes (2) Fully operating, integrated visualisation system with diverse SIEMs This deliverable will encompass all the visualisation related modules that work in harmony with the underlying systems and fulfill all the functionalities required. This deliverable will be the main result of task T5.2, T5.3 and T5.4. Early-stage prototypes The prototype will provide the proof-of-concept and will be later used in evaluation activities. Also, interactive visualisation system where the visualisations are operating in a linked, expendable fashion. This deliverable will be the main result of tasks T5.2 and T5.3. Publications Conference proceedings (10) A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis Author(s): Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko and Olivier Thonnard Published in: 8th Int. EuroVis Workshop on Visual Analytics - EuroVA 2017, 2017 Publisher: Eurographics DL DOI: 10.2312/eurova.20171122 A Resilient Stream Learning Intrusion Detection Mechanism for Real-Time Analysis of Network Traffic Author(s): Eduardo Viegas, Altair Santin, Nuno Neves, Alysson Bessani, Vilmar Abreu Published in: GLOBECOM 2017 - 2017 IEEE Global Communications Conference, 2017, Page(s) 1-6, ISBN 978-1-5090-5019-2 Publisher: IEEE DOI: 10.1109/GLOCOM.2017.8254495 Threat Intelligence – Improving SIEM cybercriminality awareness using information from IP blacklists Author(s): João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues Published in: eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, 2017 Publisher: APWG.EU Lazarus - Automatic Management of Diversity in BFT Systems Author(s): Miguel Garcia, Alysson Bessani, Nuno Neves Published in: Proceedings of the 20th International Middleware Conference on - Middleware '19, 2019, Page(s) 241-254, ISBN 9781-450370097 Publisher: ACM Press DOI: 10.1145/3361525.3361550 Cyberthreat Detection from Twitter using Deep Neural Networks Author(s): Nuno Dionisio, Fernando Alves, Pedro M. Ferreira, Alysson Bessani Published in: 2019 International Joint Conference on Neural Networks (IJCNN), 2019, Page(s) 1-8, ISBN 978-1-7281-1985-4 Publisher: IEEE DOI: 10.1109/ijcnn.2019.8852475 PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT Author(s): Rui Azevedo, Iberia Medeiros, Alysson Bessani Published in: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, Page(s) 483-490, ISBN 978-1-7281-2777-4 Publisher: IEEE DOI: 10.1109/trustcom/bigdatase.2019.00071 User Behavior Map: Visual Exploration for Cyber Security Session Data Author(s): Siming Chen, Shuai Chen, Natalia Andrienko, Gennady Andrienko, Phong H. Nguyen, Cagatay Turkay, Olivier Thonnard, Xiaoru Yuan Published in: 2018 IEEE Symposium on Visualization for Cyber Security (VizSec), 2018, Page(s) 1-4, ISBN 978-1-5386-8194-7 Publisher: IEEE DOI: 10.1109/vizsec.2018.8709223 Detecting Malicious Web Scraping Activity: A Study with Diverse Detectors Author(s): Pedro Marques, Zayani Dabbabi, Miruna-Mihaela Mironescu, Olivier Thonnard, Alysson Bessani, Frances Buontempo, Ilir Gashi Published in: 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), 2018, Page(s) 269-278, ISBN 978-1-5386-5700-3 Publisher: IEEE DOI: 10.1109/prdc.2018.00049 Detecting Network Threats using OSINT Knowledge-Based IDS Author(s): Ivo Vacas, Iberia Medeiros, Nuno Neves Published in: 2018 14th European Dependable Computing Conference (EDCC), 2018, Page(s) 128-135, ISBN 978-1-5386-8060-5 Publisher: IEEE DOI: 10.1109/edcc.2018.00031 FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data Using Network Flows Author(s): Luis Sacramento, Iberia Medeiros, Joao Bota, Miguel Correia Published in: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, Page(s) 567-572, ISBN 978-1-5386-4388-4 Publisher: IEEE DOI: 10.1109/trustcom/bigdatase.2018.00086 Thesis and dissertations (9) Geração Automática de Conhecimento para SDI extraído de OSINTs Author(s): Ivo Vacas Published in: Master Thesis, Issue 1, 2017 Publisher: Faculdade de Ciências Universidade de Lisboa Threat intelligence: using osint and security metrics to enhance siem capabilities Author(s): Alves, João Paulo Martins José Teixeira Published in: Master Thesis, Issue 1, 2017 Publisher: Faculdade de Ciências Universidade de Lisboa Cyberthreat Discovery in Open Source Intelligence using Deep Learning Techniques Author(s): Eunice Branco Published in: Master Thesis, Issue 1, 2017 Publisher: Faculdade de Ciências Universidade de Lisboa A multi-level model for risk assessment in SIEM Author(s): Luis M. Ferreira Published in: Master Thesis, Issue 1, 2017 Publisher: Faculdade de Ciências Universidade de Lisboa Assessment on the effectiveness of design diversity for network security and monitoring Author(s): Marques, Pedro Daniel Magalhães Published in: Master Thesis, Issue 1, 2018 Publisher: Faculdade de Ciências Universidade de Lisboa Threat detection in SIEM considering risk assessment Author(s): Osório, Ana Mafalda Silva Published in: Master Thesis, Issue 1, 2018 Publisher: Faculdade de Ciências Universidade de Lisboa Improving cyberthreat discovery in open source intelligence using deep learning techniques Author(s): Dionísio, Nuno Rafael Marques Published in: Master Thesis, Issue 1, 2018 Publisher: Faculdade de Ciências Universidade de Lisboa Leveraging OSINT to Improve Threat Intelligence Quality Author(s): Rui Azevedo Published in: Master Thesis, Issue 1, 2018 Publisher: Faculdade de Ciências da Universidade de Lisboa Diverse Intrusion-tolerant Systems Author(s): Miguel Garcia Tavares Henriques Published in: PhD Thesis, Issue 1, 2019 Publisher: Faculdade de Ciências da Universidade de Lisboa Peer reviewed articles (7) Understanding User Behaviour through Action Sequences: From the Usual to the Unusual Author(s): Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko, Olivier Thonnard, Jihane Zouaoui Published in: IEEE Transactions on Visualization and Computer Graphics, Issue 25/9, 2019, Page(s) 2838-2852, ISSN 1077-2626 Publisher: Institute of Electrical and Electronics Engineers DOI: 10.1109/TVCG.2018.2859969 Vulnerability prediction capability: A comparison between vulnerability discovery models and neural network models Author(s): Yazdan Movahedi, Michel Cukier, Ilir Gashi Published in: Computers & Security, Issue 87, 2019, Page(s) 101596, ISSN 0167-4048 Publisher: Pergamon Press Ltd. DOI: 10.1016/j.cose.2019.101596 VASABI: Hierarchical User Profiles for Interactive Visual User Behaviour Analytics Author(s): Phong H. Nguyen, Rafael Henkin, Siming Chen, Natalia Andrienko, Gennady Andrienko, Olivier Thonnard, Cagatay Turkay Published in: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626 Publisher: Institute of Electrical and Electronics Engineers DOI: 10.1109/tvcg.2019.2934609 CHARON: A Secure Cloud-of-Clouds System for Storing and Sharing Big Data Author(s): Ricardo Mendes, Tiago Oliveira, Vinicius Vielmo Cogo, Nuno Ferreira Neves, Alysson Neves Bessani Published in: IEEE Transactions on Cloud Computing, 2019, Page(s) 1-1, ISSN 2168-7161 Publisher: Institute of Electrical and Electronics Engineers Inc. DOI: 10.1109/tcc.2019.2916856 BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks Author(s): Eduardo Viegas, Altair Santin, Alysson Bessani, Nuno Neves Published in: Future Generation Computer Systems, Issue 93, 2019, Page(s) 473-485, ISSN 0167-739X Publisher: Elsevier BV DOI: 10.1016/j.future.2018.09.051 Cluster-based vulnerability assessment of operating systems and web browsers Author(s): Yazdan Movahedi, Michel Cukier, Ambrose Andongabo, Ilir Gashi Published in: Computing, Issue 101/2, 2019, Page(s) 139-160, ISSN 0010-485X Publisher: Springer Verlag DOI: 10.1007/s00607-018-0663-0 LDA Ensembles for Interactive Exploration and Categorization of Behaviors Author(s): Siming Chen, Natalia Andrienko, Gennady Andrienko, Linara Adilova, Jeremie Barlet, Joerg Kindermann, Phong Hai Nguyen, Olivier Thonnard, Cagatay Turkay Published in: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626 Publisher: Institute of Electrical and Electronics Engineers DOI: 10.1109/tvcg.2019.2904069 Book chapters (1) Diversity in Open Source Intrusion Detection Systems Author(s): Hafizul Asad, Ilir Gashi Published in: Developments in Language Theory - 22nd International Conference, DLT 2018, Tokyo, Japan, September 10-14, 2018, Proceedings, Issue 11088, 2018, Page(s) 267-281, ISBN 978-3-319-98653-1 Publisher: Springer International Publishing DOI: 10.1007/978-3-319-99130-6_18 Searching for OpenAIRE data... There was an error trying to search data from OpenAIRE No results available
