Skip to main content
European Commission logo
français français
CORDIS - Résultats de la recherche de l’UE
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary

Diversity Enhancements for SIEMs

Livrables

Reference architecture and integration plan

This deliverable documents the DiSIEM reference architecture and how the contributions devised in work packages 3-5 will be integrated in existing SIEM systems. This report will be the main results from T2.2 and T2.3.

Validation plan

Definition of the methodology and criteria for validating the components considering the different environments provided by EDP, Amadeus and ATOS. This deliverable will be the main result of T7.1.

Preliminary architecture and service model of infrastructure enhancements

This deliverable presents a detailed description of the design and underlying assumptions of the components developed in the work package. This represents the partial results of T6.1, T6.2 and T6.3.

Probabilistic modelling of diversity for security and of security trends

This deliverable presents a detailed analysis of developed, evaluation and validation of the probabilistic models in T3.2. This deliverable will be the main result of task T3.2.

Refinements of the models and metrics based on pilot deployments

This deliverable presents the updates and refinements of the models and metrics defined in D3.1 and D3.2 based on feedback received from deployments in WP7. This deliverable will be the main result of task T3.3.

Internal and external IT communication infrastructure

The external IT communication infrastructure constitutes a guideline for communication of the DiSIEM project to external target groups including conferences, marketing measures and communication channels. Furthermore this deliverable constitutes the launch of the internal DiSIEM communication infrastructure including the establishment of mailing lists, an internal file repository (with version control), and the project website. This deliverable is marked with nature “DEC” and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievement of this deliverable. This deliverable will be a first initial result of T8.1.

Data management plan

This deliverable will establish the main elements of the data management policy that will be used by the applications with regard to all the datasets that will be gathered, generated and used by the project. Such datasets are fundamental for the DiSIEM project, as most of its components aim to extract useful information from big data (collected events, open-source intelligence, etc.) The data management plan is not a fixed document, but evolves during the lifespan of the project. More developed versions of the plan can therefore be included as additional deliverables at later stages. According to the Guidelines on Data Management in H2020, the data management plan should address data set reference and name, data set description, standards and metadata, data sharing and archiving and preservation (including storage and backup) on a dataset by dataset basis and should reflect the current status of reflection within the consortium about the data that will be produced.

Visualisation system infrastructure and requirement analysis

This report includes results that will inform and enable later stages of visualisation related developments. This deliverable will be the main result of task T5.1

Techniques and tools for OSINT-based threat analysis

This deliverable presents an in-depth analysis of the security-related OSINT data sources and how the information from these sources can be extracted, including a description of tools and methods that can be employed for this. It will also contain some initial study of the models and techniques that can be used to process OSINT data for predicting threats against a given organisation. This deliverable will report the main results of T4.1 and some preliminary results of T4.2.

OSINT data fusion and analysis architecture

This deliverable describes the machine learning techniques and tools used to analyse the OSINT information to identify security-related trends and predict threats to the managed infrastructure. This includes detailed models and algorithms to be implemented on OSINT-based threat predictors. This deliverable will be the main result of T4.2.

Results of the competition on machine learning for security

This will report the results of the two iterations of the threat prediction machine learning competition that will be organized by the consortium and sponsored by the project. This document should report everything about the competition, including technical details about the wining algorithms and what was learned at the end.

In-depth analysis of SIEMs extensibility

This deliverable will present an indepth analysis of the state of the art in SIEM systems, with particular focus on how such systems can be extended with custom connectors and new event visualisation tools. D2.1 will be the main result from T2.1.

Risk assessment plan

The Risk assessment plan will include a Critical Path Analysis (CPA) of the main project activities, identifying risk points, and procedures to deal with them. This deliverable is also a result from T9.1.

Security metrics and measurements

This deliverable presents a detailed analysis of the reviewed security metrics and defines the metrics that we plan to integrate in the SIEMs. This deliverable will be the main result of task T3.1

Project quality plan

"The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners. This deliverable is marked with nature ""OTHER"" (software, technical diagram, etc.) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievements of the deliverable. This is a result from T9.1."

Fully operating, integrated visualisation system with diverse SIEMs

This deliverable will encompass all the visualisation related modules that work in harmony with the underlying systems and fulfill all the functionalities required. This deliverable will be the main result of task T5.2, T5.3 and T5.4.

Early-stage prototypes

The prototype will provide the proof-of-concept and will be later used in evaluation activities. Also, interactive visualisation system where the visualisations are operating in a linked, expendable fashion. This deliverable will be the main result of tasks T5.2 and T5.3.

Publications

A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis

Auteurs: Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko and Olivier Thonnard
Publié dans: 8th Int. EuroVis Workshop on Visual Analytics - EuroVA 2017, 2017
Éditeur: Eurographics DL
DOI: 10.2312/eurova.20171122

A Resilient Stream Learning Intrusion Detection Mechanism for Real-Time Analysis of Network Traffic

Auteurs: Eduardo Viegas, Altair Santin, Nuno Neves, Alysson Bessani, Vilmar Abreu
Publié dans: GLOBECOM 2017 - 2017 IEEE Global Communications Conference, 2017, Page(s) 1-6, ISBN 978-1-5090-5019-2
Éditeur: IEEE
DOI: 10.1109/GLOCOM.2017.8254495

Threat Intelligence – Improving SIEM cybercriminality awareness using information from IP blacklists

Auteurs: João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues
Publié dans: eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, 2017
Éditeur: APWG.EU

Lazarus - Automatic Management of Diversity in BFT Systems

Auteurs: Miguel Garcia, Alysson Bessani, Nuno Neves
Publié dans: Proceedings of the 20th International Middleware Conference on - Middleware '19, 2019, Page(s) 241-254, ISBN 9781-450370097
Éditeur: ACM Press
DOI: 10.1145/3361525.3361550

Cyberthreat Detection from Twitter using Deep Neural Networks

Auteurs: Nuno Dionisio, Fernando Alves, Pedro M. Ferreira, Alysson Bessani
Publié dans: 2019 International Joint Conference on Neural Networks (IJCNN), 2019, Page(s) 1-8, ISBN 978-1-7281-1985-4
Éditeur: IEEE
DOI: 10.1109/ijcnn.2019.8852475

PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT

Auteurs: Rui Azevedo, Iberia Medeiros, Alysson Bessani
Publié dans: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, Page(s) 483-490, ISBN 978-1-7281-2777-4
Éditeur: IEEE
DOI: 10.1109/trustcom/bigdatase.2019.00071

User Behavior Map: Visual Exploration for Cyber Security Session Data

Auteurs: Siming Chen, Shuai Chen, Natalia Andrienko, Gennady Andrienko, Phong H. Nguyen, Cagatay Turkay, Olivier Thonnard, Xiaoru Yuan
Publié dans: 2018 IEEE Symposium on Visualization for Cyber Security (VizSec), 2018, Page(s) 1-4, ISBN 978-1-5386-8194-7
Éditeur: IEEE
DOI: 10.1109/vizsec.2018.8709223

Detecting Malicious Web Scraping Activity: A Study with Diverse Detectors

Auteurs: Pedro Marques, Zayani Dabbabi, Miruna-Mihaela Mironescu, Olivier Thonnard, Alysson Bessani, Frances Buontempo, Ilir Gashi
Publié dans: 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), 2018, Page(s) 269-278, ISBN 978-1-5386-5700-3
Éditeur: IEEE
DOI: 10.1109/prdc.2018.00049

Detecting Network Threats using OSINT Knowledge-Based IDS

Auteurs: Ivo Vacas, Iberia Medeiros, Nuno Neves
Publié dans: 2018 14th European Dependable Computing Conference (EDCC), 2018, Page(s) 128-135, ISBN 978-1-5386-8060-5
Éditeur: IEEE
DOI: 10.1109/edcc.2018.00031

FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data Using Network Flows

Auteurs: Luis Sacramento, Iberia Medeiros, Joao Bota, Miguel Correia
Publié dans: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, Page(s) 567-572, ISBN 978-1-5386-4388-4
Éditeur: IEEE
DOI: 10.1109/trustcom/bigdatase.2018.00086

Geração Automática de Conhecimento para SDI extraído de OSINTs

Auteurs: Ivo Vacas
Publié dans: Master Thesis, Numéro 1, 2017
Éditeur: Faculdade de Ciências Universidade de Lisboa

Threat intelligence: using osint and security metrics to enhance siem capabilities

Auteurs: Alves, João Paulo Martins José Teixeira
Publié dans: Master Thesis, Numéro 1, 2017
Éditeur: Faculdade de Ciências Universidade de Lisboa

Cyberthreat Discovery in Open Source Intelligence using Deep Learning Techniques

Auteurs: Eunice Branco
Publié dans: Master Thesis, Numéro 1, 2017
Éditeur: Faculdade de Ciências Universidade de Lisboa

A multi-level model for risk assessment in SIEM

Auteurs: Luis M. Ferreira
Publié dans: Master Thesis, Numéro 1, 2017
Éditeur: Faculdade de Ciências Universidade de Lisboa

Assessment on the effectiveness of design diversity for network security and monitoring

Auteurs: Marques, Pedro Daniel Magalhães
Publié dans: Master Thesis, Numéro 1, 2018
Éditeur: Faculdade de Ciências Universidade de Lisboa

Threat detection in SIEM considering risk assessment

Auteurs: Osório, Ana Mafalda Silva
Publié dans: Master Thesis, Numéro 1, 2018
Éditeur: Faculdade de Ciências Universidade de Lisboa

Improving cyberthreat discovery in open source intelligence using deep learning techniques

Auteurs: Dionísio, Nuno Rafael Marques
Publié dans: Master Thesis, Numéro 1, 2018
Éditeur: Faculdade de Ciências Universidade de Lisboa

Leveraging OSINT to Improve Threat Intelligence Quality

Auteurs: Rui Azevedo
Publié dans: Master Thesis, Numéro 1, 2018
Éditeur: Faculdade de Ciências da Universidade de Lisboa

Diverse Intrusion-tolerant Systems

Auteurs: Miguel Garcia Tavares Henriques
Publié dans: PhD Thesis, Numéro 1, 2019
Éditeur: Faculdade de Ciências da Universidade de Lisboa

Understanding User Behaviour through Action Sequences: From the Usual to the Unusual

Auteurs: Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko, Olivier Thonnard, Jihane Zouaoui
Publié dans: IEEE Transactions on Visualization and Computer Graphics, Numéro 25/9, 2019, Page(s) 2838-2852, ISSN 1077-2626
Éditeur: Institute of Electrical and Electronics Engineers
DOI: 10.1109/TVCG.2018.2859969

Vulnerability prediction capability: A comparison between vulnerability discovery models and neural network models

Auteurs: Yazdan Movahedi, Michel Cukier, Ilir Gashi
Publié dans: Computers & Security, Numéro 87, 2019, Page(s) 101596, ISSN 0167-4048
Éditeur: Pergamon Press Ltd.
DOI: 10.1016/j.cose.2019.101596

VASABI: Hierarchical User Profiles for Interactive Visual User Behaviour Analytics

Auteurs: Phong H. Nguyen, Rafael Henkin, Siming Chen, Natalia Andrienko, Gennady Andrienko, Olivier Thonnard, Cagatay Turkay
Publié dans: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626
Éditeur: Institute of Electrical and Electronics Engineers
DOI: 10.1109/tvcg.2019.2934609

CHARON: A Secure Cloud-of-Clouds System for Storing and Sharing Big Data

Auteurs: Ricardo Mendes, Tiago Oliveira, Vinicius Vielmo Cogo, Nuno Ferreira Neves, Alysson Neves Bessani
Publié dans: IEEE Transactions on Cloud Computing, 2019, Page(s) 1-1, ISSN 2168-7161
Éditeur: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/tcc.2019.2916856

BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks

Auteurs: Eduardo Viegas, Altair Santin, Alysson Bessani, Nuno Neves
Publié dans: Future Generation Computer Systems, Numéro 93, 2019, Page(s) 473-485, ISSN 0167-739X
Éditeur: Elsevier BV
DOI: 10.1016/j.future.2018.09.051

Cluster-based vulnerability assessment of operating systems and web browsers

Auteurs: Yazdan Movahedi, Michel Cukier, Ambrose Andongabo, Ilir Gashi
Publié dans: Computing, Numéro 101/2, 2019, Page(s) 139-160, ISSN 0010-485X
Éditeur: Springer Verlag
DOI: 10.1007/s00607-018-0663-0

LDA Ensembles for Interactive Exploration and Categorization of Behaviors

Auteurs: Siming Chen, Natalia Andrienko, Gennady Andrienko, Linara Adilova, Jeremie Barlet, Joerg Kindermann, Phong Hai Nguyen, Olivier Thonnard, Cagatay Turkay
Publié dans: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626
Éditeur: Institute of Electrical and Electronics Engineers
DOI: 10.1109/tvcg.2019.2904069

Diversity in Open Source Intrusion Detection Systems

Auteurs: Hafizul Asad, Ilir Gashi
Publié dans: Developments in Language Theory - 22nd International Conference, DLT 2018, Tokyo, Japan, September 10-14, 2018, Proceedings, Numéro 11088, 2018, Page(s) 267-281, ISBN 978-3-319-98653-1
Éditeur: Springer International Publishing
DOI: 10.1007/978-3-319-99130-6_18

Recherche de données OpenAIRE...

Une erreur s’est produite lors de la recherche de données OpenAIRE

Aucun résultat disponible