Skip to main content

Diversity Enhancements for SIEMs

Deliverables

Reference architecture and integration plan

This deliverable documents the DiSIEM reference architecture and how the contributions devised in work packages 3-5 will be integrated in existing SIEM systems. This report will be the main results from T2.2 and T2.3.

Validation plan

Definition of the methodology and criteria for validating the components considering the different environments provided by EDP, Amadeus and ATOS. This deliverable will be the main result of T7.1.

Preliminary architecture and service model of infrastructure enhancements

This deliverable presents a detailed description of the design and underlying assumptions of the components developed in the work package. This represents the partial results of T6.1, T6.2 and T6.3.

Probabilistic modelling of diversity for security and of security trends

This deliverable presents a detailed analysis of developed, evaluation and validation of the probabilistic models in T3.2. This deliverable will be the main result of task T3.2.

Refinements of the models and metrics based on pilot deployments

This deliverable presents the updates and refinements of the models and metrics defined in D3.1 and D3.2 based on feedback received from deployments in WP7. This deliverable will be the main result of task T3.3.

Internal and external IT communication infrastructure

The external IT communication infrastructure constitutes a guideline for communication of the DiSIEM project to external target groups including conferences, marketing measures and communication channels. Furthermore this deliverable constitutes the launch of the internal DiSIEM communication infrastructure including the establishment of mailing lists, an internal file repository (with version control), and the project website. This deliverable is marked with nature “DEC” and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievement of this deliverable. This deliverable will be a first initial result of T8.1.

Data management plan

This deliverable will establish the main elements of the data management policy that will be used by the applications with regard to all the datasets that will be gathered, generated and used by the project. Such datasets are fundamental for the DiSIEM project, as most of its components aim to extract useful information from big data (collected events, open-source intelligence, etc.) The data management plan is not a fixed document, but evolves during the lifespan of the project. More developed versions of the plan can therefore be included as additional deliverables at later stages. According to the Guidelines on Data Management in H2020, the data management plan should address data set reference and name, data set description, standards and metadata, data sharing and archiving and preservation (including storage and backup) on a dataset by dataset basis and should reflect the current status of reflection within the consortium about the data that will be produced.

Visualisation system infrastructure and requirement analysis

This report includes results that will inform and enable later stages of visualisation related developments. This deliverable will be the main result of task T5.1

Techniques and tools for OSINT-based threat analysis

This deliverable presents an in-depth analysis of the security-related OSINT data sources and how the information from these sources can be extracted, including a description of tools and methods that can be employed for this. It will also contain some initial study of the models and techniques that can be used to process OSINT data for predicting threats against a given organisation. This deliverable will report the main results of T4.1 and some preliminary results of T4.2.

OSINT data fusion and analysis architecture

This deliverable describes the machine learning techniques and tools used to analyse the OSINT information to identify security-related trends and predict threats to the managed infrastructure. This includes detailed models and algorithms to be implemented on OSINT-based threat predictors. This deliverable will be the main result of T4.2.

Results of the competition on machine learning for security

This will report the results of the two iterations of the threat prediction machine learning competition that will be organized by the consortium and sponsored by the project. This document should report everything about the competition, including technical details about the wining algorithms and what was learned at the end.

In-depth analysis of SIEMs extensibility

This deliverable will present an indepth analysis of the state of the art in SIEM systems, with particular focus on how such systems can be extended with custom connectors and new event visualisation tools. D2.1 will be the main result from T2.1.

Risk assessment plan

The Risk assessment plan will include a Critical Path Analysis (CPA) of the main project activities, identifying risk points, and procedures to deal with them. This deliverable is also a result from T9.1.

Security metrics and measurements

This deliverable presents a detailed analysis of the reviewed security metrics and defines the metrics that we plan to integrate in the SIEMs. This deliverable will be the main result of task T3.1

Project quality plan

"The project quality plan (the project handbook) constitutes a set of project templates, explanations on the project management process, review process, quality checks, meeting organisation, which is communicated to all partners. This deliverable is marked with nature ""OTHER"" (software, technical diagram, etc.) and will be accompanied by a small written report outlining its structure and purpose in order to justify the achievements of the deliverable. This is a result from T9.1."

Fully operating, integrated visualisation system with diverse SIEMs

This deliverable will encompass all the visualisation related modules that work in harmony with the underlying systems and fulfill all the functionalities required. This deliverable will be the main result of task T5.2, T5.3 and T5.4.

Early-stage prototypes

The prototype will provide the proof-of-concept and will be later used in evaluation activities. Also, interactive visualisation system where the visualisations are operating in a linked, expendable fashion. This deliverable will be the main result of tasks T5.2 and T5.3.

Searching for OpenAIRE data...

Publications

A Visual Analytics Approach for User Behaviour Understanding through Action Sequence Analysis

Author(s): Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko and Olivier Thonnard
Published in: 8th Int. EuroVis Workshop on Visual Analytics - EuroVA 2017, 2017
DOI: 10.2312/eurova.20171122

A Resilient Stream Learning Intrusion Detection Mechanism for Real-Time Analysis of Network Traffic

Author(s): Eduardo Viegas, Altair Santin, Nuno Neves, Alysson Bessani, Vilmar Abreu
Published in: GLOBECOM 2017 - 2017 IEEE Global Communications Conference, 2017, Page(s) 1-6
DOI: 10.1109/GLOCOM.2017.8254495

Threat Intelligence – Improving SIEM cybercriminality awareness using information from IP blacklists

Author(s): João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues
Published in: eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, 2017

Lazarus - Automatic Management of Diversity in BFT Systems

Author(s): Miguel Garcia, Alysson Bessani, Nuno Neves
Published in: Proceedings of the 20th International Middleware Conference on - Middleware '19, 2019, Page(s) 241-254
DOI: 10.1145/3361525.3361550

Cyberthreat Detection from Twitter using Deep Neural Networks

Author(s): Nuno Dionisio, Fernando Alves, Pedro M. Ferreira, Alysson Bessani
Published in: 2019 International Joint Conference on Neural Networks (IJCNN), 2019, Page(s) 1-8
DOI: 10.1109/ijcnn.2019.8852475

PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT

Author(s): Rui Azevedo, Iberia Medeiros, Alysson Bessani
Published in: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2019, Page(s) 483-490
DOI: 10.1109/trustcom/bigdatase.2019.00071

User Behavior Map: Visual Exploration for Cyber Security Session Data

Author(s): Siming Chen, Shuai Chen, Natalia Andrienko, Gennady Andrienko, Phong H. Nguyen, Cagatay Turkay, Olivier Thonnard, Xiaoru Yuan
Published in: 2018 IEEE Symposium on Visualization for Cyber Security (VizSec), 2018, Page(s) 1-4
DOI: 10.1109/vizsec.2018.8709223

Detecting Malicious Web Scraping Activity: A Study with Diverse Detectors

Author(s): Pedro Marques, Zayani Dabbabi, Miruna-Mihaela Mironescu, Olivier Thonnard, Alysson Bessani, Frances Buontempo, Ilir Gashi
Published in: 2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC), 2018, Page(s) 269-278
DOI: 10.1109/prdc.2018.00049

Detecting Network Threats using OSINT Knowledge-Based IDS

Author(s): Ivo Vacas, Iberia Medeiros, Nuno Neves
Published in: 2018 14th European Dependable Computing Conference (EDCC), 2018, Page(s) 128-135
DOI: 10.1109/edcc.2018.00031

FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data Using Network Flows

Author(s): Luis Sacramento, Iberia Medeiros, Joao Bota, Miguel Correia
Published in: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018, Page(s) 567-572
DOI: 10.1109/trustcom/bigdatase.2018.00086

Geração Automática de Conhecimento para SDI extraído de OSINTs

Author(s): Ivo Vacas
Published in: Master Thesis, Issue 1, 2017

Threat intelligence: using osint and security metrics to enhance siem capabilities

Author(s): Alves, João Paulo Martins José Teixeira
Published in: Master Thesis, Issue 1, 2017

Cyberthreat Discovery in Open Source Intelligence using Deep Learning Techniques

Author(s): Eunice Branco
Published in: Master Thesis, Issue 1, 2017

A multi-level model for risk assessment in SIEM

Author(s): Luis M. Ferreira
Published in: Master Thesis, Issue 1, 2017

Assessment on the effectiveness of design diversity for network security and monitoring

Author(s): Marques, Pedro Daniel Magalhães
Published in: Master Thesis, Issue 1, 2018

Threat detection in SIEM considering risk assessment

Author(s): Osório, Ana Mafalda Silva
Published in: Master Thesis, Issue 1, 2018

Improving cyberthreat discovery in open source intelligence using deep learning techniques

Author(s): Dionísio, Nuno Rafael Marques
Published in: Master Thesis, Issue 1, 2018

Leveraging OSINT to Improve Threat Intelligence Quality

Author(s): Rui Azevedo
Published in: Master Thesis, Issue 1, 2018

Diverse Intrusion-tolerant Systems

Author(s): Miguel Garcia Tavares Henriques
Published in: PhD Thesis, Issue 1, 2019

Understanding User Behaviour through Action Sequences: From the Usual to the Unusual

Author(s): Phong H. Nguyen, Cagatay Turkay, Gennady Andrienko, Natalia Andrienko, Olivier Thonnard, Jihane Zouaoui
Published in: IEEE Transactions on Visualization and Computer Graphics, Issue 25/9, 2019, Page(s) 2838-2852, ISSN 1077-2626
DOI: 10.1109/TVCG.2018.2859969

Vulnerability prediction capability: A comparison between vulnerability discovery models and neural network models

Author(s): Yazdan Movahedi, Michel Cukier, Ilir Gashi
Published in: Computers & Security, Issue 87, 2019, Page(s) 101596, ISSN 0167-4048
DOI: 10.1016/j.cose.2019.101596

VASABI: Hierarchical User Profiles for Interactive Visual User Behaviour Analytics

Author(s): Phong H. Nguyen, Rafael Henkin, Siming Chen, Natalia Andrienko, Gennady Andrienko, Olivier Thonnard, Cagatay Turkay
Published in: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626
DOI: 10.1109/tvcg.2019.2934609

CHARON: A Secure Cloud-of-Clouds System for Storing and Sharing Big Data

Author(s): Ricardo Mendes, Tiago Oliveira, Vinicius Vielmo Cogo, Nuno Ferreira Neves, Alysson Neves Bessani
Published in: IEEE Transactions on Cloud Computing, 2019, Page(s) 1-1, ISSN 2168-7161
DOI: 10.1109/tcc.2019.2916856

BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks

Author(s): Eduardo Viegas, Altair Santin, Alysson Bessani, Nuno Neves
Published in: Future Generation Computer Systems, Issue 93, 2019, Page(s) 473-485, ISSN 0167-739X
DOI: 10.1016/j.future.2018.09.051

Cluster-based vulnerability assessment of operating systems and web browsers

Author(s): Yazdan Movahedi, Michel Cukier, Ambrose Andongabo, Ilir Gashi
Published in: Computing, Issue 101/2, 2019, Page(s) 139-160, ISSN 0010-485X
DOI: 10.1007/s00607-018-0663-0

LDA Ensembles for Interactive Exploration and Categorization of Behaviors

Author(s): Siming Chen, Natalia Andrienko, Gennady Andrienko, Linara Adilova, Jeremie Barlet, Joerg Kindermann, Phong Hai Nguyen, Olivier Thonnard, Cagatay Turkay
Published in: IEEE Transactions on Visualization and Computer Graphics, 2019, Page(s) 1-1, ISSN 1077-2626
DOI: 10.1109/tvcg.2019.2904069

Diversity in Open Source Intrusion Detection Systems

Author(s): Hafizul Asad, Ilir Gashi
Published in: Developments in Language Theory - 22nd International Conference, DLT 2018, Tokyo, Japan, September 10-14, 2018, Proceedings, Issue 11088, 2018, Page(s) 267-281
DOI: 10.1007/978-3-319-99130-6_18