CRUSOE: A Toolset for Cyber Situational Awareness and Decision
Support in Incident Handling

J 2022

CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

HUSÁK, Martin; Lukáš SADLEK; Stanislav ŠPAČEK; Martin LAŠTOVIČKA; Michal JAVORNÍK et al.

Základní údaje

Originální název

CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling

Autoři

HUSÁK, Martin ; Lukáš SADLEK; Stanislav ŠPAČEK; Martin LAŠTOVIČKA ; Michal JAVORNÍK a Jana KOMÁRKOVÁ

Vydání

Computers & Security, Elsevier, 2022, 0167-4048

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Nizozemské království

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Impakt faktor

Impact factor: 5.600

Označené pro přenos do RIV

Ano

Kód RIV

RIV/00216224:14610/22:00125183

Organizační jednotka

Ústav výpočetní techniky

Klíčová slova anglicky

Cyber situational awareness;OODA Loop;Decision support;Network monitoring;Incident response

Štítky

J-Q1, rivok

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 25. 3. 2022 16:08, RNDr. Martin Husák, Ph.D.

Anotace

V originále

The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.

Návaznosti

EF16_019/0000822, projekt VaV

Název: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

Přiložené soubory

2022-COSE-CRUSOE_toolset.pdf Verze souboru

Citovat

HUSÁK, Martin; Lukáš SADLEK; Stanislav ŠPAČEK; Martin LAŠTOVIČKA; Michal JAVORNÍK a Jana KOMÁRKOVÁ. CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling. Computers & Security. Elsevier, 2022, roč. 115, April, s. 1-19. ISSN 0167-4048. Dostupné z: https://doi.org/10.1016/j.cose.2022.102609.

@article{1822842,
   author = {Husák, Martin and Sadlek, Lukáš and Špaček, Stanislav and Laštovička, Martin and Javorník, Michal and Komárková, Jana},
   article_number = {April},
   doi = {https://doi.org/10.1016/j.cose.2022.102609},
   keywords = {Cyber situational awareness;OODA Loop;Decision support;Network monitoring;Incident response},
   language = {eng},
   issn = {0167-4048},
   journal = {Computers & Security},
   title = {CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling},
   url = {https://www.sciencedirect.com/science/article/pii/S0167404822000086},
   volume = {115},
   year = {2022}
}

TY  - JOUR
ID  - 1822842
AU  - Husák, Martin - Sadlek, Lukáš - Špaček, Stanislav - Laštovička, Martin - Javorník, Michal - Komárková, Jana
PY  - 2022
TI  - CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling
JF  - Computers & Security
VL  - 115
IS  - April
SP  - 1-19
EP  - 1-19
PB  - Elsevier
SN  - 01674048
KW  - Cyber situational awareness;OODA Loop;Decision support;Network monitoring;Incident response
UR  - https://www.sciencedirect.com/science/article/pii/S0167404822000086
N2  - The growing size and complexity of today’s computer network make it hard to achieve and maintain so-called cyber situational awareness, i.e., the ability to perceive and comprehend the cyber environment and be able to project the situation in the near future. Namely, the personnel of cybersecurity incident response teams or security operation centers should be aware of the security situation in the network to effectively prevent or mitigate cyber attacks and avoid mistakes in the process. In this paper, we present a toolset for achieving cyber situational awareness in a large and heterogeneous environment. Our goal is to support cybersecurity teams in iterating through the OODA loop (Observe, Orient, Decide, Act). We designed tools to help the operator make informed decisions in incident handling and response for each phase of the cycle. The Observe phase builds on common tools for active and passive network monitoring and vulnerability assessment. In the Orient phase, the data on the network are structured and presented in a comprehensible and visually appealing manner. The Decide phase opens opportunities for decision-support systems, in our case, a recommender system that suggests the most resilient configuration of the critical infrastructure. Finally, the Act phase is supported by a service that orchestrates network security tools and allows for prompt mitigation actions. Finally, we present lessons learned from the deployment of the toolset in the campus network and the results of a user evaluation study.
ER  -

HUSÁK, Martin; Lukáš SADLEK; Stanislav ŠPAČEK; Martin LAŠTOVIČKA; Michal JAVORNÍK a Jana KOMÁRKOVÁ. CRUSOE: A Toolset for Cyber Situational Awareness and Decision Support in Incident Handling. \textit{Computers \&{} Security}. Elsevier, 2022, roč.~115, April, s.~1-19. ISSN~0167-4048. Dostupné z: https://doi.org/10.1016/j.cose.2022.102609.

Přehled o publikaci