On Collaboration and Automation in the Context of Threat
Detection and Response with Privacy-Preserving Features

J 2025

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

NITZ, Lasse; Akbari GURABI MEHDI; Milan ČERMÁK; Martin ŽÁDNÍK; David KARPUK et. al.

Základní údaje

Originální název

On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features

Autoři

NITZ, Lasse; Akbari GURABI MEHDI; Milan ČERMÁK; Martin ŽÁDNÍK; David KARPUK; Arthur DRICHEL; Sebastian SCHÄFER a Benedikt HOLMES

Vydání

Digital Threats: Research and Practice, Association for Computing Machinery, 2025

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Odkazy

URL

Organizační jednotka

Ústav výpočetní techniky

DOI

http://dx.doi.org/10.1145/3707651

Klíčová slova anglicky

Cybersecurity; Collaborative detection and response; Incident response automation; Information sharing; Privacy

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 18. 2. 2025 11:18, RNDr. Milan Čermák, Ph.D.

Anotace

V originále

Organizations and their security operation centers often struggle to detect and respond effectively to an extensive quantity of ever-evolving cyberattacks. While collaboration, such as threat intelligence sharing between security teams, and response automation are often discussed in the cybersecurity community, issues like data sensitivity and confidence in detection may hinder their adoption. This work investigates the potentials and challenges of collaboration and automation to enhance incident response processes. We propose a reference architecture for data sharing in threat detection and response, aiming to boost collaborative and automated efforts across organizations while also considering privacy-preserving features. To address these challenges and potentials, we discuss how such a framework could enhance current response processes within and between organizations, validated with results in local attack detection, incident response, and data sharing.

Návaznosti

833418, interní kód MU

Název: Sharing and Automation for Privacy Preserving Attack Neutralization (Akronym: SAPPAN)

Investor: Evropská unie, Sharing and Automation for Privacy Preserving Attack Neutralization, Secure societies - Protecting freedom and security of Europe and its citizens (Societal Challenges)

Citovat

NITZ, Lasse; Akbari GURABI MEHDI; Milan ČERMÁK; Martin ŽÁDNÍK; David KARPUK; Arthur DRICHEL; Sebastian SCHÄFER a Benedikt HOLMES. On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features. Online. Digital Threats: Research and Practice. Association for Computing Machinery, 2025, roč. 6, č. 1, s. 1 - 36. Dostupné z: https://dx.doi.org/10.1145/3707651.

@article{2478120,
   author = {Nitz, Lasse and Gurabi Mehdi, Akbari and Čermák, Milan and Žádník, Martin and Karpuk, David and Drichel, Arthur and Schäfer, Sebastian and Holmes, Benedikt},
   article_number = {1},
   doi = {http://dx.doi.org/10.1145/3707651},
   keywords = {Cybersecurity; Collaborative detection and response; Incident response automation; Information sharing; Privacy},
   language = {eng},
   journal = {Digital Threats: Research and Practice},
   title = {On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features},
   url = {https://dl.acm.org/doi/10.1145/3707651},
   volume = {6},
   year = {2025}
}

TY  - JOUR
ID  - 2478120
AU  - Nitz, Lasse - Gurabi Mehdi, Akbari - Čermák, Milan - Žádník, Martin - Karpuk, David - Drichel, Arthur - Schäfer, Sebastian - Holmes, Benedikt
PY  - 2025
TI  - On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features
JF  - Digital Threats: Research and Practice
VL  - 6
IS  - 1
SP  - 1 - 36
EP  - 1 - 36
PB  - Association for Computing Machinery
KW  - Cybersecurity
KW  - Collaborative detection and response
KW  - Incident response automation
KW  - Information sharing
KW  - Privacy
UR  - https://dl.acm.org/doi/10.1145/3707651
N2  - Organizations and their security operation centers often struggle to detect and respond effectively to an extensive quantity of ever-evolving cyberattacks. While collaboration, such as threat intelligence sharing between security teams, and response automation are often discussed in the cybersecurity community, issues like data sensitivity and confidence in detection may hinder their adoption. This work investigates the potentials and challenges of collaboration and automation to enhance incident response processes. We propose a reference architecture for data sharing in threat detection and response, aiming to boost collaborative and automated efforts across organizations while also considering privacy-preserving features. To address these challenges and potentials, we discuss how such a framework could enhance current response processes within and between organizations, validated with results in local attack detection, incident response, and data sharing.
ER  -

NITZ, Lasse; Akbari GURABI MEHDI; Milan ČERMÁK; Martin ŽÁDNÍK; David KARPUK; Arthur DRICHEL; Sebastian SCHÄFER a Benedikt HOLMES. On Collaboration and Automation in the Context of Threat Detection and Response with Privacy-Preserving Features. Online. \textit{Digital Threats: Research and Practice}. Association for Computing Machinery, 2025, roč.~6, č.~1, s.~1 - 36. Dostupné z: https://dx.doi.org/10.1145/3707651.

Přehled o publikaci