Affiliation:
1. Masaryk University, Czech Republic
2. Pavol Jozef Šafárik University, Slovakia
3. CESNET, Czech Republic
Abstract
Sharing the alerts from intrusion detection systems among multiple computer networks and organizations allows for seeing the “big picture” of the network security situation and improves the capabilities of cyber incident response. However, such a task requires a number of technical and non-technical issues to be resolved, from data collection and distribution to proper categorization, data quality management, and issues of trust and privacy. In this field note, we illustrate the concepts and provide lessons learned on the example of SABU, an alert sharing and analysis platform used by academia and partner organizations in the Czech Republic. We discuss the initial willingness to share the data that was later weakened by the uncertainties around personal data protection, the issues of high volume and low quality of the data that prevented their straightforward use, and that the management of the community is a more severe issue than the technical implementation of alert sharing.
Funder
ERDF “CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Computer Science Applications,Hardware and Architecture,Safety Research,Information Systems,Software
Reference32 articles.
1. GRU-based deep learning approach for network intrusion alert prediction
2. Václav Bartoš. 2019. NERD: Network entity reputation database. In Proceedings of the 14th International Conference on Availability, Reliability, and Security (ARES’19). ACM, 7 pages.
3. Network entity characterization and attack prediction
4. Tomas Cejka, Vaclav Bartos, Marek Svepes, Zdenek Rosa, and Hana Kubatova. 2016. NEMEA: A framework for network traffic analysis. In Proceedings of the 2016 12th International Conference on Network and Service Management (CNSM’16). IEEE, 195–201.
5. European Commission. 2013. COMMISSION STAFF WORKING DOCUMENT IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European Parliament and of the Council Concerning measures to ensure a high level of network and information security across the Union. (2013). Retrieved on April 11 2023 from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A52013SC0032
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献