Formalizing and Integrating User Knowledge into Security Analytics

被引：0

作者：

Böhm F. ^{[1
]}

Vielberth M. ^{[1
]}

Pernul G. ^{[1
]}

机构：

[1] Chair of Information Systems, University of Regensburg, Universitätstr. 31, Bavaria, Regensburg

来源：

SN Computer Science | / 3卷 / 5期

关键词：

Domain knowledge; Security analytics; Security awareness; Security operations; Visual analytics;

D O I：

10.1007/s42979-022-01209-7

中图分类号：

学科分类号：

摘要：

The Internet-of-Things and ubiquitous cyber-physical systems increase the attack surface for cyber-physical attacks. They exploit technical vulnerabilities and human weaknesses to wreak havoc on organizations’ information systems, physical machines, or even humans. Taking a stand against these multi-dimensional attacks requires automated measures to be combined with people as their knowledge has proven critical for security analytics. However, there is no uniform understanding of information security knowledge and its integration into security analytics activities. With this work, we structure and formalize the crucial notions of knowledge that we deem essential for holistic security analytics. A corresponding knowledge model is established based on the Incident Detection Lifecycle, which summarizes the security analytics activities. This idea of knowledge-based security analytics highlights a dichotomy in security analytics. Security experts can operate security mechanisms and thus contribute their knowledge. However, security novices often cannot operate security mechanisms and, therefore, cannot make their highly-specialized domain knowledge available for security analytics. This results in several severe knowledge gaps. We present a research prototype that shows how several of these knowledge gaps can be overcome by simplifying the interaction with automated security analytics techniques. © 2022, The Author(s).

引用

共 35 条

[1] Schneier B., Secrets and lies: digital security in a networked world, (2015)
[2] Ben-Asher N., Gonzalez C., Effects of cyber security knowledge on attack detection, Comput Hum Behav, 48, pp. 51-61, (2015)
[3] Zimmermann V., Renaud K., Moving from a“human-as-problem”to a“human-as-solution”cybersecurity mindset, Int J Hum Comput Stud, 131, pp. 169-187, (2019)
[4] Kendrick C., Frohnmaier M., Georges M., Audio-visual recipe guidance for smart kitchen devices, Proceedings of the Fourth International Conference on Natural Language and Speech Processing, pp. 257-261
[5] Loukas G., Cyber-Physical Attacks, (2015)
[6] Dietz M., Vielberth M., Pernul G., Integrating digital twin security simulations in the security operations center, Proceedings of the 15Th International Conference on Availability, Reliability and Security (ARES), pp. 1-9, (2020)
[7] Towards security-aware virtual environments for digital twins, Proceedings of the 4Th ACM Workshop on Cyber-Physical System security—CPSS ’18, pp. 61-72, (2018)
[8] Vielberth M., Bohm F., Fichtinger I., Pernul G., Security operations center: a systematic study and open challenges, IEEE Access, 8, pp. 227756-227779, (2020)
[9] Schneier B., Click here to kill everybody: security and survival in a hyper-connected world, (2018)
[10] Chen T.M., Sanchez-Aarnoutse J.C., Buford J., Petri net modeling of cyber-physical attacks on smart grid, IEEE Trans Smart Grid, 2, 4, pp. 741-749, (2011)

← 1 2 3 4 →