The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter cyber threats.To enable cooperation in detecting and preventing attacks it is an inevitable...The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter cyber threats.To enable cooperation in detecting and preventing attacks it is an inevitable necessity to have structured and standardized formats to describe an incident.Corresponding formats are complex and of an extensive nature as they are often designed for automated processing and exchange.These characteristics hamper the readability and,therefore,prevent humans from understanding the documented incident.This is a major problem since the success and effectiveness of any security measure rely heavily on the contribution of security experts.To meet these shortcomings we propose a visual analytics concept enabling security experts to analyze and enrich semi-structured cyber threat intelligence information.Our approach combines an innovative way of persisting this data with an interactive visualization component to analyze and edit the threat information.We demonstrate the feasibility of our concept using the Structured Threat Information eXpression,the state-ofthe-art format for reporting cyber security issues.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
Correction to:Cybersecurity(2019)2:23 https://doi.org/10.1186/s42400-019-0040-0 In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Man...Correction to:Cybersecurity(2019)2:23 https://doi.org/10.1186/s42400-019-0040-0 In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Manfred Vielberth,Florian Menges and Günther Pernul.The publisher apologizes to the readers and authors for the inconvenience.The original publication has been corrected.展开更多
Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the tar...Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.展开更多
In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Manfred Vielberth,Florian Menges and Günther Pernul.The publisher apologizes t...In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Manfred Vielberth,Florian Menges and Günther Pernul.The publisher apologizes to the readers and authors for the inconvenience.The original publication has been corrected.展开更多
基金supported by the Federal Ministry of Education and Research,Germany,as part of the BMBF DINGfest project。
文摘The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter cyber threats.To enable cooperation in detecting and preventing attacks it is an inevitable necessity to have structured and standardized formats to describe an incident.Corresponding formats are complex and of an extensive nature as they are often designed for automated processing and exchange.These characteristics hamper the readability and,therefore,prevent humans from understanding the documented incident.This is a major problem since the success and effectiveness of any security measure rely heavily on the contribution of security experts.To meet these shortcomings we propose a visual analytics concept enabling security experts to analyze and enrich semi-structured cyber threat intelligence information.Our approach combines an innovative way of persisting this data with an interactive visualization component to analyze and edit the threat information.We demonstrate the feasibility of our concept using the Structured Threat Information eXpression,the state-ofthe-art format for reporting cyber security issues.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.
文摘Correction to:Cybersecurity(2019)2:23 https://doi.org/10.1186/s42400-019-0040-0 In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Manfred Vielberth,Florian Menges and Günther Pernul.The publisher apologizes to the readers and authors for the inconvenience.The original publication has been corrected.
文摘Humans are commonly seen as the weakest link in corporate information security.This led to a lot of effort being put into security training and awareness campaigns,which resulted in employees being less likely the target of successful attacks.Existing approaches,however,do not tap the full potential that can be gained through these campaigns.On the one hand,human perception offers an additional source of contextual information for detected incidents,on the other hand it serves as information source for incidents that may not be detectable by automated procedures.These approaches only allow a text-based reporting of basic incident information.A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing.In this work,we propose an approach,which allows humans to systematically report perceived anomalies or incidents in a structured way.Our approach furthermore supports the integration of such reports into analytics systems.Thereby,we identify connecting points to SIEM systems,develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans.A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.
文摘In the original publication of this article(Vielberth et al.2019),the author list was not completed.The correct author list should be Manfred Vielberth,Florian Menges and Günther Pernul.The publisher apologizes to the readers and authors for the inconvenience.The original publication has been corrected.
