INDICAETING - INtrusion DetectIon by Correlating Automatically Extracted Threat INtelliGence

Date: 
01/10/2018 to 30/09/2021

Threat Intelligence consisting of Indicators of Compromise and Tactics, Techniques and Procedures is of uppermost importance for identifying cyber threats using signature-based detection techniques. However, large IT infrastructures are often insufficiently protected due to the fact that such approaches rely on predefined attack dictionaries that have to be maintained manually, which requires time- and resource-consuming activities as well as expert knowledge about the attack itself and the system at hand. For this reason, the main goal of this project is the definition of a methodology for an automatic or semi-automatic extraction of actionable Threat Intelligence from raw and unstructured log data allowing timely reaction to immanent threats. The proposed approach is thereby able to gather security-relevant information about previously unknown attacks using self-learning Anomaly Detection techniques that process log streams from arbitrary sources in real time. Correlating the identified anomalies across multiple layers and diverse systems reduces false alarms and enables that multi-stage intrusions comprising complex dynamic patterns are enriched with information about the context and the circumstances of attacks in order to provide comprehensive protection for all participants making use of the insights shared on public threat intelligence platforms.

Week: 
Monday, 10 December, 2018

Project type:

News

SMESEC project Open Call for SMEs and SME associations
SMESEC has released an open call for SMEs and SME associations in order to validate SMESEC framework and at the same time improve their systems’ security.
 
SMESEC is inviting SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!

Future Events

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.

CYBERUK 2019
24/04/2019 to 25/04/2019
Image:

Where: Scottish Event Campus (SEC), Glasgow
When: 24-25 April 2019
 
CYBERUK is the UK government’s flagship cyber security event. Hosted by the National Cyber Security Centre (NCSC), it features world-class speakers, solutions and opportunities for interaction between the public and private sectors. You will be briefed on the evolving cyber threat and how we must respond as individuals and as a community to keep Britain safe in cyberspace.