Abstract
A high number of low-level alerts are reported by information security systems . This justifies the interest in gathering and aggregating data from various sources. Subsequently, we propose an approach that correlates security events to detect upcoming cyber threats and determining the impact of these cyber threats. The proposed mission impact assessment (MIA) approach allow event correlation, the recognition of mission threatening events and computing the impact of this event. An offline component that develops a network dependency model by learning a state machine from network traffic captures. Additionally, a dependency model of the power grid is modeled to allow the analysis of cyber-physical impacts. This allows the analysis of how cyber events might impact the ongoing mission on an operational level.
Original language | English |
---|---|
Number of pages | 12 |
Publication status | Published - 01.06.2015 |
Event | Proceedings of the NATO IST-128 Workshop: Assessing Mission Impact of Cyberattacks - Istanbul, Turkey Duration: 15.06.2015 → 17.06.2015 |
Conference
Conference | Proceedings of the NATO IST-128 Workshop: Assessing Mission Impact of Cyberattacks |
---|---|
Country/Territory | Turkey |
City | Istanbul |
Period | 15.06.15 → 17.06.15 |