A. Applebaum, Shawn Johnson, Michael Limiero, Michael Smith
{"title":"以剧本为导向的网络反应","authors":"A. Applebaum, Shawn Johnson, Michael Limiero, Michael Smith","doi":"10.1109/NCS.2018.00007","DOIUrl":null,"url":null,"abstract":"Cyber analysts tend to respond to anomalous events manually, often using subjective judgment that can lead to responses that are less than optimal. Additionally, analysts tend to report on events and share cyber knowledge in unstructured, textual formats, which not only require more time to parse – thus taking more time to respond – but also lead to multiple conclusions from the same input. To remedy this, we have proposed a framework designed to provide an analyst with a set of timely and accurate courses of action in response to events, in some cases automating those responses. As part of this framework, we have created a playbook specification format that allows analysts to specify the right course of action to take in response to events, given certain risk conditions and mission context. In addition to providing the specification format, we have also created an initial ontology to help analysts build their playbook contents and have laid out a notional architecture that can operationalize these playbooks. Our playbook format can help standardize how analysts should respond to events, thus decreasing the time to response and enabling analysts to share key knowledge in a common format. Ultimately, this should increase the efficacy of security operations center personnel.","PeriodicalId":283240,"journal":{"name":"2018 National Cyber Summit (NCS)","volume":"145 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Playbook Oriented Cyber Response\",\"authors\":\"A. Applebaum, Shawn Johnson, Michael Limiero, Michael Smith\",\"doi\":\"10.1109/NCS.2018.00007\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyber analysts tend to respond to anomalous events manually, often using subjective judgment that can lead to responses that are less than optimal. Additionally, analysts tend to report on events and share cyber knowledge in unstructured, textual formats, which not only require more time to parse – thus taking more time to respond – but also lead to multiple conclusions from the same input. To remedy this, we have proposed a framework designed to provide an analyst with a set of timely and accurate courses of action in response to events, in some cases automating those responses. As part of this framework, we have created a playbook specification format that allows analysts to specify the right course of action to take in response to events, given certain risk conditions and mission context. In addition to providing the specification format, we have also created an initial ontology to help analysts build their playbook contents and have laid out a notional architecture that can operationalize these playbooks. Our playbook format can help standardize how analysts should respond to events, thus decreasing the time to response and enabling analysts to share key knowledge in a common format. Ultimately, this should increase the efficacy of security operations center personnel.\",\"PeriodicalId\":283240,\"journal\":{\"name\":\"2018 National Cyber Summit (NCS)\",\"volume\":\"145 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 National Cyber Summit (NCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NCS.2018.00007\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 National Cyber Summit (NCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NCS.2018.00007","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber analysts tend to respond to anomalous events manually, often using subjective judgment that can lead to responses that are less than optimal. Additionally, analysts tend to report on events and share cyber knowledge in unstructured, textual formats, which not only require more time to parse – thus taking more time to respond – but also lead to multiple conclusions from the same input. To remedy this, we have proposed a framework designed to provide an analyst with a set of timely and accurate courses of action in response to events, in some cases automating those responses. As part of this framework, we have created a playbook specification format that allows analysts to specify the right course of action to take in response to events, given certain risk conditions and mission context. In addition to providing the specification format, we have also created an initial ontology to help analysts build their playbook contents and have laid out a notional architecture that can operationalize these playbooks. Our playbook format can help standardize how analysts should respond to events, thus decreasing the time to response and enabling analysts to share key knowledge in a common format. Ultimately, this should increase the efficacy of security operations center personnel.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
