网络威胁情报集成到安全洋葱和马尔科姆的工业网络用例

IF 0.7 4区计算机科学 Q4 AUTOMATION & CONTROL SYSTEMS At-Automatisierungstechnik Pub Date : 2023-09-01 DOI:10.1515/auto-2023-0057

Tim Ackermann, Markus Karch, Jörg Kippe

{"title":"网络威胁情报集成到安全洋葱和马尔科姆的工业网络用例","authors":"Tim Ackermann, Markus Karch, Jörg Kippe","doi":"10.1515/auto-2023-0057","DOIUrl":null,"url":null,"abstract":"Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"802 - 815"},"PeriodicalIF":0.7000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Integration of Cyber Threat Intelligence into Security Onion and Malcolm for the use case of industrial networks\",\"authors\":\"Tim Ackermann, Markus Karch, Jörg Kippe\",\"doi\":\"10.1515/auto-2023-0057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.\",\"PeriodicalId\":55437,\"journal\":{\"name\":\"At-Automatisierungstechnik\",\"volume\":\"71 1\",\"pages\":\"802 - 815\"},\"PeriodicalIF\":0.7000,\"publicationDate\":\"2023-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"At-Automatisierungstechnik\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1515/auto-2023-0057\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"AUTOMATION & CONTROL SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"At-Automatisierungstechnik","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1515/auto-2023-0057","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

摘要随着工业控制系统（ICS）受到网络攻击的频率越来越高，网络安全问题变得越来越重要。网络威胁情报（CTI）提供有关网络对手的信息，包括他们的意图和攻击技术。本文分析了ICS开源CTI的可用性，特别关注有助于检测网络攻击的技术指标。此外，本文研究了CTI数据到SIEM系统中的自动集成，并介绍了CTIExchange作为一种工具，通过将威胁情报平台与检测工具连接起来来促进这种集成。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Integration of Cyber Threat Intelligence into Security Onion and Malcolm for the use case of industrial networks

Abstract With the increasing frequency of cyberattacks on Industrial Control Systems (ICS), the subject of cybersecurity is becoming increasingly important. Cyber Threat Intelligence (CTI) provides information about cyber adversaries, including their intentions and attack techniques. This paper analyzes the availability of open-source CTI for ICS, with a particular focus on technical indicators that can aid in detecting cyberattacks. Furthermore, this paper examines the automated integration of CTI data into SIEM systems and introduces CTIExchange as a tool that facilitates this integration by connecting Threat Intelligence Platforms with detection tools.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

At-Automatisierungstechnik 工程技术-自动化与控制系统

CiteScore

2.00

自引率

10.00%

发文量

审稿时长

6-12 weeks

期刊介绍： Automatisierungstechnik (AUTO) publishes articles covering the entire range of automation technology: development and application of methods, the operating principles, characteristics, and applications of tools and the interrelationships between automation technology and societal developments. The journal includes a tutorial series on "Theory for Users," and a forum for the exchange of viewpoints concerning past, present, and future developments. Automatisierungstechnik is the official organ of GMA (The VDI/VDE Society for Measurement and Automatic Control) and NAMUR (The Process-Industry Interest Group for Automation Technology). Topics control engineering digital measurement systems cybernetics robotics process automation / process engineering control design modelling information processing man-machine interfaces networked control systems complexity management machine learning ambient assisted living automated driving bio-analysis technology building automation factory automation / smart factories flexible manufacturing systems functional safety mechatronic systems.

期刊最新文献

Investigating the rendering capability of embedded devices for graphical-user-interfaces in mobile machines Methods, approaches, and applications in mobile machines Communication in collaborating construction equipment Aligning process quality and efficiency in agricultural soil tillage OPC UA client-server connection over an ISO 11783 vehicle network