Oleksii Osliak

Topic: 
Dynamic threat assessment & prediction
Research work: 

The main objective of the research is to design a framework for collaborative analysis of Cyber-Threat Information (CTI). The framework itself requires automated data preprocessing for fast and effective analysis and secure information sharing among parties involved in the process. However, often CTI includes sensitive data (private and confidential information) that might be used illegally. Often, intruders use sensitive information in performing attacks on systems (e.g., injection attacks). Considering an increased number of attacks on Critical Infrastructures (CI) such as Industrial Control Systems and Smart Grids, and taking into account consequences of attacks, the development of new solutions for cybersecurity of these systems become more crucial.

The emphasis of the research is developing a security management framework for secure analysis and sharing of CTI in Industrial Control Systems. The framework will integrate intrusion detection techniques, threat, and vulnerability assessment, secure information sharing, and decision making based on the analyzed information.

Moreover, my work will focus on the practical development of new security solutions for solving issues related to communication and data access in ICS.

ESRs Publications

Description:

This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Hence, an application to an email is presented, together with DSA definition and inclusion in a STIX record. Finally, a set of experiments will show the performance improvement related to data access, brought by the adoption of the proposed scheme.