Deadline extended for Workshop on Next Generation Security Operations Centers (NG-SOC 2021)

The deadline for submissions for the NG-SOC 2021 workshop, jointly organized by SAPPAN and SOCCRATES in conjunction with the 16th International Conference on Availability, Reliability and Security (ARES 2021) has been extended to May 7, 2021!


The updated important dates:

– Submission Deadline May 7, 2021

– Author Notification May 31, 2021

– Proceedings Version June 13, 2021

– ARES EU Symposium August 17, 2021

– Conference August 17 – August 20, 2021


The submission guidelines valid for the workshop are the same as for the ARES conference. 

Girls Day 2021 Event

Girls’ Day 2021 took place in Germany on April 22nd 2021. The University of Stuttgart was there with a workshop offered to encourage female students to look at information technology courses of study and professions.

Franziska Becker and Robert Rapp from the SAPPAN project, therefore, wanted to convey the important content on data protection and encryption. The event “Hacked? Learn about password and secret languages!” was offered by the two. 13 schoolgirls from all over Germany took part in this online event.

The online event had an interactive structure and offered the schoolgirls a varied mix of information, discussions and games. After a short introduction, the participants were allowed to take part in a small warm-up game. As an introduction to the topic, the first mini-challenge “Who Am I” was to be carried out in three small working groups. Each team was asked to compile the information they could find about Robert on the Internet. Afterwards, Robert started with the first informal part, why data is collected on the Internet in the first place and what information can be compiled from the collected data. Afterwards, the students were shown how to find hidden trackers in their smartphone apps. With the explanation of “cookies” and the “cookie notification”, there was also a small insight into the German Data Protection Regulation (DSGVO). The next topic area also started with a small mini-challenge called “Password please”. The students tried to create the most secure password possible from the given one. In the resolution of the challenge, Robert showed an online tool for password verification. To wrap up the topic, the girls learned more about strong passwords, password managers, and two-factor authentication and were able to ask questions about them. After the lunch break, the session continued with a discussion session about “hacking”. For the students, hacking was no longer a new term and they already knew hackers from movies or even had an idea what the goal of a hack attack is. Franziska then explained the origin of the word hacking and the various forms of hackers. To ensure that the participants are better protected against hackers of all kinds in the future, Franziska showed them a quiz that can be used to raise awareness of a widespread hacking attack called “phishing”. She also presented an online tool that can be used to check files and URLs for viruses and Trojans. In the mini-challenge “A Different Kind of Secret Language”, the schoolgirls were able to playfully encrypt their own text. Working in small groups, the girls created their own encryption method and used it to encrypt the message. Afterwards, the encrypted message was passed on to another group and they tried to decode it. This revealed some really clever ideas for encrypting content, and individual words were also converted back into legible text during decryption. Afterwards, the students mentioned that this challenge in particular had been a lot of fun for them.

After the practical exercise, the students were very curious about the presentation of different encryption methods. The principle of “end-to-end encryption” (E2EE) was explained in a small messenger comparison. After the content part, the students still had enough time to ask all kinds of questions. As a conclusion, the students received a two-part handout.

Full Agenda:
  1. (G) "Who Am I": Find information about a specific person online.
  2. (D,I): Why is data collected on the Internet in the first?
  3. (G) Find hidden trackers in smartphone apps.
  4. (I) What are cookeis and what is the GDPR?
  5. (G) "Password please": create the most secure password possible from a given password.
  6. (D,I) What are strong passwords, password managers, and two-factor authentication?
  7. (I,D) What is hacking?
  8. (G) Quiz about phishig.
  9. (G) A Different Kind of Secret Language": Working in small groups, the girls created their own encryption method and used it to encrypt the message. Afterwards, the encrypted message was passed on to another group and they tried to decode it.
  10. (I) The principle of "end-to-end encryption" (E2EE) was explained in a small messenger comparison.
  11. (D) Questions
Guide: Information (I); Discussions (D); Games (G)

SAPPAN at Leuven AI Law and Ethics Conference

Leuven AI Law and Ethics Conference (LAILEC 2021) has been held online on 25-26 March 2021. In this year’s (online) edition of the conference, the focus was on how AI and (cyber)security interplay, where they go hand in hand and where they collide. The conference aimed to discuss the role of transparency, information sharing and resilience in the data and machine learning supply chains. In particular, it explored to what extent companies would be willing to devise collaborative mitigation strategies against competing interests over valuable data assets. 


Alexey Kirichenko from F-Secure was invited as a panellist to the event. In the “AI for resilience and collaborative mitigation strategies for AI-driven response to cyber threats” session, Alexey talked about the benefits and challenges of intelligence sharing in cybersecurity and how privacy-preserving Machine Learning could alleviate some of the concerns. The SAPPAN work on data and model sharing was used as a key example of sharing approaches in the context of dynamic attack detection and response.


The talk started with historical notes on “sharing among cyber defenders”, including the issues of trust, motivation and technical means, and such challenges as sharing information about “governmental malware” and disclosing sensitive information of organizations targeted by attacks. Then the focus moved to one of the key questions in SAPPAN: since advanced attacks are often detected as anomalies via ML-based engines, how sharing can support such engines? Several forms of sharing were briefly discussed: training data, statistics, models (in particular, distributed and federated learning and ensembling approaches), sharing model predictions in the teacher-student setting. Also, options for the statistics and models sharing scope were considered, from the individual machines level to groups of machines, individual organizations, and across multiple organizations.


More information regarding this event can be found via this link.

SAPPAN at (ISC)² Chapter Switzerland

The (ISC)² Chapter Switzerland promotes the community and networks specialists for information security who are resident or working in Switzerland or who have close ties to Switzerland. The mission is to advance information security in a local community by providing our members and other security professionals with the opportunity to share knowledge, grow professionally, educate others, and collaborate on projects.


Dreamlab presented SAPPAN to an audience of information security professionals and managers in an online session of the event on the 16th of March 2021. The topics were:

  • General overview of the SAPPAN project and its goals
  • Deep dive into DGA detection and results
  • Deep dive into similarity preserving anonymization and results
  • Pitch for participation in SAPPANs End-User Committee

Call For Papers: 3rd International Workshop on Next Generation Security Operations Centers (NG-SOC 2021)


NG-SOC 2021 which is held in conjunction with the ARES 2021 Conference and takes place on August 17th, 2021 in Vienna, Austria is calling for papers.
It is organized by two H2020 projects SOCCRATES and SAPPAN.


Deadline: April 30, 2021 May 7, 2021

Author Notification: May 31, 2021
Proceedings Version: June 13, 2021

ARES EU Symposium: August 17, 2021

Conference: August 17 – August 20, 2021

Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by the introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level. 

The aim of this workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges.

We welcome submissions addressing the important challenges associated with tasks performed at SOCs.

Topics of interest include, but are not limited to:

  1. Collaborative Incident Response and Recovery
  2. Machine Learning for Security and Privacy
  3. Intrusion Detection
  4. Network Security
  5. Standardization and Sharing of Cybersecurity Knowledge
  6. Endpoint Security
  7. Privacy Aspects of Sharing in Cybersecurity 
  8. Cyber Threat Intelligence Utilization
  9. Situation Awareness and Decision Support Tools for SOC
  10. Novel Visualization Tools and Approaches for SOC
  11. Security of Machine Learning 
  12. Attacks against Deep Learning (e.g. Adversarial Examples)
  13. Malware Identification and Analysis
  14. Vulnerability Discovery
  15. Digital Forensics and Attack Attribution
  16. Natural Language Processing (NLP) for Security
  17. Threat Trend Modelling and Prediction
  18. Attack and Defence Modelling
  19. Host Behaviour Profiling 
  20. User Behaviour Analytics (UBA)
  21. Advanced Persistent Threat Detection and Analysis
  22. Security Event Fusion, Correlation and Severity Analysis

 

Submission Guidelines

 

The submission guidelines are the same as for the ARES conference. They can be found at here.
We are soliciting 6-8 page workshop papers.

 

ARES 2021 (including workshops) is published by the International Conference Proceedings Series published by ACM (ACM ICPS).
Authors of selected papers that are accepted by and presented at the ARES Conference
(including workshops) will be invited to submit an extended version to special issues of international journals.
 


Workshop Organisers

 

Irina Chiscop, TNO, Netherlands 

Tomas Jirsik, Masaryk University, Brno, Czech Republic 

Avikarsha Mandal, Fraunhofer FIT, Aachen, Germany 

Ewa Piatkowska, AIT Austrian Institute of Technology, Austria

Joint Standardisation Workshop of Dynamic Countering of Cyber-Attacks Projects

The 22nd January 2021, a joint virtual workshop entitled Joint Standardisation Workshop of Dynamic Countering of Cyber-Attacks Projects organised by CyberSANE will take place.

This workshop will unite all projects funded under the SU-ICT-01-2018 H2020 call. The objective of this event is to permit the exchange of knowledge and the elaboration of future collaborative standardisation and dissemination activities. Click here to view the workshop agenda.

A total of seven projects will participate in this workshop:
Read more about each project on their respective website.   

Project of the week

SAPPAN has been selected by cyberwatching.eu as the project of the week
(17/ 08/2020 – 21/08/2020)

SAPPAN will enable privacy-preserving federation for intrusion detection in the EU across national borders and institutional boundaries, by sharing of data and knowledge about all steps of the response cycle

More information about SAPPAN as the project of the week is available here:

https://cyberwatching.eu/projects/1807/sappan/news-events/sappan-european-approach-enable-privacy-preserving-federation-cybersecurity-incident-detection-and-handling

SOCCRATES and SAPPAN organise International Workshop on NG SOC in conjunction with ARES, August 25, 2020

Overview:

Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of the NG-SOC 2020 workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. The workshop will draw on expertise from two EU-funded H2020 projects: SAPPAN (https://sappan-project.eu/) and SOCCRATES (https://www.soccrates.eu/). Selected members of the projects’ consortia will present their research activities. The workshop will include a panel session to foster discussion on the major operational challenges that enterprises and SOC operators face and provide insights into promising research-based solutions

Project Descriptions:

The workshop is jointly organized by two H2020 projects that are funded by the European Commission:

SAPPAN project (https://sappan-project.eu/) aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery, and improved visual presentation of the process.

SOCCRATES project (https://www.soccrates.eu/) will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions, and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

Workshop Agenda (Tuesday, 25th of August 2020 | 9:00 – 17:45)


Time Talk Description  \ Duration [min]
Session 1 (Ewa Piatkowska)
90
09:00
09:05
Welcome Ewa Piatkowska
5
09:05
9:25
The SOCCRATES Project: Overview and Objectives Frank Fransen (TNO)
20
9:25
9:45
The SAPPAN Project: Overview and Objectives Avikarsha Mandal (Fraunhofer FIT)
20
9:45
10:30
Keynote: Semi-Automated Cyber Threat Intelligence (ACT) Martin Eian (Mnemonic)
45
 
10:30
11:00
Coffee break
30
 
Session 2 (Tomas Jirsik)
100
11:00
11:20
Monitoring Malicious Infrastructures to Produce Threat Intelligence Piotr Kijewski (Shadowserver)
20
11:20
11:40
Pipeline development for Automatically Generated Domain detection Irina Chiscop (TNO)
20
11:40
12:00
Leveraging Machine Learning for DGA Detection Arthur Drichel (RWTH Aachen University)
20
12:00
12:20
Knowledge Management and Anonymization Techniques in Cyber-Threat Intelligence Lasse Nitz and Mehdi Akbari Gurabi (Fraunhofer FIT)
20
12:20
12:40
Reputation Management Techniques for IP addresses, domains, and mail Mischa Obrecht and Jeroen van Meeuwen (DreamLab)
20
 
12:40
13:45
Lunch break
65
 
Session 3 (Avikarsha Mandal)
80
13:45
14:05
Host and Application Behaviour Modelling Tomas Jirsik (Masaryk University) and Sebastian Schaefer (RWTH Aachen University)
20
14:05
14:25
L-ADS: Live Anomaly Detection System Alejandro Garcia Bedoya (ATOS)
20
14:25
14:45
Adversarial Examples against Intrusion Detection Systems Ewa Piatkowska (AIT)
20
14:45
15:05
Fast and Scalable Cybersecurity Data Processing Gabriela Aumayr (HPE)
20
 
15:05
15:30
Coffee break
25
 
Session 4 (Irina Chiscop)
80
15:30
15:50
Attack Analysis with Attack Defence Graphs Erik Ringdahl (Foreseeti)
20
15:50
16:10
Attack Graph-based Courses of Action for Defense Wojciech Widel (KTH)
20
16:10
16:30
Visual Analytics for Cyber Security Data Christoph Müller and Franziska Becker (University of Stuttgart)
20
16:30
16:50
Process Launch Distribution Model Dmitry Komashinskiy, David Karpuk, Samuel Marshal and Alexey Kirichenko (Fsecure)
20
 
16:50
17:05
Coffee break
15
 
Panel Session
45
17:05
17:35
Discussion on Future Challenges for SOC Speakers: Pavel Kacha (CESNET)Sarka Pekarova (DreamLab)  and Paul Smith (AIT) Panel chair: Tomas Jirsik (Masaryk University)
30
 
17:35
17:45
Wrap up Ewa Piatkowska (AIT)
10


Workshop Website

Venue and Registration

NG-SOC 2020 workshop is organised in conjunction with the ARES 2020 conference, which this year will be held all-digital. Registration for the workshop is required and costs 40€ (Regular Attendee) or 20€ (Student attendee). The registration fee includes the entrance to all ARES & CD-MAKE conference and workshop sessions. If you want to attend, please register at https://www.ares-conference.eu/registration-all-digital-conference .

SAPPAN on Cyberwatching Project Hub

Cyberwatching.eu is the European observatory of research and innovation in the field of cybersecurity and privacy and is funded under the EU H2020 program.

It aims to contribute to a safer digital marketplace by promoting and understanding of European cutting-edge cybersecurity and privacy services which emerge from research and innovation initiatives.

SAPPAN is promoted by the project hub of Cyberwatching:
https://cyberwatching.eu/projects/1807/sappan

International Workshop on Next Generation Security Operations Centers (NG-SOC 2020)

The International Workshop on Next Generation Security Operations Centers (NG-SOC 2020) will be held on 25th to 28th of August 2020 at the University College Dublin, Dublin, Ireland.

It is a joint workshop by the consortia of SAPPAN and SOCCRATES which will be held in conjunction with the 15th International Conference on Availability, Reliability and Security (ARES 2020 – http://www.ares-conference.eu).

More information about the workshop topics, agenda and organizers has been available via the official workshop page: https://www.ares-conference.eu/workshops-eu-symposium/ng-soc-2020/