4th International Workshop on Next Generation Security Operations Centers (NG-SOC 2022)

We are proud to announce the 4th International Workshop on Next Generation Security Operations Centers (NG-SOC 2022) to be held in conjunction with the 17th International Conference on Availability, Reliability and Security (ARES 2022 – http://www.ares-conference.eu) on August 23, 2022.


This year, the workshop is jointly organized by three projects that are funded by the European Commission: SOCCRATES, SAPPAN, and CyberSEAS.



Organizations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by the introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of this workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. Through cooperation among European projects, the workshop intends to provide a more comprehensive overview of the promising research-based solutions that enable timely response to emerging threats and support different aspects of the security analysis and recovery process.




SOCCRATES will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

More information: https://www.soccrates.eu/


SAPPAN project aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery and improved visual presentation of the process.

More information: https://sappan-project.eu/


CyberSEAS (Cyber Securing Energy dAta Services) project aims to improve the resilience of energy supply chains, protecting them from disruptions that exploit the enhanced interactions and extended involvement models of stakeholders and consumers in complex attack scenarios, characterised by the presence of legacy systems and the increasing connectivity of data feeds. The project has three strategic objectives: 1) countering the cyber risks related to highest impact attacks against EPES; 2) protecting consumers against personal data breaches and attacks; and 3) increasing the security of the Energy Common Data Space. CyberSEAS will deliver an extendable ecosystem of many customisable security solutions providing effective support for key activities, and in particular: risk assessment; interaction with end devices; secure development and deployment; real-time security monitoring; skills improvement and awareness; certification, governance and cooperation.

More information: https://cyberseas.eu/


For more information about the event, please check: https://www.ares-conference.eu/workshops-eu-symposium/ng-soc-2022/

F-Secure becomes WithSecure

One of the SAPPAN consortium members, F-Secure decided to perform a de-merger and split into two companies. F-Secure confirmed the process of rebranding on the 22nd of March 2022. From that time, the corporate security business of F-Secure has relaunched as a new brand that shares the company’s new name WithSecure™.

This was a business decision to optimize customer relationships, improve focus and be more transparent with respect to the performance promise [2].

Thus, as we were a partner with F-Secure business, we exchanged F-Secure logos and information with WithSecure ones and are now official partners with WithSecure.

Final SAPPAN event

 SAPPAN is a Horizon 2020 project funded by the European Commission to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, visualisation, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in incident management. We are also very happy to introduce our keynote speaker Mikko Hyppönen (https://mikko.com/), who will give a talk on “STATE OF THE NET”, followed by presentations about selected key results of SAPPAN. 

The event will take place virtually (Zoom) on Monday 4.04.2022, 14:00 – 16:30 (CEST). We are looking forward to your participation.

Event Agenda






Fraunhofer FIT


Keynote: State of the NET

Mikko Hyppönen (F-Secure) 

14:35- 15:00

Sharing New Type of Threat Intelligence and SAPPAN Standardisation

Martin Zadnik (CESNET) 


SAPPAN Innovations in DGA Detection

Arthur Drichel (RWTH University),

 Hugo Hromic (HPE Ireland)


Coffee Break

15:35 – 16:00

Response Recommendation and Automation

David Karpuk (F-Secure),

Martin Laštovička (Masaryk University), Mischa Obrecht (Dreamlab

16:00 – 16:25

Opportunities for Visualisation Support in CyberSecurity

Robert Rapp, Franziska Becker (University of Stuttgart)

16:25- 16:30

Wrap Up

Meeting Details


Topic: Final SAPPAN event
Time: Apr 4, 2022 02:00 PM Prague Bratislava

Join Zoom Meeting

Meeting ID: 981 7699 6869
One tap mobile
+420228882388,,98176996869# Czech Republic
+420239018272,,98176996869# Czech Republic

Dial by your location
        +420 2 2888 2388 Czech Republic
        +420 2 3901 8272 Czech Republic
        +420 5 3889 0161 Czech Republic
Meeting ID: 981 7699 6869
Find your local number:

Kenote speaker:

Mikko Hypponen is a global security expert. He has worked at F-Secure since 1991.
Mr. Hypponen has written on his research for the New York Times, Wired and Scientific American and he appears frequently on international TV. He has lectured at the universities of Stanford, Oxford and Cambridge.
He was selected among the 50 most important people on the web by the PC World magazine and was included in the FP Global 100 Thinkers list.
Mr. Hypponen sits in the advisory boards of t2 and Social Safeguard.

Technical speakers:

Franziska studied cognitive science and computer science at the
University of Osnabrück before joining the visualization institute (VIS) at the
University of Stuttgart as a PhD. Her main research topics include
visualization for explainable artificial intelligence as well as sensemaking
and decision making with visualization.

Arthur Drichel received the B.Sc. and M.Sc. degrees in Computer
Science from RWTH Aachen University.
He is a researcher at the Research Group IT-Security at RWTH Aachen University.
His research interests lie primarily in the areas of intrusion detection
systems, machine learning, and privacy enhancing technologies.

Martin Laštovička obtained his Ph.D. in Informatics at the Faculty of Informatics, Masaryk University, Czech Republic, and currently works as the head of the cybersecurity operations group in CSIRT-MU. His research topic lies in network traffic analysis and practical applications of machine learning to build Cyber Situational Awareness through the identification of network entities and their relationships. His focus is to apply research outputs to real-world data and enhance operations of the CSIRT-MU team.
Robert Rapp is a PhD Student at the Visualisation and Interactive Systems Institute (VIS) at the University of Stuttgart.  
After graduating with a degree in business informatics, he started his research in visual cyber analytics. As part of the Horizon 2020 project EU: SAPPAN his current work focuses on visual analysis of endpoint sensor data and analytical provenance in web interfaces.
Martin Zadnik is a deputy leader at the department of tools for network security  and administration at CESNET a.l.e. He has been a project leader in many national and contributor to many European projects related to network security, cyber threat intelligence, and network monitoring at high speeds. He cooperates with both public and commercial sectors in research and innovation of network cybersecurity concepts and their implementation into open-source tools or products.
Dr. David Karpuk is Senior Data Scientist at F-Secure, focusing on applications of machine learning and artificial intelligence to the construction of algorithms for cyberattack detection and response systems. He received his Ph.D. in Mathematics from the University of Maryland, College Park in 2012, and was previously a Postdoctoral Researcher at Aalto University in the Algebra, Number Theory, and Applications research group in the Department of Mathematics and Systems Analysis. After his postdoctoral work, he subsequently served as Assistant Professor in the Department of Mathematics at Universidad de los Andes, Colombia.  David was previously the recipient of an Academy of Finland Postdoctoral Researcher grant, as well as a Postdoctoral Researcher grant from the Magnus Ehrnrooth Foundation.

Additional materials:

You can download a flyer to this event here.
Futhermore, here you can download the calendar event with the invitation link.

2nd Joint Workshop – Dynamic Countering of Cyber-attacks | Achievements and Standardisation

After the results of first edition of the workshop back in 2021 was successful, SAPPAN will participate in the 2nd Joint Workshop–Dynamic countering of cyber-attacks, , organised by the CyberSANE projectand this time supported by the FIWARE FoundationThe participating projects are: SAPPANSOCCRATESC4IIoTCARAMELGUARD,  and SIMARGL

The workshop aims to gather the projects from the SU-ICT-01-2018 H2020 call, whose main topic is Dynamic countering of cyber-attacks, to share the main progress of the project, create synergies and set a common ground for standardisation activities, with guest speakers from Concordia project, ENISA, and StandICTMoreover, experts representing each project will discuss the different approaches to the common problem of attack detection and situational awareness in different environments.The workshop will be held online between 9:00 and 16:00CET on the February 8th 2022.

More information about the event can be found on the registration page. 

Attending this event is free of charge, however, registration is required.

Slush 2021

SAPPAN was presented with Project BLACKFIN at ECSO organised “Cyber Investor Days”, Slush 2021 🙂

Read more here.

HPE WiS group (Women in Security) Webinar

This webinar is organised by the CodePlus project. This project is organised by the National University of Ireland Galway (NUIG), Dublin City University (DCU) and the University of Limerick (UL) with the following goals:

  • Offer purposefully designed coding workshops (20 hours in duration) to cohorts of female students. The workshops used a collaborative approach to teaching & learning which has proved effective in helping learners engage with CS and more general 21st-century skills. Due to COVID-19 restrictions, both face-to-face and online modes of delivery were available.
  • Collaborate with tech companies to organise interactive webinars for students to engage with female IT professionals.
  • Work with tech companies to organise visits, for students, to company offices for tours and talks with female IT professionals (subject to COVID restrictions).

On December 9, 2021, there was a Webinar presented by the Women in Security (WiS) group at HPE for secondary school girls. Gabriela Aumayr (HPE/SAPPAN) talked about her professional paths toward Computer Science careers, including her involvement with the SAPPAN project.

The event saw attendance from about 200 secondary school girls from the west coast of Ireland. The talks were very well received, and the organisers suggested there might be a similar event with new schools next year (2022).

RWTH open-sourced results

The research group IT-Security published  EXPLAIN as part of SAPPAN works.
It is 
a classification system and library using random forests to perform multiclass classification of malware families that utilize domain generation algorithms (DGAs).
Furthermore, they open-sourced the phishing certificate classification pipeline here.

Joint SOCCRATES-SAPPAN webinar: Detecting DGA related threats

28/09/2021 15.30-17.00 CEST

To sustain their criminal activity, operators of botnets often employ so called Domain Generation Algorithms (DGAs) that rotate Command and Control (C2) domains at great pace. Blocking or seizing such dynamic and random looking C2 domains is a major challenge for defenders and law enforcement. In this joint theme session, EU research projects SAPPAN and SOCCRATES will explain the nature and magnitude of the DGA problem and present some of the novel techniques that they are pursuing to combat DGAs more effectively. The session will include a demonstration of the “DGA Detective” solution that was developed by the SOCCRATES project and an overview of both academic and operational (real life) impact that the projects have achieved to date.

Session program:
1. Welcome and introduction
2. Brief introduction to SAPPAN and SOCCRATES projects
3. Understanding Domain Generation Algorithms (DGAs)
4. DGA detection and classification with the DGA Detective
5. SAPPAN innovation in DGA detection
6. Impact achieved in combating DGAs
7. Q&A

To register go here and select Theme session: Detecting DGA related threats.

Agenda of the NG-SOC 2021 workshop

NG-SOC workshop 2021 is jointly organized by SAPPAN and Soccrates H2020 EU projects. The workshop will be held on August 17 in conjunction with the 16th International Conference on Availability, Reliability and Security. The detailed program is available here: https://www.ares-conference.eu/conference-2021/detailed-program/

Also, you can download the NG-SOC 2021 workshop Agenda here: NG-SOC-2021_Agenda

To attend the workshop, registration for the ARES conference is required: https://www.ares-conference.eu/registration-all-digital-conference/

SECRYPT 2021 conference

At the beginning of July, the SECRYPT 2021 conference took place, which we were pleased to attend. We revealed there our current research on network traffic analysis using a graph database and discussed our future plans. SECRYPT is an annual international conference covering research in information and communication security. The 18th International Conference on Security and Cryptography (SECRYPT 2021) has submissions from academia, industry, and government presenting novel research on all theoretical and practical aspects of data protection, privacy, security, and cryptography. The conference also included research papers describing the application of security technology, systems implementation, advanced prototypes, and lessons learned.

Milan Cermak from Masaryk University presented the paper GRANEF: Utilization of a Graph Database for Network Forensics. This article described the new network traffic analysis toolkit that eases understanding the information in captured network traffic, extraction of the necessary data, and incident investigations. To allow this, we store network events in a graph database as associations. This approach follows the typical way of human thinking and perception of the characteristics of the surrounding world. The main advantage is the connection of exploratory analysis of network traffic data with results visualization allowing analysts to easily go through the acquired knowledge and visually identify interesting network traffic.

If you are interested in this topic, check the paper or the attached poster. You can also check out the short presentation where we summarized the paper and our results.