Advisory Board Announcement

We are pleased to introduce 4 authorities who will establish the new SAPPAN Advisory Board.

  1. Prof. Dr. Thorsten Holz (Ruhr-Uni­ver­si­ty Bo­chum, Ger­ma­ny)
  2. Dr. Yoan Miche (Nokia Bell Labs, Finland)
  3. Prof. Dr. Jörn Kohlhammer (Fraunhofer IGD, TU Darmstadt, Germany)
  4. Dr. Arthur Schmidt (Federal Office for Information Security “BSI”, Germany)

In each case, the role on our advisory board formalises a long exchange of ideas. The backgrounds and experiences of the SAPPAN advisors will bring a significant opportunity to improve the research results and the progress of the SAPPAN Project.

We would like to welcome them to the SAPPAN Advisory Board and thank them for their work in advance!

SAPPAN mid-term review update

SAPPAN mid-term review finished successfully last week.
Due to the COVID situation, the review meeting was organised online by the EU commission on Dec 3.  We have received positive feedback on our progress from our reviewers.
We will receive detailed feedback in January and will continue the progress of the project based on the comments.

We want to thank the EU Commission and the reviewers again for their encouragement and support.

Project of the week

SAPPAN has been selected by cyberwatching.eu as the project of the week
(17/ 08/2020 – 21/08/2020)

SAPPAN will enable privacy-preserving federation for intrusion detection in the EU across national borders and institutional boundaries, by sharing of data and knowledge about all steps of the response cycle

More information about SAPPAN as the project of the week is available here:

https://cyberwatching.eu/projects/1807/sappan/news-events/sappan-european-approach-enable-privacy-preserving-federation-cybersecurity-incident-detection-and-handling

SOCCRATES and SAPPAN organise International Workshop on NG SOC in conjunction with ARES, August 25, 2020

Overview:

Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of the NG-SOC 2020 workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. The workshop will draw on expertise from two EU-funded H2020 projects: SAPPAN (https://websites.fraunhofer.de/sappan-project-eu/) and SOCCRATES (https://www.soccrates.eu/). Selected members of the projects’ consortia will present their research activities. The workshop will include a panel session to foster discussion on the major operational challenges that enterprises and SOC operators face and provide insights into promising research-based solutions

Project Descriptions:

The workshop is jointly organized by two H2020 projects that are funded by the European Commission:

SAPPAN project (https://websites.fraunhofer.de/sappan-project-eu/) aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery, and improved visual presentation of the process.

SOCCRATES project (https://www.soccrates.eu/) will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions, and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

Workshop Agenda (Tuesday, 25th of August 2020 | 9:00 – 17:45)


Time Talk Description  \ Duration [min]
Session 1 (Ewa Piatkowska)
90
09:00
09:05
Welcome Ewa Piatkowska
5
09:05
9:25
The SOCCRATES Project: Overview and Objectives Frank Fransen (TNO)
20
9:25
9:45
The SAPPAN Project: Overview and Objectives Avikarsha Mandal (Fraunhofer FIT)
20
9:45
10:30
Keynote: Semi-Automated Cyber Threat Intelligence (ACT) Martin Eian (Mnemonic)
45
 
10:30
11:00
Coffee break
30
 
Session 2 (Tomas Jirsik)
100
11:00
11:20
Monitoring Malicious Infrastructures to Produce Threat Intelligence Piotr Kijewski (Shadowserver)
20
11:20
11:40
Pipeline development for Automatically Generated Domain detection Irina Chiscop (TNO)
20
11:40
12:00
Leveraging Machine Learning for DGA Detection Arthur Drichel (RWTH Aachen University)
20
12:00
12:20
Knowledge Management and Anonymization Techniques in Cyber-Threat Intelligence Lasse Nitz and Mehdi Akbari Gurabi (Fraunhofer FIT)
20
12:20
12:40
Reputation Management Techniques for IP addresses, domains, and mail Mischa Obrecht and Jeroen van Meeuwen (DreamLab)
20
 
12:40
13:45
Lunch break
65
 
Session 3 (Avikarsha Mandal)
80
13:45
14:05
Host and Application Behaviour Modelling Tomas Jirsik (Masaryk University) and Sebastian Schaefer (RWTH Aachen University)
20
14:05
14:25
L-ADS: Live Anomaly Detection System Alejandro Garcia Bedoya (ATOS)
20
14:25
14:45
Adversarial Examples against Intrusion Detection Systems Ewa Piatkowska (AIT)
20
14:45
15:05
Fast and Scalable Cybersecurity Data Processing Gabriela Aumayr (HPE)
20
 
15:05
15:30
Coffee break
25
 
Session 4 (Irina Chiscop)
80
15:30
15:50
Attack Analysis with Attack Defence Graphs Erik Ringdahl (Foreseeti)
20
15:50
16:10
Attack Graph-based Courses of Action for Defense Wojciech Widel (KTH)
20
16:10
16:30
Visual Analytics for Cyber Security Data Christoph Müller and Franziska Becker (University of Stuttgart)
20
16:30
16:50
Process Launch Distribution Model Dmitry Komashinskiy, David Karpuk, Samuel Marshal and Alexey Kirichenko (Fsecure)
20
 
16:50
17:05
Coffee break
15
 
Panel Session
45
17:05
17:35
Discussion on Future Challenges for SOC Speakers: Pavel Kacha (CESNET)Sarka Pekarova (DreamLab)  and Paul Smith (AIT) Panel chair: Tomas Jirsik (Masaryk University)
30
 
17:35
17:45
Wrap up Ewa Piatkowska (AIT)
10


Workshop Website

Venue and Registration

NG-SOC 2020 workshop is organised in conjunction with the ARES 2020 conference, which this year will be held all-digital. Registration for the workshop is required and costs 40€ (Regular Attendee) or 20€ (Student attendee). The registration fee includes the entrance to all ARES & CD-MAKE conference and workshop sessions. If you want to attend, please register at https://www.ares-conference.eu/registration-all-digital-conference .

SAPPAN on Cyberwatching Project Hub

Cyberwatching.eu is the European observatory of research and innovation in the field of cybersecurity and privacy and is funded under the EU H2020 program.

It aims to contribute to a safer digital marketplace by promoting and understanding of European cutting-edge cybersecurity and privacy services which emerge from research and innovation initiatives.

SAPPAN is promoted by the project hub of Cyberwatching:
https://cyberwatching.eu/projects/1807/sappan

International Workshop on Next Generation Security Operations Centers (NG-SOC 2020)

The International Workshop on Next Generation Security Operations Centers (NG-SOC 2020) will be held on 25th to 28th of August 2020 at the University College Dublin, Dublin, Ireland.

It is a joint workshop by the consortia of SAPPAN and SOCCRATES which will be held in conjunction with the 15th International Conference on Availability, Reliability and Security (ARES 2020 – http://www.ares-conference.eu).

More information about the workshop topics, agenda and organizers has been available via the official workshop page: https://www.ares-conference.eu/workshops-eu-symposium/ng-soc-2020/



Social Media

In order to show presence on social media, a twitter account (link: https://twitter.com/SAPPAN_H2020) has been created to provide public updates about the project progress of SAPPAN.

Enabling communication with other cybersecurity projects and increasing the visibility of SAPPAN to the domain experts and potential stakeholders is one of the goals of having social media accounts.

SAPPAN-SOCCRATES Networking Event

A networking event between the consortia of SAPPAN and SOCCRATES was held on the 21st of January at F-Secure’s headquarter in Helsinki. SOCCRATES is another EU H2020 funded project which has a close synergy with SAPPAN. F-Secure is a consortium member of both projects. The event was held during the SAPPAN internal ML-Focused Workshop which was held from 20th to 21st of January 2020. Around 35 members of SAPPAN and SOCCRATES participated in this event, coming from different research institutes and industry partners.

The event agenda was:
Introduction of SOCCRATES: insight, roadmap, and goals
Introduction of SAPPAN: insight, roadmap, and goals
Brief introduction of each (SAPPAN / SOCCRATES) project partner

The meeting continued by a discussion on the assessment of cooperation and collaboration between these two EU H2020 projects with strong synergy. These discussions lead to an agreement on having a joint workshop. Further information about the workshop will be announced later.

SAPPAN at 58th TF-CSIRT Meeting

SAPPAN main ideas and concepts have been introduced at the 58th TF-CSIRT Meeting at Paphos, Cyprus.

TF-CSIRT is a task force that promotes collaboration and coordination between CSIRTs in Europe and neighbouring regions, whilst liaising with relevant organisations at the global level and in other regions. These facts make the TF-CSIRT’s community potential target users of the SAPPAN platform.

We received several feedbacks from the audience, which help us to steer the project in the right way. We promoted the web site to stay in contact with the community. We are looking forward to more useful insights from the community.