{"id":1243,"date":"2021-10-01T13:24:39","date_gmt":"2021-10-01T13:24:39","guid":{"rendered":"https:\/\/sappan-project.eu\/?page_id=1243"},"modified":"2022-01-18T13:27:54","modified_gmt":"2022-01-18T13:27:54","slug":"blog-posts","status":"publish","type":"page","link":"https:\/\/sappan-project.eu\/?page_id=1243","title":{"rendered":"Blog Posts"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\n\t\t\t\t\n
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tFor security analysts, a picture may be worth more than a thousand words<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

Dmitriy Komashinskiy and Andrew Patel (WithSecure) In SAPPAN, we have developed several models for detecting anomalous events in endpoints. For example, we have built a model for identifying anomalous process launch events and a model for identifying anomalous \u201cmodule load\u201d operations. In order to increase the reliability of detections reported by the models and to…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tModeling Host Behavior in Computer Network<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

By Tomas Jirsik (Institute of Computer Science, Masaryk University) An analysis of a host behavior is an essential key for modern network management and security. A robust behavior profile enables the network managers to detect anomalies with high accuracy, predict the host behavior, or group host to clusters for better management. This blog introduces basic…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tAnalytic provenance for security operation centres<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

Robert Rapp (University of Stuttgart) An important part of incident response is still an analytical process to understand the cause of an incident and select response actions. Using therefore visualisations in security operation centres (SOC) can improve the alert triage of analysts by visual analytics to handle tons of alerts each day. Such an analysis…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tChallenges in Visualization for AI<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

By Franziska Becker (University of Stuttgart, Institute for Visualization and Interactive Systems) Artificial intelligence (AI) is one of the buzzwords that defined many conversations in the last 5-10 years. Especially in regards to technology, \u201cCan we use AI to improve our product?\u201d is not an uncommon question. With these conversations come issues concerning interpretability and…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tDatasets Quality Assessment For Machine Learning<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

By Dominik Soukup (CESNET) Have you ever heard about Machine learning (ML)? Probably yes, ML is a popular technique for network traffic classification and incident detection. However, have you ever heard about evaluating the quality of datasets (QoD)? QoD is becoming more important with deployment ML in production, and project SAPPAN contributes to this topic.…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tDetecting suspicious *.ch-domains using deep neural networks<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

By Mischa Obrecht (Dreamlab Technologies AG Switzerland) The SAPPAN consortium has been researching several different use cases for new detection methods, such as the classification of phishing websites or algorithmically generated domains (AGDs). Both topics were tackled using deep neural network classifiers, achieving good accuracy on training and validation data mostly based on the English…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t
\n \n
\n \t\n \t\n
\n \t\t\t\t

\n\t\t\tSharing of incident response playbooks<\/a>\n\t\t<\/h3>\n\t\t\t \t\t
\n\t\t\t

By Martin \u017d\u00e1dn\u00edk (CESNET) As an incident handler, have you wondered whether the way how you deal with a cybersecurity incident can be improved, how others deal with the same issues, whether the handling can be automatized? If yes, you are not alone. There is a whole community working on a standard to express incident…<\/p>\n\t\t<\/div>\n\t\t\t \t\tRead More \u00bb<\/a>\n\t\t <\/div>\n\n \t\t

\n\t\t\t\n\t\t\t\t