{"id":679,"date":"2020-07-14T13:19:26","date_gmt":"2020-07-14T13:19:26","guid":{"rendered":"https:\/\/websites.fraunhofer.de\/sappan-project-eu\/?p=679"},"modified":"2022-01-17T12:53:19","modified_gmt":"2022-01-17T12:53:19","slug":"soccrates-and-sappan-organise-international-workshop-on-ng-soc-in-conjunction-with-ares-august-25-2020","status":"publish","type":"post","link":"https:\/\/sappan-project.eu\/?p=679","title":{"rendered":"SOCCRATES and SAPPAN organise International Workshop on NG SOC in conjunction with ARES, August 25, 2020"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Overview: <\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Organisations in Europe face the difficult task of detecting and \nresponding to increasing numbers of cyber-attacks and threats, given \nthat their own ICT infrastructures are complex, constantly changing \n(e.g. by introduction of new technologies) and there is a shortage of \nqualified cybersecurity experts. There is a great need to drastically \nreduce the time to detect and respond to cyber-attacks. A key means for \norganizations to stay ahead of the threat is through the establishment \nof a Security Operations Center (SOC). The primary purpose of a SOC is \nto monitor, assess and defend the information assets of an enterprise, \nboth on a technical and organizational level.<\/p>

The aim of the \nNG-SOC 2020 workshop is to create a forum for researchers and \npractitioners to discuss the challenges associated with SOC operations \nand focus on research contributions that can be applied to address these\n challenges. The workshop will draw on expertise from two EU-funded \nH2020 projects: SAPPAN (https:\/\/websites.fraunhofer.de\/sappan-project-eu\/<\/a>) and SOCCRATES (https:\/\/www.soccrates.eu\/<\/a>).\n Selected members of the projects\u2019 consortia will present their research\n activities. The workshop will include a panel session to foster \ndiscussion on the major operational challenges that enterprises and SOC \noperators face and provide insights into promising research-based \nsolutions<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Project Descriptions:<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

<\/strong><\/p>

The workshop is jointly organized by two H2020 projects that are funded by the European Commission:<\/p>

SAPPAN <\/strong>project (https:\/\/websites.fraunhofer.de\/sappan-project-eu\/<\/a>)\n aims to enable efficient protection of modern ICT infrastructures via \nadvanced data acquisition, threat analysis, and privacy-aware sharing \nand distribution of threat intelligence aimed to dynamically support \nhuman operators in response and recovery actions. The SAPPAN project \nwill develop a collaborative, federated, and scalable attack detection \nto support response activities and allow for timely responses to newly \nemerging threats supporting different privacy-levels. We plan to \nidentify a standard for the interoperable and machine-readable \ndescription of incident response reports and recovery solutions. The \nrisk assessment, privacy, and security will be addressed in the standard\n design. Results of both attack detection and recovery and response \nprocesses will be shared on a global level to achieve an advanced \nresponse and recovery via knowledge sharing and federated learning. We \ndevelop a mechanism for sharing information on threat intelligence, \nwhich implements a combination of encryption and anonymization to \nachieve GDPR compliance. Novel visualization techniques will be \ndeveloped to assist security and IT personnel and provide an enhanced \ncontent of context of the response and recovery, and improved visual \npresentation of the process.<\/p>

SOCCRATES<\/strong> project (https:\/\/www.soccrates.eu\/) will develop and implement a new security platform for Security\n Operation Centres (SOCs) and Computer Security Incident Response Teams \n(CSIRTs), that will significantly improve an organisation\u2019s capability \nto quickly and effectively detect and respond to new cyber threats and \nongoing attacks.<\/a> The SOCCRATES Platform consists of an orchestrating\n function and a set of innovative components for automated \ninfrastructure modelling, attack detection, cyber threat intelligence \nutilization, threat trend prediction, and automated analysis using \nattack defence graphs and business impact modelling to aid human \nanalysis and decision making on response actions, and enable the \nexecution of defensive actions at machine-speed. The SOCCRATES Platform \naims to enable organisations to improve the resilience of their \ninfrastructures and increase productivity and efficiency at the SOC. The\n outcomes of the project will contribute to a more secure cyberspace and\n strengthen competitiveness in the EU digital single market.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Workshop Agenda (Tuesday, 25th<\/sup> of August 2020 | 9:00 \u2013 17:45)<\/strong><\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t


<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Time<\/b><\/td>\nTalk<\/b><\/td>\nDescription  \\ Duration [min]<\/b><\/td>\n<\/tr>\n
\n
Session 1 (Ewa Piatkowska)<\/h6>\n<\/td>\n
\n
90<\/h6>\n<\/td>\n<\/tr>\n
\n
09:00<\/h6>\n<\/td>\n
\n
09:05<\/h6>\n<\/td>\n
\n
Welcome Ewa Piatkowska<\/em><\/h6>\n<\/td>\n
\n
5<\/h6>\n<\/td>\n<\/tr>\n
\n
09:05<\/h6>\n<\/td>\n
\n
9:25<\/h6>\n<\/td>\n
\n
The SOCCRATES Project: Overview and Objectives Frank Fransen (TNO)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
9:25<\/h6>\n<\/td>\n
\n
9:45<\/h6>\n<\/td>\n
\n
The SAPPAN Project: Overview and Objectives Avikarsha Mandal (Fraunhofer FIT)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
9:45<\/h6>\n<\/td>\n
\n
10:30<\/h6>\n<\/td>\n
\n
Keynote: Semi-Automated Cyber Threat Intelligence (ACT) Martin Eian (Mnemonic)<\/em><\/h6>\n<\/td>\n
\n
45<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
10:30<\/h6>\n<\/td>\n
\n
11:00<\/h6>\n<\/td>\n
\n
Coffee break<\/em><\/h6>\n<\/td>\n
\n
30<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
Session 2 (Tomas Jirsik)<\/h6>\n<\/td>\n
\n
100<\/h6>\n<\/td>\n<\/tr>\n
\n
11:00<\/h6>\n<\/td>\n
\n
11:20<\/h6>\n<\/td>\n
\n
Monitoring Malicious Infrastructures to Produce Threat Intelligence Piotr Kijewski (Shadowserver)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
11:20<\/h6>\n<\/td>\n
\n
11:40<\/h6>\n<\/td>\n
\n
Pipeline development for Automatically Generated Domain detection Irina Chiscop (TNO)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
11:40<\/h6>\n<\/td>\n
\n
12:00<\/h6>\n<\/td>\n
\n
Leveraging Machine Learning for DGA Detection Arthur Drichel (RWTH Aachen University)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
12:00<\/h6>\n<\/td>\n
\n
12:20<\/h6>\n<\/td>\n
\n
Knowledge Management and Anonymization Techniques in Cyber-Threat Intelligence Lasse Nitz <\/em>and Mehdi Akbari Gurabi (Fraunhofer FIT)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
12:20<\/h6>\n<\/td>\n
\n
12:40<\/h6>\n<\/td>\n
\n
Reputation Management Techniques for IP addresses, domains, and mail Mischa Obrecht <\/em>and <\/em>Jeroen van Meeuwen<\/i> (DreamLab)<\/em><\/h6>\n
<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
12:40<\/h6>\n<\/td>\n
\n
13:45<\/h6>\n<\/td>\n
\n
Lunch break<\/em><\/h6>\n<\/td>\n
\n
65<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
Session 3 (Avikarsha Mandal)<\/h6>\n<\/td>\n
\n
80<\/h6>\n<\/td>\n<\/tr>\n
\n
13:45<\/h6>\n<\/td>\n
\n
14:05<\/h6>\n<\/td>\n
\n
Host and Application Behaviour Modelling Tomas Jirsik<\/i> (Masaryk University) <\/em>and <\/em>Sebastian<\/i> Schaefer (RWTH Aachen University)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
14:05<\/h6>\n<\/td>\n
\n
14:25<\/h6>\n<\/td>\n
\n
L-ADS: Live Anomaly Detection System Alejandro Garcia Bedoya (ATOS)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
14:25<\/h6>\n<\/td>\n
\n
14:45<\/h6>\n<\/td>\n
\n
Adversarial Examples against Intrusion Detection Systems Ewa Piatkowska (AIT)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
14:45<\/h6>\n<\/td>\n
\n
15:05<\/h6>\n<\/td>\n
\n
Fast and Scalable Cybersecurity Data Processing Gabriela Aumayr (HPE)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
15:05<\/h6>\n<\/td>\n
\n
15:30<\/h6>\n<\/td>\n
\n
Coffee break<\/em><\/h6>\n<\/td>\n
\n
25<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
Session 4 (Irina Chiscop)<\/h6>\n<\/td>\n
\n
80<\/h6>\n<\/td>\n<\/tr>\n
\n
15:30<\/h6>\n<\/td>\n
\n
15:50<\/h6>\n<\/td>\n
\n
Attack Analysis with Attack Defence Graphs Erik Ringdahl (Foreseeti)<\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
15:50<\/h6>\n<\/td>\n
\n
16:10<\/h6>\n<\/td>\n
\n
Attack Graph-based Courses of Action for Defense Wojciech Widel (KTH)<\/em><\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
16:10<\/h6>\n<\/td>\n
\n
16:30<\/h6>\n<\/td>\n
\n
Visual Analytics for Cyber Security Data Christoph M\u00fcller and Franziska Becker (University of Stuttgart)<\/em><\/em><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
\n
16:30<\/h6>\n<\/td>\n
\n
16:50<\/h6>\n<\/td>\n
\n
Process Launch Distribution Model Dmitry Komashinskiy, David Karpuk, Samuel Marsha<\/i>l and Alexey Kirichenko (Fsecure)<\/i><\/h6>\n<\/td>\n
\n
20<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
16:50<\/h6>\n<\/td>\n
\n
17:05<\/h6>\n<\/td>\n
\n
Coffee break<\/em><\/h6>\n<\/td>\n
\n
15<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
Panel Session<\/h6>\n<\/td>\n
\n
45<\/h6>\n<\/td>\n<\/tr>\n
\n
17:05<\/h6>\n<\/td>\n
\n
17:35<\/h6>\n<\/td>\n
\n
Discussion on Future Challenges for SOC Speakers:<\/em> Pavel Kacha (CESNET)<\/em>, Sarka Pekarova (DreamLab)<\/em>  and Paul Smith (AIT)<\/em> Panel chair: Tomas Jirsik (Masaryk University)<\/em><\/h6>\n<\/td>\n
\n
30<\/h6>\n<\/td>\n<\/tr>\n
 <\/td>\n<\/tr>\n
\n
17:35<\/h6>\n<\/td>\n
\n
17:45<\/h6>\n<\/td>\n
\n
Wrap up Ewa Piatkowska (AIT)<\/em><\/h6>\n<\/td>\n
\n
10<\/h6>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n


<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Workshop Website<\/strong><\/p>

NG-SOC 2020<\/a><\/blockquote><\/div><\/figure>

Venue and Registration<\/strong><\/p>

NG-SOC\n 2020 workshop is organised in conjunction with the ARES 2020 \nconference, which this year will be held all-digital. Registration for \nthe workshop is required and costs 40\u20ac (Regular Attendee) or 20\u20ac \n(Student attendee). The registration fee includes the entrance to all \nARES & CD-MAKE conference and workshop sessions. If you want to \nattend, please register at https:\/\/www.ares-conference.eu\/registration-all-digital-conference<\/a> .<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

Overview: Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to…<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[19],"tags":[],"coauthors":[10],"class_list":["post-679","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/posts\/679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=679"}],"version-history":[{"count":12,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/posts\/679\/revisions"}],"predecessor-version":[{"id":1112,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=\/wp\/v2\/posts\/679\/revisions\/1112"}],"wp:attachment":[{"href":"https:\/\/sappan-project.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=679"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/sappan-project.eu\/index.php?rest_route=%2Fwp%2Fv2%2Fcoauthors&post=679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}