DiSIEM: Diversity-enhancements for Security Information and Event Management
- Research Line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
- Sponsor: EU H2020 program
- Project Number: 700692
- Total award amount: 3.45M Euros
- Coordinator: Alysson Bessani
- Partners: FCUL, City University of London (UK), EDP SA (PT), Amadeus IT Group (SP), DigitalMR Limited (UK), Fraunhofer IAIS (GE), Atos Spain SA (SP)
- Start Date: Sept. 2016
- Duration: 36 months
- Keywords: SIEMs, Diversity, Open-source intelligence, Machine learning
- Team at FCUL: Researchers including Alysson Bessani, Pedro M. Ferreira, Nuno Ferreira Neves, Ibéria Medeiros, Fernando Alves, AdrianoSerckumecka, Rui Azevedo, Ivo Vacas, Claudio Martins, Pedro Gaspar
Security Information and Event Management (SIEM) systems are a fundamental component of the ubiquitous ICT infrastructures that form the backbone of our digital society. These systems are mostly used to monitor infrastructures using many types of sensors and tools and correlate the obtained events to discover possible threats (attacks, vulnerabilities, etc.) to the organization. The DiSIEM project aims to enhance existing SIEM systems with diversity-related technology. More specifically, we want to (1) enhance the quality of events collected using a diverse set of sensors and novel anomaly detectors, (2) add support for collecting infrastructure-related information from open-source intelligence data available on diverse sources from the internet, (3) create new ways for visualising the information collected in the SIEM and provide high-level security metrics and models for improving security-related decision project, and (4) allow the use of multiple storage clouds for secure long-term archival of the raw events feed to the SIEM. Given the high costs of deployment of SIEM infrastructures, all these enhancements will be developed in a SIEM-independent way, as extensions to currently available systems, and will be validated through the deployed in three large-scale production environments.
- Adriano Serckumecka, Ibéria Medeiros, Bernardo Ferreira, Alysson Bessani, “SLiCER: Safe Long-term Cloud Event Archival”, in In Proceedings of the IEEE Pacific Rim International Symposium on Dependable Computing (PRDC), Dec. 2019.
- Luís Sacramento, Ibéria Medeiros, Jão Bota, Miguel Correia, Detecting Botnets and Unknown Network Attacks in Big Traffic Data. CRC Press, Oct. 2019, ch. 7, pp. 237–268.
- Vinicius Vielmo Cogo, Alysson Bessani, “Enabling the Efficient, Dependable Cloud-based Storage of Human Genomes”, in 1st Workshop on Distributed and Reliable Storage Systems (DRSS'19), Oct. 2019.
- Adriano Serckumecka, Ibéria Medeiros, Bernardo Ferreira, Alysson Bessani, “A Cost-Effective Cloud Event Archival for SIEMs”, in In Proceedings of the Workshop on Distributed and Reliable Storage Systems (DRSS, with SRDS 2019), Oct. 2019.
- Rui Azevedo, Ibéria Medeiros, Alysson Bessani, “PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT”, in In Proceedings of IEEE TrustCom, Aug. 2019.
- Gustavo Gonzalez-Granadillo, Rodrigo Diaz, Ibéria Medeiros, Susana Gonzalez-Zarzosa, Dawid Machnicki, “LADS: A Live Anomaly Detection System based on Machine Learning Methods”, in In Proceedings of the Workshop on Security and Cryptography (with SECRYPT 2019), Jul. 2019.
- Mario Faiella, Gustavo Gonzalez-Granadillo, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa, “Enriching Threat Intelligence Platforms Capabilities”, in In Proceedings of the International Conference on Security and Cryptography, Prague, Czech Republic (SECRYPT), Jul. 2019.
- Gustavo Gonzalez-Granadillo, Mario Faiella, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa, “Enhancing Information Sharing and Visualization Capabilities in Security Data Analytic Platforms”, in In Proceedings of the Workshop on Data-Centric on Security and Dependability (DCDS, with DSN 2019), Jun. 2019.
- Ricardo Mendes, Tiago Oliveira, Vinicius Vielmo Cogo, Nuno Ferreira Neves, Alysson Bessani, “CHARON: A Secure Cloud-of-Clouds System for Storing and Sharing Big Data”, IEEE Transactions on Cloud Computing, vol. Early Access, pp. 1–12, May 2019. 10.1109/TCC.2019.2916856
- Rui Azevedo, “Leveraging OSINT to Improve Threat Intelligence Quality”, Master’s thesis, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Jan. 2019.
- Ivo Vacas, Ibéria Medeiros, Nuno Ferreira Neves, “Detecting Network Threats using OSINT Knowledge-based IDS”, in Proceedings of the 14th European Dependable Computing Conference (EDCC), Sept. 2018.
- Rui Azevedo, Ibéria Medeiros, Alysson Bessani, “Automated Solution for Enrichment and Quality IoC Creation from OSINT”, in Proceedings of the 10th Simpósio de Informática (INForum 2018), Coimbra, Portugal, Sept. 2018.
- Luis Sacramento, Ibéria Medeiros, João Bota, Miguel Correia, “FlowHacker: Detecting Unknown Network Attacks in Big Traffic Data using Network Flows”, in Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Jul. 2018.
- Henrique Mendes, Ibéria Medeiros, Nuno Ferreira Neves, “Validating and Securing DLMS/COSEM Implementations with the ValiDLMS Framework”, in Proceedings of the Workshop on Security and Dependability of Critical Embedded Real-Time Systems (CERTS), Jun. 2018.
- Ivo Vacas, Ibéria Medeiros, “Geração Automática de Conhecimento para SDI extraído de OSINTs”, in Proceedings of the 9th Simpósio de Informática (INForum 2017), Aveiro, Portugal, Oct. 2017.
- Ivo Vacas, “Geração Automática de Conhecimento para SDI extraído de OSINTs”, Master’s thesis, Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa, Sept. 2017.
BibTeXNavigators - DiSIEM project
|Current projects:||ADMORPH, DiSIEM, SEAL, AQUAMON, UPVN, IRCoC, Xivt, Abyss|
|Past projects:||TCLOUDS, MASSIF, MAFTIA, RESIST NoE, KARYON, HIDENETS, CORTEX, CRUTIAL, TRONE, SITAN, ReD, DIVERSE, CloudFIT, READAPT, REGENESYS, RC-Clouds, TACID, DARIO, RITAS, AJECT, MICRA, DEAR-COTS, COPE, DEFEATS, MOOSCO, TOPCOM, NORTH, SUPERCLOUD, COST Action IC1402, SEGRID, BioBankCloud, PROPHECY, SAPIENT, SecFuNet, FTH-Grid, AIR-II, AIR, ESFORS, CaberNet, GODC, BROADCAST, CoDiCom, Delta-4, RAPTOR|