Cerebro: A Platform for Collaborative Incident Response and Investigation

Anne Connell , Tadeusz Pałko , Hasan Yasar

Abstract

Today's incident response training, architectures, and methodologies are all built upon disconnected siloes of domain expertise, but attacks upon an organization's critical information systems are not done in a disjointed way. Attacks on critical information systems and infrastructure are not solely network, or malware, or single disks; they are coordinated, large-scale multisite attacks done in an organized manner. With the increase in frequency and sophistication of these attacks, it is not enough to rely on intrusion detection systems, trusted IT staff, or organizational information security divisions. The velocity of a cyber attack should be met with an equally coordinated response. There is a need to develop a platform that enables responders to establish trust and develop an effective collaborative response plan and investigation process across multiple organizations and legal bodies to track adversaries, mitigate the threat, get critical systems back online, and pursue legal action against the offenders. In this work we propose such a platform for efficient collaboration. Our work is informed by our practices in supporting law enforcement organizations dealing with large-scale distributed attacks on critical information systems and infrastructure and by an examination of Stuxnet, a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities. Based on these experiences of operational support, the authors propose Cerebro, an Extensible Large-Scale Analysis Platform designed to fuse structured domain specific information, decision support, and collaboration in an automated fashion, to effectively detect and respond to such attacks.
Author Anne Connell
Anne Connell,,
-
, Tadeusz Pałko (FM / IMBE)
Tadeusz Pałko,,
- The Institute of Metrology and Biomedical Engineering
, Hasan Yasar
Hasan Yasar,,
-
Pages241-245
Publication size in sheets0.5
Book Proceedings 2013 IEEE International Conference on Technologies for Homeland Security (HST), 2013, IEEE, ISBN 978-1-4799-1535-4
DOIDOI:10.1109/THS.2013.6699007
URL http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6699007&tag=1
Languageen angielski
Score (nominal)15
Score sourceconferenceIndex
ScoreMinisterial score = 10.0, 29-05-2020, BookChapterMatConfByIndicator
Ministerial score (2013-2016) = 15.0, 29-05-2020, BookChapterMatConfByIndicator
Publication indicators WoS Citations = 1; GS Citations = 1.0
Citation count*1 (2015-02-24)
Cite
Share Share

Get link to the record


* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.
Back
Confirmation
Are you sure?