PORTO @ Archivio Istituzionale della Ricerca

This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.

A Model for Automated Cybersecurity Threat Remediation and Sharing / Settanni, F; Regano, L; Basile, C; Lioy, A. - STAMPA. - (2023), pp. 492-497. (Intervento presentato al convegno 2023 IEEE 9th International Conference on Network Softwarization (NetSoft) tenutosi a Madrid (Spain) nel June 19-23, 2023) [10.1109/NetSoft57336.2023.10175486].

A Model for Automated Cybersecurity Threat Remediation and Sharing

Settanni, F;Regano, L;Basile, C;Lioy, A
2023

Abstract

This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.
2023
979-8-3503-9980-6
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
torsec_netsoft_2023_06.pdf

accesso aperto

Tipologia: 2. Post-print / Author's Accepted Manuscript
Licenza: PUBBLICO - Tutti i diritti riservati
Dimensione 120.91 kB
Formato Adobe PDF
Visualizza/Apri
120.91 kB Adobe PDF Visualizza/Apri
A_Model_for_Automated_Cybersecurity_Threat_Remediation_and_Sharing.pdf

non disponibili

Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Non Pubblico - Accesso privato/ristretto
Dimensione 184.83 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
184.83 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2982940