Downloaded: 2321 times
© 2021 George Doukas | Michael Kontoulis | Sotiris Pelekis | Christos Ntanos | Dimitris Askounis | Yannis Nikoloudakis | Ioannis Kefaloukos | Evangelos Pallis | Evangelos K. Markakis
Modern ICT ecosystems are complex, distributed infrastructures with multiple ingress and egress points. Countless network interactions, through different endpoints and terminals, such as IoT devices, web services, specialized appliances, etc., produce heterogeneous data with different context. This complexity and ever-increasing volume and heterogeneity of data renders the threat identification process rather difficult, or even impossible. Since traditional threat detection systems utilize only one type of data toprovide their predictions, systems that are able to ingest and analyse multiple, diverse types of data, to achieve a holistic awareness of the underlying system's status, are required to effectively fortify such infrastructures. This work, which has been conducted within the context of the EU-funded project, SPHINX, elaborates on the design and development of a Machine Learning-based distributed Situational Awareness system, that collects several diverse information from its surrounding ICT environment, such as vulnerability assessment reports, Intrusion Detection System output, etc., and produces a risk assessment, correlated with the infrastructure's assets' value and safety status, concerning possible imminent security-related situations, such as cyber-attacks.