20. An Intuitive Distributed Cyber Situational Awareness Framework Within a Healthcare Environment

By George Doukas, School of Electrical & Computer Engineering, National Technical University of Athens Athens, Greece | Michael Kontoulis, School of Electrical & Computer Engineering, National Technical University of Athens Athens, Greece | Sotiris Pelekis, School of Electrical & Computer Engineering, National Technical University of Athens Athens, Greece | Christos Ntanos, School of Electrical & Computer Engineering, National Technical University of Athens Athens, Greece | Dimitris Askounis, School of Electrical & Computer Engineering, National Technical University of Athens Athens, Greece | Yannis Nikoloudakis, Dept. of Electrical & Computer Engineering, Hellenic Mediterranean University, Greece | Ioannis Kefaloukos, Dept. of Electrical & Computer Engineering, Hellenic Mediterranean University, Greece | Evangelos Pallis, Dept. of Electrical & Computer Engineering, Hellenic Mediterranean University, Greece | Evangelos K. Markakis, Dept. of Electrical & Computer Engineering, Hellenic Mediterranean University, Greece

Downloaded: 269 times

Published: 15 Sep 2021

© 2021 George Doukas | Michael Kontoulis | Sotiris Pelekis | Christos Ntanos | Dimitris Askounis | Yannis Nikoloudakis | Ioannis Kefaloukos | Evangelos Pallis | Evangelos K. Markakis

Abstract

Modern ICT ecosystems are complex, distributed infrastructures with multiple ingress and egress points. Countless network interactions, through different endpoints and terminals, such as IoT devices, web services, specialized appliances, etc., produce heterogeneous data with different context. This complexity and ever-increasing volume and heterogeneity of data renders the threat identification process rather difficult, or even impossible. Since traditional threat detection systems utilize only one type of data toprovide their predictions, systems that are able to ingest and analyse multiple, diverse types of data, to achieve a holistic awareness of the underlying system's status, are required to effectively fortify such infrastructures. This work, which has been conducted within the context of the EU-funded project, SPHINX, elaborates on the design and development of a Machine Learning-based distributed Situational Awareness system, that collects several diverse information from its surrounding ICT environment, such as vulnerability assessment reports, Intrusion Detection System output, etc., and produces a risk assessment, correlated with the infrastructure's assets' value and safety status, concerning possible imminent security-related situations, such as cyber-attacks.