Swarm-intelligence for the modern ICT ecosystems

Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of d...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 23; no. 4; pp. 2951 - 2975
Main Authors Hatzivasilis, George, Lakka, Eftychia, Athanatos, Manos, Ioannidis, Sotiris, Kalogiannis, Grigoris, Chatzimpyrros, Manolis, Spanoudakis, George, Papastergiou, Spyros, Karagiannis, Stylianos, Alexopoulos, Andreas, Amelin, Dimitry, Kiefer, Stephan
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.08.2024
Springer Nature B.V
Subjects
Artificial intelligence
Coding and Information Theory
Communications Engineering
Complex systems
Computer Communication Networks
Computer Science
Critical infrastructure
Cryptology
Cybersecurity
Digitization
Effectiveness
Electronic warfare
Information systems
Intelligence gathering
Machine learning
Management of Computing and Information Systems
Networks
Operating Systems
Organizations
Real time operation
Regular Contribution
Risk assessment
Supply chains
Swarm intelligence
Threat evaluation
Drools
Swarm-inteligence
Risk assessment
Machine learning
Healthcare
Cyber threat intelligence
AutoML
Artificial intelligence
MISP
Incident handling
Online AccessGet full text

Cover

More Information
Summary:Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-024-00869-1