Rodrigo Campiolo

A high number of cyber security alerts are shared every second in different medias like forums, mail lists, and online social networks. The flood of alerts complicates the network administrator’s job, since not all cyber security alerts are important for his/her specific environment. Thus, recommender system techniques could be properly used to filter cyber security alerts based on network administrator ratings and preferences. This paper presents a collaboration model to recommend cyber security alerts for network administrators, helping them to focus on the relevant alerts. To evaluate the model, an offline experiment is executed. Partial results showed that our model can be used to recommend cyber security alerts.

The Internet contains vast amounts of data; consequently, hindering information retrieval. Resources, such as the National Vulnerability Database (NVD), have emerged to remedy this situation. Organizations largely depend on the NVD in order to disclose vulnerabilities and collaborate towards a solution. However, there has been evidence that other sources are disclosing vulnerabilities more efficiently and rapidly. The objective of this paper is to evaluate vulnerability disclosure delays from the NVD in order to state its efficiency. Among several findings, we observed that the majority of vulnerabilities are delayed within 1-7 days. Based on these results, we provide recommendations for those who currently rely only on NVD, such as IoT manufacturers and developers.

A grande quantidade de trafego na Internet e as novas aplicacoes responsaveis por aumentar a heterogeneidade na rede, como aquelas voltadas para cidades inteligentes e Internet das Coisas, representam um desafio para as ferramentas usadas com o objetivo de proteger as organizacoes contra ciberameacas. Este resumo estendido apresenta uma arquitetura, baseada em ferramentas e tecnicas para analise de big data, capaz de detectar ciberameacas em cenarios onde muitos logs heterogeneos sao gerados em curtos intervalos de tempo por diversas aplicacoes e servicos em rede. Experimentos preliminares mostraram que um prototipo baseado na arquitetura obteve uma taxa de acertos de 98% na deteccao de 3 tipos de ataques.