Analyzing and mitigating the threats that cyber-attacks pose on the services of a critical infrastructure is not a trivial activity. Research solutions have been developed using data about the devices used for implementing the services, services dependencies, network topology, and the vulnerabilities that can be exploited to attack the network. However, most of the proposed solutions fail to consider these aspects in an integrated fashion, allowing the user to understand global dependencies and weaknesses. This paper contributes this issue with BUCEPHALUS, a Visual Analytics solution providing a) a visual overview of the existing relationships among business functions, devices, and vulnerabilities, and b) a what-if analysis scenario, in which the user is supported on making decisions on which vulnerabilities are more appropriate to fix. BUCEPHALUS has been developed and validated within a user-centered design process involving security professionals.

BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS / Angelini, Marco; Blasilli, Graziano; Bonomi, Silvia; Lenti, Simone; Palleschi, Alessia; Santucci, Giuseppe; Paoli, Emiliano De. - (2021), pp. 15-25. (Intervento presentato al convegno 2021 IEEE Symposium on Visualization for Cyber Security (VizSec) tenutosi a New Orleans, LA, USA) [10.1109/VizSec53666.2021.00007].

BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS

Angelini, Marco
;
Blasilli, Graziano
;
Bonomi, Silvia
;
Lenti, Simone
;
Palleschi, Alessia;Santucci, Giuseppe;
2021

Abstract

Analyzing and mitigating the threats that cyber-attacks pose on the services of a critical infrastructure is not a trivial activity. Research solutions have been developed using data about the devices used for implementing the services, services dependencies, network topology, and the vulnerabilities that can be exploited to attack the network. However, most of the proposed solutions fail to consider these aspects in an integrated fashion, allowing the user to understand global dependencies and weaknesses. This paper contributes this issue with BUCEPHALUS, a Visual Analytics solution providing a) a visual overview of the existing relationships among business functions, devices, and vulnerabilities, and b) a what-if analysis scenario, in which the user is supported on making decisions on which vulnerabilities are more appropriate to fix. BUCEPHALUS has been developed and validated within a user-centered design process involving security professionals.
2021
2021 IEEE Symposium on Visualization for Cyber Security (VizSec)
Cybersecurity; Business Impact Analysis; Network Hardening; Attack graph Proactive analysis; Visual Analytics; What-if analysis
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
BUCEPHALUS: a BUsiness CEntric cybersecurity Platform for proActive anaLysis Using visual analyticS / Angelini, Marco; Blasilli, Graziano; Bonomi, Silvia; Lenti, Simone; Palleschi, Alessia; Santucci, Giuseppe; Paoli, Emiliano De. - (2021), pp. 15-25. (Intervento presentato al convegno 2021 IEEE Symposium on Visualization for Cyber Security (VizSec) tenutosi a New Orleans, LA, USA) [10.1109/VizSec53666.2021.00007].
File allegati a questo prodotto
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1603282
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact