TY - JOUR
T1 - Introducing the CYSAS-S3 Dataset for Operationalizing a Mission-Oriented Cyber Situational Awareness
AU - Medenou Choumanof, Roumen Daton
AU - Llopis Sanchez, Salvador
AU - Calzado Mayo, Victor Manuel
AU - Garcia Balufo, Miriam
AU - Páramo Castrillo, Miguel
AU - González Garrido, Francisco José
AU - Luis Martinez, Alvaro
AU - Nevado Catalán, David
AU - Hu, Ao
AU - Rodríguez-Bermejo, David Sandoval
AU - Pasqual de Riquelme, Gerardo Ramis
AU - Sotelo Monge, Marco Antonio
AU - Berardi, Antonio
AU - De Santis, Paolo
AU - Torelli, Francesco
AU - Maestre Vidal, Jorge
N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.
PY - 2022/7/7
Y1 - 2022/7/7
N2 - The digital transformation of the defence sector is not exempt from innovative requirements and challenges, with the lack of availability of reliable, unbiased and consistent data for training automatisms (machine learning algorithms, decision-making, what-if recreation of operational conditions, support the human understanding of the hybrid operational picture, personnel training/education, etc.) being one of the most relevant gaps. In the context of cyber defence, the state-of-the-art provides a plethora of data network collections that tend to lack presenting the information of all communication layers (physical to application). They are synthetically generated in scenarios far from the singularities of cyber defence operations. None of these data network collections took into consideration usage profiles and specific environments directly related to acquiring a cyber situational awareness, typically missing the relationship between incidents registered at the hardware/software level and their impact on the military mission assets and objectives, which consequently bypasses the entire chain of dependencies between strategic, operational, tactical and technical domains. In order to contribute to the mitigation of these gaps, this paper introduces CYSAS-S3, a novel dataset designed and created as a result of a joint research action that explores the principal needs for datasets by cyber defence centres, resulting in the generation of a collection of samples that correlate the impact of selected Advanced Persistent Threats (APT) with each phase of their cyber kill chain, regarding mission-level operations and goals.
AB - The digital transformation of the defence sector is not exempt from innovative requirements and challenges, with the lack of availability of reliable, unbiased and consistent data for training automatisms (machine learning algorithms, decision-making, what-if recreation of operational conditions, support the human understanding of the hybrid operational picture, personnel training/education, etc.) being one of the most relevant gaps. In the context of cyber defence, the state-of-the-art provides a plethora of data network collections that tend to lack presenting the information of all communication layers (physical to application). They are synthetically generated in scenarios far from the singularities of cyber defence operations. None of these data network collections took into consideration usage profiles and specific environments directly related to acquiring a cyber situational awareness, typically missing the relationship between incidents registered at the hardware/software level and their impact on the military mission assets and objectives, which consequently bypasses the entire chain of dependencies between strategic, operational, tactical and technical domains. In order to contribute to the mitigation of these gaps, this paper introduces CYSAS-S3, a novel dataset designed and created as a result of a joint research action that explores the principal needs for datasets by cyber defence centres, resulting in the generation of a collection of samples that correlate the impact of selected Advanced Persistent Threats (APT) with each phase of their cyber kill chain, regarding mission-level operations and goals.
KW - advanced persistent threats
KW - cyber defence
KW - cyber situational awareness
KW - dataset
KW - decision-making
KW - advanced persistent threats
KW - cyber defence
KW - cyber situational awareness
KW - dataset
KW - decision-making
UR - https://www.mendeley.com/catalogue/3b33636f-ac1f-37fb-b7f2-13e01f09558b/
U2 - 10.3390/s22145104
DO - 10.3390/s22145104
M3 - Artículo (Contribución a Revista)
C2 - 35890786
AN - SCOPUS:85135136960
SN - 1424-8220
VL - 22
SP - 5104
JO - Sensors (Basel, Switzerland)
JF - Sensors (Basel, Switzerland)
IS - 14
M1 - 14
ER -