Novel Architecture of Security Orchestration, Automation and Response in Internet of Blended Environment

作     者：Minkyung Lee Julian Jang-Jaccard Jin Kwak 

作者机构：ISAA LabDepartment of Cyber SecurityAjou UniversitySuwon16499Korea Department of Computer Science and Information TechnologyMassey UniversityAuckland0745New Zealand Department of Cyber SecurityAjou UniversitySuwon16499Korea 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2022年第73卷第10期

页      面：199-223页

核心收录：

学科分类：1305[艺术学-设计学（可授艺术学、工学学位）] 13[艺术学] 081104[工学-模式识别与智能系统] 08[工学] 0804[工学-仪器科学与技术] 081101[工学-控制理论与控制工程] 0811[工学-控制科学与工程] 

基　　金：This work was supported by the National Research Foundation of Korea(NRF)grant funded by the Korea government(MSIT)(No.2021R1A2C2011391)and was supported by the Ajou University research fund 

主　　题：Blended threat(BT) collaborative units for blended environment(CUBE) internet of blended environment(IoBE) security orchestration,automation and response(SOAR) 

摘      要：New technologies that take advantage of the emergence of massive Internet of Things(IoT)and a hyper-connected network environment have rapidly increased in recent *** technologies are used in diverse environments,such as smart factories,digital healthcare,and smart grids,with increased security *** intend to operate Security Orchestration,Automation and Response(SOAR)in various environments through new concept definitions as the need to detect and respond automatically to rapidly increasing security incidents without the intervention of security personnel has *** facilitate the understanding of the security concern involved in this newly emerging area,we offer the definition of Internet of Blended Environment(IoBE)where various convergence environments are interconnected and the data analyzed in *** define Blended Threat(BT)as a security threat that exploits security vulnerabilities through various attack surfaces in the *** propose a novel SOAR-CUBE architecture to respond to security incidents with minimal human intervention by automating the BT response *** Security Orchestration,Automation,and Response(SOAR)part of our architecture is used to link heterogeneous security technologies and the threat intelligence function that collects threat data and performs a correlation analysis of the *** is operated under Collaborative Units of Blended Environment(CUBE)which facilitates dynamic exchanges of data according to the environment applied to the IoBE by distributing and deploying security technologies for each BT type and dynamically combining them according to the cyber kill chain stage to minimize the damage and respond efficiently to BT.