The SAPPAN project aims to enable efficient prevention and protection of modern ICT infrastructures via advanced data acquisition, thread analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions.

We develop a collaborative and federated scalable attack detection to support response activities and in particular, allow for timely responses to newly emerging threats supporting different privacy-levels.

Further, we define a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. We document the recovery procedures and provide processes and tools for knowledge management of incident handling within organizations, enabling the finding of similar incidents and suggesting response and recovery actions based on successful solutions in the past.

Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence which implements a combination of encryption and anonymization to achieve GDPR compliance.

Last, but not least, we will develop novel visualization techniques that assist security and IT personnel, and provide an enhanced content of context of the response and recovery, and improved visual presentation of the response and recovery process.

Publications