Attacks on IT systems and IT-enabled industrial assets are becoming threatening and damaging more than ever. Organizations are faced with an increasing number of alerts on their IT systems and equipment, and spend many hours reviewing and assessing these alarms.
The goal of ARGUS, an EU-funded project (funded by the European Regional Development Fund, ERDF), is to automatically detect cyber attacks and inform the employees without an overwhelming amount of possibly false alerts. ARGUS combines various sensor data and evaluates their interaction: This includes, for example, application and system log files, DNS logs and network data. Based on external threat intelligence (eg. STIX / TAXII models) or attack models by experts, ARGUS extracts characteristics from the sensor data and aggregates them.
From the characteristics, normal network behavior is determined by unsupervised learning methods, deviations from learned normal behavior are detected and evaluated as anomalies. The assessments are trained through feedback from experts and users in a supervised learning process.
ARGUS provides asset management information to identify critical elements and evaluate attack paths.
The project is funded by the European Union and the Hamburg Investment and Development Bank Hamburg.
Associate partner: DFN CERT Services GmbH, Hamburg