EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises

Francisco Jesús Rubio Melón, Teemu Uolevi Väisänen, Mauno Pihelgas

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientific

    5 Citations (Scopus)

    Abstract

    We present a new situation awareness visualisation tool, the Events Visualisation Environment (EVE), and its internal events aggregator module, the Advanced Data Aggregation Module (ADAM), which have been successfully used during the most recent cyber exercises (i.e., Locked Shields and Crossed Swords) organised by the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE).
    The functional requirements for EVE and ADAM were based on the unique cyber exercise needs for analysis and game development, and were finalised after we had completed a state-of-the-art review to look for suitable tools that could meet our requirements.
    The main purpose of EVE is to visualise security alerts on any given network map. ADAM, the supporting events aggregation module, processes, combines and filters incoming notifications from various types of sensors, and makes them ready to be visualised by EVE. EVE offers an intuitive and real-time visualisation that is easily understandable at first glance by both technical and non-technical staff. It also allows for recording and playback, and considers attack types, game phases, attack sources, and targets.
    The information required by EVE is obtained from different sensors operating on the network. EVE allows for a very simplified communication channel with them, based on JSON formatted messages sent over an HTTP POST request. The sensors used during the cyber exercises to test the tools are also described here.
    The tools have provided an enhanced situation awareness experience over previous cyber exercises organised by NATO CCDCOE, and can be used in other exercises or, more generally, in real-life, production-ready environments. EVE (with ADAM included)
    Original languageEnglish
    Title of host publicationCyber Physical Security of Defense Systems
    Subtitle of host publication STO - Meeting proceedings
    EditorsXuewen Chen, Bo Luo, Feng Luo, Vasile Palade, M. Arif Wani
    Number of pages15
    Publication statusPublished - 28 May 2018
    MoE publication typeB3 Non-refereed article in conference proceedings
    EventSystems Concepts and Integration (SCI) Panel SCI-300 Specialists’ Meeting on ‘Cyber Physical Security of Defense Systems’ - Fort Walton Beach, United States
    Duration: 8 May 20189 May 2018

    Seminar

    SeminarSystems Concepts and Integration (SCI) Panel SCI-300 Specialists’ Meeting on ‘Cyber Physical Security of Defense Systems’
    CountryUnited States
    Period8/05/189/05/18

    Fingerprint

    Agglomeration
    Visualization
    Sensors
    HTTP

    Keywords

    • aggregation
    • alerts
    • filters
    • network maps
    • situation awareness
    • visualisation

    Cite this

    Rubio Melón, F. J., Väisänen, T. U., & Pihelgas, M. (2018). EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises. In X. Chen, B. Luo, F. Luo, V. Palade, & M. A. Wani (Eds.), Cyber Physical Security of Defense Systems: STO - Meeting proceedings [STO-MP-SCI-300]
    Rubio Melón, Francisco Jesús ; Väisänen, Teemu Uolevi ; Pihelgas, Mauno. / EVE and ADAM : Situation Awareness Tools for NATO CCDCOE Cyber Exercises. Cyber Physical Security of Defense Systems: STO - Meeting proceedings. editor / Xuewen Chen ; Bo Luo ; Feng Luo ; Vasile Palade ; M. Arif Wani. 2018.
    @inproceedings{41068ae368a84c64b8f8434751a042f8,
    title = "EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises",
    abstract = "We present a new situation awareness visualisation tool, the Events Visualisation Environment (EVE), and its internal events aggregator module, the Advanced Data Aggregation Module (ADAM), which have been successfully used during the most recent cyber exercises (i.e., Locked Shields and Crossed Swords) organised by the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE).The functional requirements for EVE and ADAM were based on the unique cyber exercise needs for analysis and game development, and were finalised after we had completed a state-of-the-art review to look for suitable tools that could meet our requirements.The main purpose of EVE is to visualise security alerts on any given network map. ADAM, the supporting events aggregation module, processes, combines and filters incoming notifications from various types of sensors, and makes them ready to be visualised by EVE. EVE offers an intuitive and real-time visualisation that is easily understandable at first glance by both technical and non-technical staff. It also allows for recording and playback, and considers attack types, game phases, attack sources, and targets.The information required by EVE is obtained from different sensors operating on the network. EVE allows for a very simplified communication channel with them, based on JSON formatted messages sent over an HTTP POST request. The sensors used during the cyber exercises to test the tools are also described here.The tools have provided an enhanced situation awareness experience over previous cyber exercises organised by NATO CCDCOE, and can be used in other exercises or, more generally, in real-life, production-ready environments. EVE (with ADAM included)",
    keywords = "aggregation, alerts, filters, network maps, situation awareness, visualisation",
    author = "{Rubio Mel{\'o}n}, {Francisco Jes{\'u}s} and V{\"a}is{\"a}nen, {Teemu Uolevi} and Mauno Pihelgas",
    year = "2018",
    month = "5",
    day = "28",
    language = "English",
    isbn = "978-92-837-2180-2",
    editor = "Xuewen Chen and Bo Luo and Feng Luo and Vasile Palade and Wani, {M. Arif}",
    booktitle = "Cyber Physical Security of Defense Systems",

    }

    Rubio Melón, FJ, Väisänen, TU & Pihelgas, M 2018, EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises. in X Chen, B Luo, F Luo, V Palade & MA Wani (eds), Cyber Physical Security of Defense Systems: STO - Meeting proceedings., STO-MP-SCI-300, Systems Concepts and Integration (SCI) Panel SCI-300 Specialists’ Meeting on ‘Cyber Physical Security of Defense Systems’, United States, 8/05/18.

    EVE and ADAM : Situation Awareness Tools for NATO CCDCOE Cyber Exercises. / Rubio Melón, Francisco Jesús; Väisänen, Teemu Uolevi; Pihelgas, Mauno.

    Cyber Physical Security of Defense Systems: STO - Meeting proceedings. ed. / Xuewen Chen; Bo Luo; Feng Luo; Vasile Palade; M. Arif Wani. 2018. STO-MP-SCI-300.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientific

    TY - GEN

    T1 - EVE and ADAM

    T2 - Situation Awareness Tools for NATO CCDCOE Cyber Exercises

    AU - Rubio Melón, Francisco Jesús

    AU - Väisänen, Teemu Uolevi

    AU - Pihelgas, Mauno

    PY - 2018/5/28

    Y1 - 2018/5/28

    N2 - We present a new situation awareness visualisation tool, the Events Visualisation Environment (EVE), and its internal events aggregator module, the Advanced Data Aggregation Module (ADAM), which have been successfully used during the most recent cyber exercises (i.e., Locked Shields and Crossed Swords) organised by the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE).The functional requirements for EVE and ADAM were based on the unique cyber exercise needs for analysis and game development, and were finalised after we had completed a state-of-the-art review to look for suitable tools that could meet our requirements.The main purpose of EVE is to visualise security alerts on any given network map. ADAM, the supporting events aggregation module, processes, combines and filters incoming notifications from various types of sensors, and makes them ready to be visualised by EVE. EVE offers an intuitive and real-time visualisation that is easily understandable at first glance by both technical and non-technical staff. It also allows for recording and playback, and considers attack types, game phases, attack sources, and targets.The information required by EVE is obtained from different sensors operating on the network. EVE allows for a very simplified communication channel with them, based on JSON formatted messages sent over an HTTP POST request. The sensors used during the cyber exercises to test the tools are also described here.The tools have provided an enhanced situation awareness experience over previous cyber exercises organised by NATO CCDCOE, and can be used in other exercises or, more generally, in real-life, production-ready environments. EVE (with ADAM included)

    AB - We present a new situation awareness visualisation tool, the Events Visualisation Environment (EVE), and its internal events aggregator module, the Advanced Data Aggregation Module (ADAM), which have been successfully used during the most recent cyber exercises (i.e., Locked Shields and Crossed Swords) organised by the NATO Cooperative Cyber Defence Centre of Excellence (NATO CCDCOE).The functional requirements for EVE and ADAM were based on the unique cyber exercise needs for analysis and game development, and were finalised after we had completed a state-of-the-art review to look for suitable tools that could meet our requirements.The main purpose of EVE is to visualise security alerts on any given network map. ADAM, the supporting events aggregation module, processes, combines and filters incoming notifications from various types of sensors, and makes them ready to be visualised by EVE. EVE offers an intuitive and real-time visualisation that is easily understandable at first glance by both technical and non-technical staff. It also allows for recording and playback, and considers attack types, game phases, attack sources, and targets.The information required by EVE is obtained from different sensors operating on the network. EVE allows for a very simplified communication channel with them, based on JSON formatted messages sent over an HTTP POST request. The sensors used during the cyber exercises to test the tools are also described here.The tools have provided an enhanced situation awareness experience over previous cyber exercises organised by NATO CCDCOE, and can be used in other exercises or, more generally, in real-life, production-ready environments. EVE (with ADAM included)

    KW - aggregation

    KW - alerts

    KW - filters

    KW - network maps

    KW - situation awareness

    KW - visualisation

    M3 - Conference article in proceedings

    SN - 978-92-837-2180-2

    BT - Cyber Physical Security of Defense Systems

    A2 - Chen, Xuewen

    A2 - Luo, Bo

    A2 - Luo, Feng

    A2 - Palade, Vasile

    A2 - Wani, M. Arif

    ER -

    Rubio Melón FJ, Väisänen TU, Pihelgas M. EVE and ADAM: Situation Awareness Tools for NATO CCDCOE Cyber Exercises. In Chen X, Luo B, Luo F, Palade V, Wani MA, editors, Cyber Physical Security of Defense Systems: STO - Meeting proceedings. 2018. STO-MP-SCI-300