City academics receive EU grant for cyber security research
City University London academics from the Department of Computer Science are part of a new EU Horizon 2020-funded research project titled “Diversity Enhancement for Security Information and Event Management Systems”.
The research funding, aimed at enhancing security information and event management systems (SIEMS) within a diversity of organisations, is valued at €3.445m, of which €910k goes to City. The project will be 36 months (starting in September 2016) long.
Led by Senior Lecturer in the Centre for Software
Reliability, Dr Ilir Gashi, and Lecturer in Applied Data Science in the
giCentre, Dr Cagatay Turkay, this collaboration will mark the first time
that two research centres in the Department of Computer Science have joined forces on a research project. Professor of Systems Engineering, Professor Lorenzo Strigini is also involved
as a co-investigator. The overall project coordinator is the University of Lisbon, while other participants are EDP (Portugal), Amadeus IT
(Spain), DigitalMR (UK), Fraunhofer Institute (Germany) and Atos Spain (Spain).
Detecting possible threats
This research underscores the importance of security information and event management (SIEM) systems. SIEMs are used in monitoring infrastructure through sensors which can detect possible threats (attacks and vulnerabilities to attack for example).
Dr Gashi says the project “aims to enhance existing SIEM systems with diversity-related technology and will develop novel combinations of computation and data visualisation to assist decision makers in turning diverse information sets into action.”
More specifically, the researchers will attempt to improve the quality of events collected using a diverse set of sensors and novel
anomaly detectors and create new ways for visualising the information collected
in the SIEM to provide high-level security metrics and models which enables better security-related decision-making.
The Horizon 2020 programme is the EU’s largest ever research and innovation programme with €80bn in funding available from 2014 to 2020.
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. The underlying principle of a SIEM system is that relevant data about an enterprise’s security is produced in multiple locations and the ability to view the data from a single point of view makes it easier to spot trends and see patterns that are out of the ordinary.