Abstract

Protecting Critical Infrastructure (CI) against increasing cyber threats has become as crucial as it is complicated. To be effective in identifying and defeating cyber attacks, cyber analysts require novel distributed detection and reaction methodologies based on information security techniques that can automatically analyse incident reports and securely share analysis results between Critical Infrastructure stakeholders. Our goal is to provide solutions in real-time that could replace human input for cyber incident analysis tasks (triage) to classify cyber incident reports, find related reports in a fast and scalable way, eliminate irrelevant information, and automate reporting life- cycle management. Our effective and fast incident management method is based on artificial intelligence and can support cyber analysts in establishing cyber situational awareness, and allow them to quickly adopt suitable countermeasures in the case of an attack. In this paper, we evaluate deep autoencoder neural network supported by Blockchain technology as a system for incident classification and management, and assess its accuracy and performance. This approach should reduce the number of manual operations and save storage space. We used a Blockchain smart contract technique to provide an automated trusted system for incident management workflow that allows automatic acquisition, classification and enrichment of incident data. We demonstrate how the presented techniques can be applied to support incident handling tasks performed by security operation centres.