There is an everlasting struggle for organisations to remediate vulnerabilities in IT systems before being the victim of an exploitation. Organisations try to reduce this struggle by turning to specialized cyber organisations, which use their expertise to recommend resolving a subset of vulnerabilities. Unfortunately, the process of recommending a selection of vulnerabilities is primarily done manually. Manual labour is time consuming and requires skilled personnel. Automating cyber advisories reduces both these problems.

We introduce ACSA, a process designed for the Automation of Cyber Security Advisories. ACSA creates a dataset that can be used by advisory publishers to automate their publications with minimal effort. The dataset contains around 90,000 advisories which are filtered by a machine learning model to the set published by the organisation. We applied the ACSA process and dataset to both the Dutch and Canadian NCSC and found that on average we can already automate the majority of advisories. This constitutes a significant workload reduction in comparison to the situation prior to the automation. Even better results are observed when looking at the performance of ACSA on specific vendors. For some vendors we are able to automate more than 90% of the advisories while creating minimal false positives. ... Read more

The internet consists of many networks connected by the BGP protocol and can easily be manipulated by a hacker. Every day, hackers reroute internet traffic and use that to impersonate entities such as companies, devices and humans. To detect this rerouting, which is also know as a route leak, a BGP monitor can be used. A BGP monitor checks whether the local route is correct by comparing the local route to the route from hundreds of devices. The lower the percentage of the routes that are the same, the bigger the chance there is a route leak. Hence, a user can tell whether a hacker manipulated the route. This project aims to build a BGP monitor application, that will ease the process of finding whether a hacker rerouted a part of the internet. To achieve this, the Internet Monitor application has been developed. In the Internet Monitor, an admin can add different types of tasks that will be run by the devices. This input will then be transmitted to the backend and to the database, where they will be stored. After some time, the backend will send out the tasks to the nodes. The nodes will execute the task and send back the results to the backend. These results can then be used to check whether the information from BGP servers or the local result is the same, and thus not manipulated. Apart from this, Internet Monitor also offers the possibility to see the map of all the real-time traffic between devices. ... Read more