Project information
Sharing and Automation for Privacy Preserving Attack Neutralization (SAPPAN)

Investor logo
Project Identification
Project Period
5/2019 - 4/2022
Investor / Pogramme / Project type
European Union
MU Faculty or unit
Institute of Computer Science
Project Website
sharing; privacy preserving; CSIRT; distributed; incident; response; recovery; cyber attack; detection
Cooperating Organization
Fraunhofer Society for the Advancement of Applied Research e.V.

The SAPPAN project aims to enable efficient prevention and protection of modern ICT infrastructures via advanced data acquisition, thread analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions.

We develop a collaborative and federated scalable attack detection to support response activities and in particular, allow for timely responses to newly emerging threats supporting different privacy-levels.

Further, we define a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. We document the recovery procedures and provide processes and tools for knowledge management of incident handling within organizations, enabling the finding of similar incidents and suggesting response and recovery actions based on successful solutions in the past.

Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence which implements a combination of encryption and anonymization to achieve GDPR compliance.

Last, but not least, we will develop novel visualization techniques that assist security and IT personnel, and provide an enhanced content of context of the response and recovery, and improved visual presentation of the response and recovery process.


Total number of publications: 5

You are running an old browser version. We recommend updating your browser to its latest version.

More info