SOCCRATES and SAPPAN organise International Workshop on NG SOC in conjunction with ARES, August 25, 2020

Get in contact


Organisations in Europe face the difficult task of detecting and responding to increasing numbers of cyber-attacks and threats, given that their own ICT infrastructures are complex, constantly changing (e.g. by introduction of new technologies) and there is a shortage of qualified cybersecurity experts. There is a great need to drastically reduce the time to detect and respond to cyber-attacks. A key means for organizations to stay ahead of the threat is through the establishment of a Security Operations Center (SOC). The primary purpose of a SOC is to monitor, assess and defend the information assets of an enterprise, both on a technical and organizational level.

The aim of the NG-SOC 2020 workshop is to create a forum for researchers and practitioners to discuss the challenges associated with SOC operations and focus on research contributions that can be applied to address these challenges. The workshop will draw on expertise from two EU-funded H2020 projects: SAPPAN ( and SOCCRATES ( Selected members of the projects’ consortia will present their research activities. The workshop will include a panel session to foster discussion on the major operational challenges that enterprises and SOC operators face and provide insights into promising research-based solutions

Project abstract

The workshop is jointly organized by two H2020 projects that are funded by the European Commission:

SOCCRATES project ( will develop and implement a new security platform for Security Operation Centres (SOCs) and Computer Security Incident Response Teams (CSIRTs), that will significantly improve an organisation’s capability to quickly and effectively detect and respond to new cyber threats and ongoing attacks. The SOCCRATES Platform consists of an orchestrating function and a set of innovative components for automated infrastructure modelling, attack detection, cyber threat intelligence utilization, threat trend prediction, and automated analysis using attack defence graphs and business impact modelling to aid human analysis and decision making on response actions, and enable the execution of defensive actions at machine-speed. The SOCCRATES Platform aims to enable organisations to improve the resilience of their infrastructures and increase productivity and efficiency at the SOC. The outcomes of the project will contribute to a more secure cyberspace and strengthen competitiveness in the EU digital single market.

SAPPAN project ( aims to enable efficient protection of modern ICT infrastructures via advanced data acquisition, threat analysis, and privacy-aware sharing and distribution of threat intelligence aimed to dynamically support human operators in response and recovery actions. The SAPPAN project will develop a collaborative, federated, and scalable attack detection to support response activities and allow for timely responses to newly emerging threats supporting different privacy-levels. We plan to identify a standard for the interoperable and machine-readable description of incident response reports and recovery solutions. The risk assessment, privacy, and security will be addressed in the standard design. Results of both attack detection and recovery and response processes will be shared on a global level to achieve an advanced response and recovery via knowledge sharing and federated learning. We develop a mechanism for sharing information on threat intelligence, which implements a combination of encryption and anonymization to achieve GDPR compliance. Novel visualization techniques will be developed to assist security and IT personnel and provide an enhanced content of context of the response and recovery, and improved visual presentation of the process.

Topics of interest include, but are not limited to:

Security Operation Center (SOC)

Anomaly Detection

Network Intrusion Detection Systems

Domain Generation Algorithms

Cyber Threat Intelligence Utilization

Privacy-aware Threat Intelligence Sharing

Business Impact Modelling
Attack Analysis with Attack Defence Graphs (ADGs)

Visual Presentation to Support Response and Recovery Actions

Workshop Agenda (Tuesday, 25th of August 2020 | 9:00 – 17:45)

TimeTalkDuration [min]
Session 1 (Ewa Piatkowska)90
09:0009:05Welcome Ewa Piatkowska5
09:059:25The SOCCRATES Project: Overview and Objectives Frank Fransen (TNO)20
9:259:45The SAPPAN Project: Overview and Objectives Avikarsha Mandal (Fraunhofer FIT)20
9:4510:30Keynote: Semi-Automated Cyber Threat Intelligence (ACT) Martin Eian (Mnemonic)45
10:3011:00Coffee break30
Session 2 (Tomas Jirsik)100
11:0011:20Monitoring Malicious Infrastructures to Produce Threat Intelligence Piotr Kijewski (Shadowserver)20
11:2011:40Pipeline development for Automatically Generated Domain detection Irina Chiscop (TNO)20
11:4012:00Leveraging Machine Learning for DGA Detection Arthur Drichel (RWTH Aachen University)20
12:0012:20Knowledge Management and Anonymization Techniques in Cyber-Threat Intelligence Lasse Nitz, Mehdi Akbari Gurabi (Fraunhofer FIT)20
12:2012:40Reputation Management Techniques for IP addresses, domains, and mail Mischa Obrecht (DreamLab) 20
12:4013:45Lunch break65
Session 3 (Avikarsha Mandal)80
13:4514:05Host and Application Behaviour Modelling Tomas Jirsik (Masaryk University) and Sebastian Schaefer (RWTH Aachen University)20
14:0514:25L-ADS: Live Anomaly Detection System Alejandro Garcia Bedoya (ATOS)20
14:2514:45Adversarial Examples against Intrusion Detection Systems Ewa Piatkowska (AIT)20
14:4515:05Fast and Scalable Cybersecurity Data Processing Josef Niedermeier, Gabriela Aumayr (HPE)20
15:0515:30Coffee break25
Session 4 (Irina Chiscop)80
15:3015:50Attack Analysis with Attack Defence Graphs Erik Ringdahl (Foreseeti)20
15:5016:10Attack Graph-based Courses of Action for Defense Wojciech Widel (KTH)20
16:1016:30Visual Analytics for Cyber Security Data Christoph Müller and Franziska Becker (University of Stuttgart)20
16:3016:50Endpoint Protection Paolo Palumbo (FSecure)20
16:5017:05Coffee break15
Panel Session45
17:0517:35Discussion on Future Challenges for SOC Speakers: Pavel Kacha (CESNET) Sarka Pekarova (DreamLab) Paul Smith (AIT) Panel chair: Tomas Jirsik (Masaryk University)30
17:3517:45Wrap up Ewa Piatkowska (AIT)10

Workshop Website

Venue and Registration

NG-SOC 2020 workshop is organised in conjunction with the ARES 2020 conference, which this year will be held all-digital. Registration for the workshop is required and costs 40€ (Regular Attendee) or 20€ (Student attendee). The registration fee includes the entrance to all ARES & CD-MAKE conference and workshop sessions. If you want to attend, please register at .

Copyright 2020 Soccrates
Developed by Convident