Shuhan Li scite author profile

With the occurrence of cyber security incidents, the value of threat intelligence is coming to the fore. Timely extracting Indicator of Compromise (IOC) from cyber threat intelligence can quickly respond to threats. However, the sparse text in public threat intelligence scatters useful information, which makes it challenging to assess unstructured threat intelligence. In this paper, we proposed Cyber Threat Intelligence Automated Assessment Model (TIAM), a method to automatically assess highly sparse threat intelligence from multiple dimensions. TIAM implemented automatic classification of threat intelligence based on feature extraction, defined assessment criteria to quantify the value of threat intelligence, and combined ATT&CK to identify attack techniques related to IOC. Finally, we associated the identified IOCs, ATT&CK techniques, and intelligence quantification results. The experimental results shown that TIAM could better assess threat intelligence and help security managers to obtain valuable cyber threat intelligence.

show abstract

Design of Threat Response Modeling Language for Attacker Profile Based on Probability Distribution

Zhang

Wang

Bai

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

Threat modeling and simulation (TMS) was aimed at dynamically capturing the features of attacks, which is a challenging job in complex Industrial Internet of Things (IIoT) control systems due to the complicated relationships among attacks. Recently, Meta Attack Language (MAL) showed its powerful TMS capabilities for representing complex attacks. However, existing methods pay less attention to the impact of changes in threat profiles on the simulation of key attack techniques. This paper proposes a novel method called threat response modeling language (TRMLang) for threat modeling and simulation in complex IIoT attacks. TRMLang obtains attacker information through an automated analysis of cyber threat intelligence (CTI) to build dynamic attacker profiles. Furthermore, it merges attacker features and probabilistic attack graphs in the simulation to improve TMS performance. The experimental results demonstrate that TRMLang can represent and evaluate the security conditions of IIoT control systems with two attack cases by Lazarus Group on SEGRID smart grids.

show abstract

Attack prediction in Internet of Things using knowledge graph

Zhang

Zhao

Wang

et al. 2023

View full text Add to dashboard Cite

Internet of Things (IoT)has numerous applications in the industry and society, thanks to its ability to achieve automation and connectivity in a range of activities. Despite its great potentials, IoT is susceptible to physical and cyber-attacks, which causes security threats (e.g., financial risk and leakage of privacy). To address this problem, an approach for attack prediction is proposed for IoT. Aiming at a high degree of flexibility, an intelligent model is designed to construct knowledge graph by integrating equipment information CPE, vulnerability information CVE and attack pattern information CAPEC disclosed by the National Institute of Standards and Technology (NIST) and the security organization MITRE. Based on the knowledge graph, the safety analysis and operation analysis of many IOT information are carried out. To conclude the possible attack, knowledge representation learning method that fuses the triple information and semantic path combination information of the knowledge graph (FTSPC) was employed. We transform the attack prediction task into the link prediction problem. The suggested method is evaluated on a public dataset and our dataset, the results demonstrated that the method can predict the attack of IoT infrastructure, providing rich IoT security knowledge to security researchers and professionals and a useful reference for active defense.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Shuhan Li

Generating Network Security Defense Strategy Based on Cyber Threat Intelligence Knowledge Graph

An Automatic Assessment Method of Cyber Threat Intelligence Combined with ATT&CK Matrix

Design of Threat Response Modeling Language for Attacker Profile Based on Probability Distribution

Attack prediction in Internet of Things using knowledge graph

Contact Info

Product

Resources

About