A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Schlette, Daniel; Caselli, Marco; Pernul, Günther

doi:10.1109/comst.2021.3117338

Cited by 60 publications

(22 citation statements)

References 50 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Frequent industrial control security incidents have attracted extensive attention from home and abroad. China and European and American countries have included the industrial control system in their national strategies [1][2][3].…”

Section: Introductionmentioning

confidence: 99%

Network Interconnection Security Buffer Technology for Power Monitoring System

Wang

Tao

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

In recent years, the risk of malicious attacks on power monitoring systems has increased, and there have been many attacks on power systems in the world. Aiming at the network interconnection security problem of the core control system, the concept of “security buffer” is introduced, and a network security buffer method forpower monitoring system is proposed, which is composed of three parts: paradigm check, behavior analysis, and dynamic conversion and jointly realizes the multilevel security inspection of interconnection requests. Experimental verification results show that the proposed method has a protective effect on malicious attacks of power monitoring system.

show abstract

Section: Introductionmentioning

confidence: 99%

Network Interconnection Security Buffer Technology for Power Monitoring System

Wang

Tao

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The term cyber relates to all aspects of computing, including storing data, protecting data, accessing data, processing data, transmitting data and connecting data. Also, cyber can defined as the space for data and information sharing towards the communities without the time and nation barrier [17].…”

Section: Cybermentioning

confidence: 99%

Knowledge Management Strategy for Handling Cyber Attacks in E-Commerce with Computer Security Incident Response Team (CSIRT)

Fauziyah¹,

Wang²,

Joy³

2022

JIS

View full text Add to dashboard Cite

Electronic Commerce (E-Commerce) was created to help expand the market share network through the internet without the boundaries of space and time. However, behind all the benefits obtained, E-Commerce also raises the issue of consumer concerns about the responsibility for personal data that has been recorded and collected by E-Commerce companies. The personal data is in the form of consumer identity names, passwords, debit and credit card numbers, conversations in email, as well as information related to consumer requests. In Indonesia, cyber attacks have occurred several times against 3 major E-Commerce companies in Indonesia. In 2019, users' personal data in the form of email addresses, telephone numbers, and residential addresses were sold on the deep web at Bukalapak and Tokopedia. Even though E-Commerce affected by the cyber attack already has a Computer Security Incident Response Team (CSIRT) by recruiting various security engineers, both defense and attack, this system still has a weakness, namely that the CSIRT operates in the aspect of handling and experimenting with defense, not yet on how to store data and prepare for forensics. CSIRT will do the same thing again, and so on. This is called an iterative procedure, one day the attack will come back and only be done with technical handling. Previous research has succeeded in revealing that organizations that have Knowledge Management (KM), the organization has succeeded in reducing costs up to four times from the original without using KM in the cyber security operations. The author provides a solution to create a knowledge management strategy for handling cyber incidents in CSIRT E-Commerce in Indonesia. This research resulted in 4 KM Processes and 2 KM Enablers which were then translated into concrete actions. The KM Processes are Knowledge Creation, Knowledge Storing, Knowledge

show abstract

“…The reconstruction of this kind of attack is possible thanks to the collected logs exploitation. Then, in order to identify techniques performed by the attacker, we used a tool 9 that allows us to extract Events of Interest (EoI) [27] from the dataset. In the following, we detail actions performed by the participant #12, denoted P12.…”

Section: Pwnjutsu P12 Attack Campaignmentioning

confidence: 99%

“…As stated in [9], the Cyber Threat Intelligence experts need formalization at every stage of attacks to understand manipulated tools and data as well as to produce relevant, entirely usable, and comparable datasets.…”

mentioning

confidence: 99%

PWNJUTSU: A Dataset and a Semantics-Driven Approach to Retrace Attack Campaigns

Berady

Jaume²,

Tông

et al. 2022

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Identifying patterns in the modus operandi of attackers is an essential requirement in the study of Advanced Persistent Threats. Previous studies have been hampered by the lack of accurate, relevant, and representative datasets of current threats. System logs and network traffic captured during attacks on real companies' information systems are the best data sources to build such datasets. Unfortunately, for apparent reasons of companies' reputation, privacy, and security, such data is seldom available. This article proposes an alternative approach to such issues involved with collecting data. It first presents a formal model of an attacker's tactical progression during their network propagation phase. Such a progression is expressed according to the attacker's state, called muSE, which specifies their propagation area, collected secrets, and knowledge of the environment. The new model wields the operational semantics of attack techniques proposed in this article. The semantics formally define a transition relation between attackers' states. Hence, it can be used to describe an entire attack scenario. This formalization allows the ability to describe the PWNJUTSU experiment unequivocally. In this experiment, 22 Red Teamers attacked the vulnerable infrastructure to compromise machines and steal secret flags. Each Red Teamer operated on a dedicated instance. Sensors captured system logs and network traffic on each of these instances. This article's second contribution is the public release of the PWNJUTSU dataset.

show abstract

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Cited by 60 publications

References 50 publications

Network Interconnection Security Buffer Technology for Power Monitoring System

Network Interconnection Security Buffer Technology for Power Monitoring System

Knowledge Management Strategy for Handling Cyber Attacks in E-Commerce with Computer Security Incident Response Team (CSIRT)

PWNJUTSU: A Dataset and a Semantics-Driven Approach to Retrace Attack Campaigns

Contact Info

Product

Resources

About