A Framework for Characterizing the Evolution of Cyber Attacker-Victim Relation Graphs

Garcia-Lebron, Richard; Schweitzer, Kristin M.; Bateman, Raymond M.; Xu, Shouhuai

doi:10.1109/milcom.2018.8599852

Cited by 4 publications

(3 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…At the same time, there exist works that combine graph-based and time-based methods, however, they deal with specific use case of threat intelligence. For instance, Garcia-Lebron et al [5], although, considered both the graph-based and time-based aspects of the relations, their proposed framework is tailored to the use case of detecting reconnaissance behaviour of cyber attacks and may not be applicable to other scenarios. To the best of our knowledge, no other work has explored the combination of graph-based and time-based methods in a generic framework that also prioritises modularity and the ability to support general ML techniques.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Αναγνωστόπουλος

Kidmose

Laghaout³

et al. 2021

Network and System Security

View full text Add to dashboard Cite

Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

show abstract

Section: Related Workmentioning

confidence: 99%

“…A rough, qualitative distinction can be made between features and beliefs in that the former represent raw intelligence whereas the latter represent "business-grade"-i.e., actionable-intelligence 5. Note that b need not add up to unity since the threats may overlap.…”

mentioning

confidence: 99%

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Αναγνωστόπουλος

Kidmose

Laghaout³

et al. 2021

Network and System Security

View full text Add to dashboard Cite

show abstract

“…Many cybersecurity datasets can be represented by graph time series. A concrete example is the reconnaissance behaviors of cyber attackers, which can be represented as a time series of bipartite graphs [139,39], which reflects one particular kind of the aforementioned attack-defense structure G(t) = (V (t), E(t)) over time t. For studying such time series of graphs, a systematic methodology is presented in [39]. At a high level, the methodology is to characterize the evolution (i.e., time series) of the similarity between two adjacent graphs G(t) and G(t+1), where the notion of similarity can have many different definitions (leading to various kinds of analyses).…”

Section: Datamentioning

confidence: 99%

Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity

2019

Proactive and Dynamic Network Defense

Self Cite

View full text Add to dashboard Cite

Cybersecurity Dynamics is new concept that aims to achieve the modeling, analysis, quantification, and management of cybersecurity from a holistic perspective, rather than from a building-blocks perspective. It is centered at modeling and analyzing the attack-defense interactions in cyberspace, which cause a "natural" phenomenon-the evolution of the global cybersecurity state. In this Chapter, we systematically introduce and review the Cybersecurity Dynamics foundation for the Science of Cybersecurity. We review the core concepts, technical approaches, research axes, and results that have been obtained in this endeavor. We outline a research roadmap towards the ultimate research goal, including a systematic set of technical barriers.

show abstract

Identifying Key Strategies for Reconnaissance in Cybersecurity

Praveen

2022

Studies in Computational Intelligence

View full text Add to dashboard Cite

A Framework for Characterizing the Evolution of Cyber Attacker-Victim Relation Graphs

Cited by 4 publications

References 35 publications

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Cybersecurity Dynamics: A Foundation for the Science of Cybersecurity

Identifying Key Strategies for Reconnaissance in Cybersecurity

Contact Info

Product

Resources

About