An Actionable Threat Intelligence system using a Publish-Subscribe communications model

Appala, Syam; Cam-Winget, Nancy; McGrew, David; Verma, Jyoti

doi:10.1145/2808128.2808131

Cited by 20 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Literature provides different standards for the structured representation of indicators, such as CybOX 1 or openIoC 2 . These data structures are commonly referred to as Indicators of Compromise (IoC) as they depict a set of observations associated with a threat (Appala et al 2015). These basic incident data can furthermore be enriched using intelligenceand attribution data, such as information about attackers, utilized attack patterns or attackers' objectives as shown by Burger et al (2014).…”

Section: A Structured Representation For Threat Intelligence Reportedmentioning

confidence: 99%

Human-as-a-security-sensor for harvesting threat intelligence

2019

View full text Add to dashboard Cite

Humans are commonly seen as the weakest link in corporate information security. This led to a lot of effort being put into security training and awareness campaigns, which resulted in employees being less likely the target of successful attacks. Existing approaches, however, do not tap the full potential that can be gained through these campaigns. On the one hand, human perception offers an additional source of contextual information for detected incidents, on the other hand it serves as information source for incidents that may not be detectable by automated procedures. These approaches only allow a text-based reporting of basic incident information. A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing. In this work, we propose an approach, which allows humans to systematically report perceived anomalies or incidents in a structured way. Our approach furthermore supports the integration of such reports into analytics systems. Thereby, we identify connecting points to SIEM systems, develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans. A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.

show abstract

Section: A Structured Representation For Threat Intelligence Reportedmentioning

confidence: 99%

Human-as-a-security-sensor for harvesting threat intelligence

2019

View full text Add to dashboard Cite

show abstract

“…On the one hand, it makes the user aware of what security threat they may have, on the other hand, actionable threat intelligence indicates an agent who may breach the security can create a menace to the users. With the advanced sentiment analysis algorithm and development of the affective computing, the various users' personality traits can be predicted [3], [4], [25]- [27]. Thus, the users' online behaviour over social network sites leaves an impression which can suggest someone about their behaviour, thinking and maybe there future actions, which can lead to threat for them.…”

Section: Threat Intelligencementioning

confidence: 99%

Crawling Twitter data through API: A technical/legal perspective

Sohail¹,

Khan²,

Arsalan³

et al. 2021

Preprint

View full text Add to dashboard Cite

The popularity of the online media-driven social network relation is proven in today's digital era. The many challenges that these emergence has created include a huge growing network of social relations, and the large amount of data which is continuously been generated via the different platform of social networking sites, viz. Facebook, Twitter, LinkedIn, Instagram, etc. These data are Personally Identifiable Information (PII) of the users which are also publicly available for some platform, and others allow with some restricted permission to download it for research purposes. The users' accessible data help in providing with better recommendation services to users, however, the PII can be used to embezzle the users and cause severe detriment to them. Hence, it is crucial to maintain the users' privacy while providing their PII accessible for various services. Therefore, it is a burning issue to come up with an approach that can help the users in getting better recommendation services without their privacy being harmed. In this paper, a framework is suggested for the same. Further, how data through Twitter API can be crawled and used has been extensively discussed. In addition to this, various security and legal perspectives regarding PII while crawling the data is highlighted. We believe the presented approach in this paper can serve as a benchmark for future research in the field of data privacy.

show abstract

“…Promising and widely accepted protocols in the community developed by the US Government and Mitre are the Structured Threat Information Expression (STIX) 3 and the Trusted Automated eXchange of Indicator Information (TAXII) 4 . It addresses structured cyber security needs such as, analyzing cyber threats, specifying indicator patterns, managing response activities, and sharing of cyber threat information [16]. The European Telecommunications Standards Institute (ETSI) follows up on the European Union Agency for Network and Information Security (ENISA) recommendation 5 for European Union member states to implement the globally accepted CTI sharing standards STIX/TAXII [17].…”

Section: Automated Sharing Of Ctimentioning

confidence: 99%

“…According to [14], interoperability is becoming important but not necessary the desired default state because it gives developers the diversity in data formats. The Mitre group developed the STIX format to render CTI exchange interoperable [34,16]. It has become the most widely accepted standard for threat intelligence sharing.…”

Section: Data Interoperabilitymentioning

confidence: 99%

Cyber threat intelligence sharing: Survey and research directions

Wagner

Mahbub

Palomar

et al. 2019

Computers & Security

184

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-art and approaches different problem areas of interest pertaining to the larger field of sharing cyber threat intelligence. The motivation for this research stems from the recent emergence of sharing cyber threat intelligence and the involved challenges of automating its processes. This work comprises a considerable amount of articles from academic and gray literature, and focuses on technical and non-technical challenges. Moreover, the findings reveal which topics were widely discussed, and hence considered relevant by the authors and cyber threat intelligence sharing communities.

show abstract

An Actionable Threat Intelligence system using a Publish-Subscribe communications model

Cited by 20 publications

References 5 publications

Human-as-a-security-sensor for harvesting threat intelligence

Human-as-a-security-sensor for harvesting threat intelligence

Crawling Twitter data through API: A technical/legal perspective

Cyber threat intelligence sharing: Survey and research directions

Contact Info

Product

Resources

About