Data-driven analytics for cyber-threat intelligence and information sharing

Qamar, Sara; Anwar, Zahid; Rahman, Mohammad Ashiqur; Al-Shaer, Ehab; Chu, Bill

doi:10.1016/j.cose.2017.02.005

Cited by 105 publications

(50 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…An extension to STIX that supports sharing the information about the impact of cyberevents outside an organization was proposed by Fransen et al who discuss it in the context of operation of the Dutch National Detection Network. Qamar et al integrated concepts of STIX and CybOX together with the Common Vulnerabilities and Exposures (CVE) notation and a network model into a Web Ontology Language–based ontology that enables threat‐related specifications, semantic reasoning, and contextual analyses. de Fuentes et al enhanced STIX with privacy‐preserving mechanisms.…”

Section: Related Workmentioning

confidence: 99%

Threat intelligence platform for the energy sector

Wróbel

2019

Softw Pract Exp

View full text Add to dashboard Cite

In recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence (TI) that interlinks information sharing and fine-grained situation awareness. In this paper, a framework that integrates all levels of TI, ie, strategic, tactical, operational, and technical, is presented. The platform implements the centralized model of information exchange with peer-to-peer interactions between partners as an option. Several supportive solutions were introduced, including anonymity mechanisms or data processing and correlation algorithms. A data model that enables communication of cyberincident information, both in natural language and machine-readable formats, was defined. Similarly, security requirements for critical components were devised. A pilot implementation of the platform was developed and deployed in the operational environment, which enabled practical evaluation of the design. Also, the security of the anonymity architecture was analyzed.

show abstract

Section: Related Workmentioning

confidence: 99%

Threat intelligence platform for the energy sector

Wróbel

2019

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…CTI on vasta kehittymäisillään (Ernst & Young, 2014) ja monista yrityksistä huolimatta akateemisessa yhteisössä ei ole selkeää selitystä (Abu ym., 2018;Qamar, Anwar, Rahman, Al-Shaer & Chu, 2017), mitä CTI tarkoittaa.…”

Section: Käsiteunclassified

Cyber Threat Intelligence

Dehghantanha¹,

Conti²,

Dargahi³

2018

Advances in Information Security

View full text Add to dashboard Cite

Maailman digitalisoitumisen seurauksena kerätyn datan määrä on kasvanut eksponentiaalisesti, tietojärjestelmät ovat monimutkaistuneet ja kyberhyökkäykset kehittyneet teknologian kehityksen mukana, jonka vuoksi perinteiset kyberhyökkäyksen torjuntamenetelmät eivät enää yksinään riitä suojaamaan organisaatioita. Tutkielmassa tarkastellaan miten Cyber Threat Intelligence edesauttaa organisaatioiden tietoturvaa ja mitä haasteita se tuo. Tutkielma on toteutettu kirjallisuuskatsauksena ja se pyrkii vastaamaan tutkimuskysymykseen: "Mitä on Cyber Threat Intelligence, miten se vaikuttaa ja mitä haasteita se tuo?". Kehittyneiden kyberhyökkäyksien takia yleistä toimintatapaa täytyisi siirtää hyökkäyksistä aiheutuneiden vahinkojen jälkikäteen korjaamisesta hyökkäyksien ennakoimiseen. Hyökkäyksien ennakoimiseen yksi tapa on hyödyntää Big Dataa, sillä kerätyn datan seasta loÿtyy vastauksia useampiinkin ongelmiin, mutta datan valtavan määrän ja monimutkaisuuden vuoksi, sitä on hidasta kerätä ja prosessoida sekä vaikea hallita. Uusi nouseva trendi on Cyber Threat Intelligence, jonka tarkoituksena on hyödyntää erilaisista lähteistä saatua analysoitua informaatiota kyberuhista ja sen perusteella tehdä päätöksiä tietoturvan parantamiseksi.

show abstract

“…Several studies related to social engineering are more widely discussed from the computational and system security aspects. The researcher argues that social engineering has a strong interdisciplinary relationship various studies in social psychology and cognitive psychology [3], [10], [11]. Some psychological states that can be exploited including strong emotion, overloading, reciprocity, moral responsibility, integrity and consistency, power, and deceptive relationships [12].…”

Section: Introductionmentioning

confidence: 99%

Threat Language: Cognitive Exploitation in Social Engineering

Handoko¹,

Putri²

2019

Proceedings of the International Conference on Social Sciences, Humanities, Economics and Law

View full text Add to dashboard Cite

Social engineering aims to elicit sensitive information by using various manipulation approach to exploit the victim. The increasing of social communication platform such as email, messenger, facebook, linkedin, researchgate, combined with the social psychology and cognitive linguistics become a new weapon to attack either personal or even institutional targets. This paper explores the language used by the attacker to expose psychological threat to elicit sensitive information and to direct the victim to execute the certain action. The data are taken from emails which contain threat language. This paper illustrates how an attacker uses threat language to perform social engineering. The analysis is based on social engineering attack classification (Mouton, 2016) and cognitive pragmatics (Bara, 2010). The result shows rather than using persuasive approach, the attacker uses the threat to exploit cognitive process in thinking and decision making. Moreover the research also found pattern of a social engineer email: warning, threat, and enhancement.

show abstract

Data-driven analytics for cyber-threat intelligence and information sharing

Cited by 105 publications

References 3 publications

Threat intelligence platform for the energy sector

Threat intelligence platform for the energy sector

Cyber Threat Intelligence

Threat Language: Cognitive Exploitation in Social Engineering

Contact Info

Product

Resources

About