Distributed Security Framework for Reliable Threat Intelligence Sharing

Preuveneers, Davy; Joosen, Wouter; Bernabé, Jorge Bernal; Skarmeta, Antonio F.

doi:10.1155/2020/8833765

Cited by 31 publications

(16 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It analyzed the contextual data in the threat intelligence to predict the behavior of the malicious version. Preuveneers et al [15] proposed the security enhancement framework of TATIS to timely respond to new vulnerabilities and attack forms in network attacks via threat intelligence analysis. Hinne [16] established a joint analysis model in network attack events and threat intelligence to analyze the attacker's motive and exploit the vulnerability, steps, and specific actions.…”

Section: Reat Intelligence Analysismentioning

confidence: 99%

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

Yan

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The combination of 5G technology and the industrial Internet of things (IIoT) makes it possible to realize the interconnection of all things. Still, it also increases the risk of attacks such as large-scale DDoS attacks and IP spoofing attacks. Threat intelligence is a collection of information causing potential and nonpotential harm to the industrial Internet. Extracting network security entities and their relationships from threat intelligence text and constructing structured threat intelligence information are particularly important for IIoT security protection. However, threat intelligence is mostly text reports, which means the value information needs to be extracted manually by security analysts, and it is highly dependent on personnel experience. Therefore, this study proposes an IIoT threat intelligence analysis method based on feature weighting and BERT-BiGRU. In this method, BERT-BiGRU is used to classify attack behavior and attack strategy. Then, the attack behavior is weighted to make the classified result more accurate according to the relationship between attack strategy and attack behavior in ATT&CK for ICS knowledge. Finally, the possibility of attack and the harm degree of attack are calculated to form the threat value of the attack. The security analysts can judge the emergency response sequence by the threat value to improve the accuracy and efficiency of emergency response. The results indicate that the proposed method in this study is more accurate than the other standard methods and is more suitable for the unstructured threat intelligence analysis of IIoT.

show abstract

Section: Reat Intelligence Analysismentioning

confidence: 99%

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

Yan

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is another method that can be used to give producers with fine grained access control [45].…”

Section: Access Controlmentioning

confidence: 99%

Challenges and Opportunities of Blockchain for Cyber Threat Intelligence Sharing

Dunnett¹,

Pal²,

Jadidi³

2022

Preprint

View full text Add to dashboard Cite

The emergence of the Internet of Things (IoT) technology has caused a powerful transition in the cyber threat landscape. As a result, organisations have had to find new ways to better manage the risks associated with their infrastructure. In response, a significant amount of research has focused on developing efficient Cyber Threat Intelligence (CTI) sharing platforms. However, most existing solutions are highly centralised and do not provide a way to exchange information in a distributed way. In this chapter, we subsequently seek to evaluate how blockchain technology can be used to address a number of limitations present in existing CTI sharing platforms. To determine the role of blockchain-based sharing moving forward, we present a number of general CTI sharing challenges, and discuss how blockchain can bring opportunities to address these challenges in a secure and efficient manner. Finally, we discuss a list of relevant works and note some unique future research questions.

show abstract

“…The overall approach of our solution is depicted in Figure 10. For more details on the CP-ABE scheme itself, we refer to our previous work [56]. Figure 11 depicts a subset of the attributes of the MISP event (i.e., only the file attachments) after being imported into TheHive.…”

Section: Taxonomy For Threats and Attacks Against ML Modelsmentioning

confidence: 99%

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Preuveneers

Joosen

2021

JCP

Self Cite

View full text Add to dashboard Cite

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

show abstract

Distributed Security Framework for Reliable Threat Intelligence Sharing

Cited by 31 publications

References 24 publications

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

A Threat Intelligence Analysis Method Based on Feature Weighting and BERT-BiGRU for Industrial Internet of Things

Challenges and Opportunities of Blockchain for Cyber Threat Intelligence Sharing

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Contact Info

Product

Resources

About