Graph Mining-based Trust Evaluation Mechanism with Multidimensional Features for Large-scale Heterogeneous Threat Intelligence

Gao, Yali; Li, Xiaoyong; Li, Jirui; Gao, Yunquan; Guo, Ning

doi:10.1109/bigdata.2018.8622111

Cited by 11 publications

(2 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Using threat intelligence platforms, companies can improve their countermeasures against cyber-attacks and prepare detection and prevention mechanisms. In recent years, the cybersecurity communities have emphasized building common threat intelligence platforms to share threat information in a unified and structured way, and make CTI actionable [18,22,31,33,46,52]. Various specifications and protocols such as STIX, TAXII, Cybox, CWE, CAPEC and CVE are widely used to describe and share threat information through common platforms [5,6,12,37].…”

Section: Source Descriptionmentioning

confidence: 99%

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Islam¹,

Babar²,

Croft³

et al. 2022

Preprint

View full text Add to dashboard Cite

A wide variety of Cyber Threat Information (CTI) is used by Security Operation Centres (SOCs) to perform validation of security incidents and alerts. Security experts manually define different types of rules and scripts based on CTI to perform validation tasks. These rules and scripts need to be updated continuously due to evolving threats, changing SOCs' requirements and dynamic nature of CTI. The manual process of updating rules and scripts delays the response to attacks. To reduce the burden of human experts and accelerate response, we propose a novel Artificial Intelligence (AI) based framework, SmartValidator. SmartValidator leverages Machine Learning (ML) techniques to enable automated validation of alerts. It consists of three layers to perform the tasks of data collection, model building and alert validation. It projects the validation task as a classification problem. Instead of building and saving models for all possible requirements, we propose to automatically construct the validation models based on SOC's requirements and CTI. We built a Proof of Concept (PoC) system with eight ML algorithms, two feature engineering techniques and 18 requirements to investigate the effectiveness and efficiency of SmartValidator. The evaluation results showed that when prediction models were built automatically for classifying cyber threat data, the F1-score of 75% of the models were above 0.8, which indicates adequate performance of the PoC for use in a real-world organization. The results further showed that dynamic construction of prediction models required 99% less models to be built than pre-building models for all possible requirements. Thus, SmartValidator is much more efficient to use when SOCs' requirements and threat behaviour are constantly evolving. The framework can be followed by various industries to accelerate and automate the validation of alerts and incidents based on their CTI and SOC's preferences.

show abstract

Section: Source Descriptionmentioning

confidence: 99%

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Islam¹,

Babar²,

Croft³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Graph is a core component for many important applications ranging from recommendations and customer type analysis in social networks to anomaly detection, behavior analysis in sensor networks [31] [6]. Even if graph is not explicitly given, estimated latent graph can be helpful for those applications because the graph gives them relationships and interactions between nodes [9] [26] [13].…”

Section: Introductionmentioning

confidence: 99%

Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks

Takahashi

2019

2019 IEEE International Conference on Big Data (Big Data)

View full text Add to dashboard Cite

Graph convolutional neural networks, which learn aggregations over neighbor nodes, have achieved great performance in node classification tasks. However, recent studies reported that such graph convolutional node classifier can be deceived by adversarial perturbations on graphs. Abusing graph convolutions, a node's classification result can be influenced by poisoning its neighbors. Given an attributed graph and a node classifier, how can we evaluate robustness against such indirect adversarial attacks? Can we generate strong adversarial perturbations which are effective on not only one-hop neighbors, but more far from the target? In this paper, we demonstrate that the node classifier can be deceived with high-confidence by poisoning just a single node even two-hops or more far from the target. Towards achieving the attack, we propose a new approach which searches smaller perturbations on just a single node far from the target. In our experiments, our proposed method shows 99% attack success rate within two-hops from the target in two datasets. We also demonstrate that m-layer graph convolutional neural networks have chance to be deceived by our indirect attack within m-hop neighbors. The proposed attack can be used as a benchmark in future defense attempts to develop graph convolutional neural networks with having adversary robustness.

show abstract

A Comprehensive Dynamic Quality Assessment Method for Cyber Threat Intelligence

Wang

Yang

Lou

2022

2022 52nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W)

View full text Add to dashboard Cite

Graph Mining-based Trust Evaluation Mechanism with Multidimensional Features for Large-scale Heterogeneous Threat Intelligence

Cited by 11 publications

References 14 publications

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Indirect Adversarial Attacks via Poisoning Neighbors for Graph Convolutional Networks

A Comprehensive Dynamic Quality Assessment Method for Cyber Threat Intelligence

Contact Info

Product

Resources

About