How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations

Grispos, George; Glisson, William Bradley; Storer, Tim

doi:10.24251/hicss.2019.859

Cited by 24 publications

(13 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A significant number of research contributions, which include Grispos et al [16], Meier et al [25], and Sillaber et al [32], underline the importance of quality assurance and control for threat intelligence applications. In addition, Li et al [22] and Pinto and Sieira [28] successfully apply security metrics to measure quality criteria of common feeds of threat intelligence data.…”

Section: Application To Data Quality Assurancementioning

confidence: 99%

ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

Kohlrausch¹,

Brin²

2020

Digital Threats

View full text Add to dashboard Cite

Quality assurance and situational awareness are important areas of interest for CSIRTs and security teams. Significant efforts have been made on defining metrics measuring critical parameters for these fields of application. However, methodical approaches are missing or lacking precision to enable a reliable usage of such metrics for quality assurance and situational awareness. In this contribution, we introduce a method that generalizes the application of ARIMA time series analysis on a welldefined set of metrics (ARIMA supplemented metrics) to facilitate and support quality assurance and situational awareness services. This method is based on research on ARIMA models and metrics and builds on CSIRT best practices. We show how data analysts and security practitioners can incorporate this method into existing best practices for CSIRT services pertaining to quality assurance and situational awareness. The applicability of this method is demonstrated by integrating ARIMA supplemented metrics into exemplary processes for quality assurance and situational awareness to support data analysts and security practitioners in CSIRTs and security teams. CCS Concepts: • Security and privacy → Malware and its mitigation; Intrusion detection systems; • Mathematics of computing → Time series analysis; Exploratory data analysis; Stochastic processes; • Security and privacy → Denial-of-service attacks; Formal security models;

show abstract

Section: Application To Data Quality Assurancementioning

confidence: 99%

ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

Kohlrausch¹,

Brin²

2020

Digital Threats

View full text Add to dashboard Cite

show abstract

“…As a result of that research they presented various findings and recommendations regarding threat intelligence data quality. The authors of [14], focused on the topic of quality of data generated by incident response teams during investigations. Their methodology was based on a case study within a financial organization to empirically evaluate data quality.…”

Section: Challenges Of Cyber Threat Intelligencementioning

confidence: 99%

On the Assessment of Completeness and Timeliness of Actionable Cyber Threat Intelligence Artefacts

Yücel

Chalkias

Mallis

et al. 2020

Communications in Computer and Information Science

View full text Add to dashboard Cite

In this paper we propose an approach for hunting adversarial tactics technics and procedures (TTPs) by leveraging information described in structured cyber threat intelligence (CTI) models. We focused on the properties of timeliness and completeness of CTI indicators to drive the discovery of TTPs placed highly on the so-called Pyramid of Pain (PoP). We used the unit42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing process for high pain TTP discovery.

show abstract

“…These fraudulent communications constitute a security incident depending on the outcome of associated activities. Academic and industrial publications continue to indicate that security incidents plague organizations; that incident recognition is critical to response scenarios and that these issues continue to have a financial and legal impact on organizations [2][3][4][5][6][7][8][9][10]. Malicious forms of communication that organizations deal with range from phishing attacks, to bogus customer reviews, to fake news.…”

Section: Introductionmentioning

confidence: 99%

Deception Detection Using Machine Learning

Delgado¹,

Glisson²,

Shashidhar³

et al. 2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

Today's digital society creates an environment potentially conducive to the exchange of deceptive information. The dissemination of misleading information can have severe consequences on society. This research investigates the possibility of using shared characteristics among reviews, news articles, and emails to detect deception in text-based communication using machine learning techniques. The experiment discussed in this paper examines the use of Bag of Words and Part of Speech tag features to detect deception on the aforementioned types of communication using Neural Networks, Support Vector Machine, Naïve Bayesian, Random Forest, Logistic Regression, and Decision Tree. The contribution of this paper is twofold. First, it provides initial insight into the identification of text communication cues useful in detecting deception across different types of text-based communication. Second, it provides a foundation for future research involving the application of machine learning algorithms to detect deception on different types of text communication.

show abstract

How Good is Your Data? Investigating the Quality of Data Generated During Security Incident Response Investigations

Cited by 24 publications

References 17 publications

ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

ARIMA Supplemented Security Metrics for Quality Assurance and Situational Awareness

On the Assessment of Completeness and Timeliness of Actionable Cyber Threat Intelligence Artefacts

Deception Detection Using Machine Learning

Contact Info

Product

Resources

About