How to exchange security events? Overview and evaluation of formats and protocols

Steinberger, Jessica; Sperotto, Anna; Golling, Mario; Baier, Harald

doi:10.1109/inm.2015.7140300

Cited by 41 publications

(30 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Realworld information exchange platforms focus rather on highlevel pieces of information such as security alerts, formal representations of security events reported by intrusion detection systems. An overview of formats and protocols for exchange of such information was presented by Steinberger et al [8].…”

Section: Related Workmentioning

confidence: 99%

Towards Predicting Cyber Attacks Using Information Exchange and Data Mining

Husák

Kašpar

2018

2018 14th International Wireless Communications &Amp; Mobile Computing Conference (IWCMC)

View full text Add to dashboard Cite

Abstract-In this paper, we present an empirical evaluation of an approach to predict attacker's activities based on information exchange and data mining. We gathered the cyber security alerts shared within the SABU platform, in which around 220,000 alerts from heterogeneous geographically distributed sensors (intrusion detection systems and honeypots) are shared every day. Subsequently, we used the methods of sequential rule mining to identify common attack patterns and to derive rules for predicting attacks. As we illustrate in this paper, a collaborative environment allows attack prediction in multiple dimensions. First, we can predict what will the attacker do next and when. Second, we can predict where will the attack hit, e.g., when an attacker is targeting several networks at once. In a weeklong experiment, we processed in total over 1 million alerts, from which we mined predictive rules every day. Our findings show that most of the rules display stable values of support and confidence and, thus, can be used to predict cyber attacks in consecutive days after mining without a need to actualize the rules every day.

show abstract

Section: Related Workmentioning

confidence: 99%

Towards Predicting Cyber Attacks Using Information Exchange and Data Mining

Husák

Kašpar

2018

2018 14th International Wireless Communications &Amp; Mobile Computing Conference (IWCMC)

View full text Add to dashboard Cite

show abstract

“…Cybersecurity information sharing and risk interdependency have been studied extensively in [12][13][14][15][16][17][18][19][20]. Rutkowski et al [12] have investigated the specification and use case of the cybersecurity information exchange framework.…”

Section: Cybersecurity Information Sharingmentioning

confidence: 99%

Fair and private rewarding in a coalitional game of cybersecurity information sharing

Vakilinia

Sengupta

2019

IET Inf. secur

View full text Add to dashboard Cite

Cybersecurity information sharing is a key factor of cyber threat intelligence, allowing organizations to detect and prevent malicious behaviors proactively. However, stimulating organizations to participate and deterring free-riding in such sharing is a big challenge. To this end, the sharing system should be equipped with a rewarding and participation-fees allocation mechanisms to encourage sharing behavior. The problem of cybersecurity information sharing as a non-cooperative game has been studied extensively. In contrast, in this paper, we model such a problem as a coalitional game. We investigate a rewarding and participation-fees calculation based on profit sharing in coalitional game theory. In particular, we formulate a coalitional game between organizations and analyze the well-known Shapley value and Nucleolus solution concepts in the cybersecurity information sharing system. Moreover, as the participation-fees may leak sensitive information about the organizations' cyber-infrastructure, we study the application of differential privacy in the coalitional game theory to protect the organization's fees while approximating the fairness.

show abstract

“…Collaborative security and collaborative intrusion detection were surveyed recently by Meng et al [15] and Vasilomanolakis et al [21]. Formats and protocols for exchanging security events were brie y surveyed by Steinberger et al [18].…”

Section: Technical Backgroundmentioning

confidence: 99%

“…Lately, STIX gained attention in the cyber security community. There are a lot of examples of security alerts in these formats, as well as their comparison, in the related literature [10,18].…”

Section: Technical Backgroundmentioning

confidence: 99%