Leveraging cyber threat intelligence for a dynamic risk framework

Riesco, Raúl; Villagrá, Víctor A.

doi:10.1007/s10207-019-00433-2

Cited by 49 publications

(34 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It uses semantic variables in an OWL 2 version of STIX™v2 format, to support complex representations with more expressivity. Rules are provided in the format of semantic rule language rules (SWRL 3 ), as proposed by Riesco et al [9]. The use of ontologies, by definition, enables the interoperability and unambiguity of concepts.…”

Section: Approach and Resultsmentioning

confidence: 99%

Cybersecurity threat intelligence knowledge exchange based on blockchain

2019

Self Cite

View full text Add to dashboard Cite

Although cyber threat intelligence (CTI) exchange is a theoretically useful technique for improving security of a society, the potential participants are often reluctant to share their CTI and prefer to consume only, at least in voluntary based approaches. Such behavior destroys the idea of information exchange. On the other hand, governments are forcing specific entities and operators to report them specific incidents depending on their impact, otherwise there could be sanctions to those operators which are not reporting them on time. Obligations and sanctions are usually discouraging participants to share information voluntarily which will just share and report what is strictly required. We propose a paradigm shift of cybersecurity information exchange by introducing a new way to encourage all participants involved, at all levels, to share relevant information dynamically. It will also contribute to the support and deployment of Dynamic Risk Management frameworks to keep risks under an acceptance level along the time. Participants will have new and specific incentives to share, invest and consume threat intelligence and risk intelligence information depending on their different roles (producers, consumers, investors, donors and owner). Our proposal leverages from standards like Structured Threat Information Exchange, as well as W3C semantic web standards to enable a workspace of knowledge related to behavioral threat intelligence patterning to characterize tactics, techniques and procedures. At the same time, we propose an Ethereum Blockchain Smart contract Marketplace to better incentivize the sharing of that knowledge between all parties involved as well as creating a standard CTI token as a digital asset with a promising value in the market. Simulations and an experimentation were performed to demonstrate its benefits and incentives, but also its potential limits with regard to storage and cost of transactions.

show abstract

Section: Approach and Resultsmentioning

confidence: 99%

Cybersecurity threat intelligence knowledge exchange based on blockchain

2019

Self Cite

View full text Add to dashboard Cite

show abstract

“…1, we can think of a power plant operating a state-of-the-art security operations center (SOC). At some point in time, the alerting mechanisms 2 https://www.json.org/. of the plant's intrusion detection systems (IDS) indicate an ongoing attack affecting various critical systems.…”

Section: Motivational Examplementioning

confidence: 99%

“…The last years have seen the emergence of sharing information about threats, cyber attacks, and incidents by organizations. The urge to join forces in the fight against cyber criminals originates from an ever-increasing number of attacks and the related risks for organizations [1,2]. Not only the number but also the complexity of attacks has increased over the years resulting in successful intrusions with more severe forms of security breaches.…”

Section: Introductionmentioning

confidence: 99%

Measuring and visualizing cyber threat intelligence quality

Schlette

Böhm

Caselli

et al. 2020

Int. J. Inf. Secur.

View full text Add to dashboard Cite

The very raison d'être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts' subjective perceptions are, where necessary, included in the quality assessment concept.

show abstract

“…Analyzing and sharing information obtained through TI in an effective manner requires common representation, standards, and exchange protocols. Again, the use of ontologies arises as an interesting approach to address this problem, and therefore, several authors have carried out studies and developments in this sense [12][13][14][15][16].…”

Section: Related Workmentioning

confidence: 99%

“…as a very interesting contribution, for example, to the verification of the impact of supplier change. Most recently, Riesco R. et al proposed in [15] a new dynamic risk management and threat intelligence methodology for generating inference rules to be used in different application domains. The feasibility of this research was addressed in [16], where the authors proposed blockchain and Smart contracts as a solution for fostering cyber threat and risk intelligence exchange of information.…”

Section: Related Workmentioning

confidence: 99%

Ontology-Based System for Dynamic Risk Management in Administrative Domains

et al. 2019

Self Cite

View full text Add to dashboard Cite

With the increasing complexity of cyberthreats, it is necessary to have tools to understand the changing context in real-time. This document will present architecture and a prototype designed to model the risk of administrative domains, exemplifying the case of a country in real-time, specifically, Spain. In order to carry out this task, a modeling of the assets and threats detected by various sources of information has been carried out. All this information is stored as knowledge making use of ontologies, which enables the application of reasoning engines in order to infer new knowledge that can be used later in the following reasoning. This modeling and reasoning have been enriched with a dynamic system for managing the trust of the different sources of information and capabilities for increased reliability with the inclusion of additional threat intelligence information.

show abstract

Leveraging cyber threat intelligence for a dynamic risk framework

Cited by 49 publications

References 12 publications

Cybersecurity threat intelligence knowledge exchange based on blockchain

Cybersecurity threat intelligence knowledge exchange based on blockchain

Measuring and visualizing cyber threat intelligence quality

Ontology-Based System for Dynamic Risk Management in Administrative Domains

Contact Info

Product

Resources

About