An analysis and classification of public information security data sources used in research and practice

Sauerwein, Clemens; Pekaric, Irdin; Felderer, Michael; Breu, Ruth

doi:10.1016/j.cose.2018.12.011

Cited by 34 publications

(20 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Moreover, the information that is typically used for forensics and investigations is merely technical. However, the traces left by a cyberattack contain valuable information that should not only be contrasted with repositories of incidents [66], but also with social networks, forums, media, technical and governmental documents and other digital public sources. These open sources contribute with semantic information in the analysis, which result to be interesting for computing and reasoning more complex and far-reaching inferences.…”

Section: Integration Of Osint In Cyberattack Investigationsmentioning

confidence: 99%

The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends

et al. 2020

View full text Add to dashboard Cite

The amount of data generated by the current interconnected world is immeasurable, and a large part of such data is publicly available, which means that it is accessible by any user, at any time, from anywhere in the Internet. In this respect, Open Source Intelligence (OSINT) is a type of intelligence that actually benefits from that open natureby collecting, processing and correlating points of the whole cyberspace to generate knowledge. In fact, recent advances in technology are causing OSINT to currently evolve at a dizzying rate, providing innovative data-driven and AI-powered applications for politics, economy or society, but also offering new lines of action against cyberthreats and cybercrime. The paper at hand describes the current state of OSINT and makes a comprehensive review of the paradigm, focusing on the services and techniques enhancing the cybersecurity field. On the one hand, we analyze the strong points of this methodology and propose numerous ways to apply it to cybersecurity. On the other hand, we cover the limitations when adopting it. Considering there is a lot left to explore in this ample field, we also enumerate some open challenges to be addressed in the future. Additionally, we study the role of OSINT in the public sphere of governments, which constitute an ideal landscape to exploit open data.

show abstract

Section: Integration Of Osint In Cyberattack Investigationsmentioning

confidence: 99%

The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends

et al. 2020

View full text Add to dashboard Cite

show abstract

“…Another method to assess the relevancy of CTI sources according to the observables that they provide in allowing the early detection of cyber-attacks was proposed in [14]; the main idea relied on CTI content analysis and the "appearance-burst-disappearance" overall trend model. Likewise, content analysis techniques were also applied in [15], but with the different goal of introducing a new taxonomy of the CTI information conveyed by a data source: vulnerabilities, threats, countermeasures, attacks, risks and assets. In addition, this has been correlated with the type of the CTI source (i.e., blogs, forum, vendors, mailing lists, etc.)…”

Section: Related Workmentioning

confidence: 99%

“…to gain some insight regarding the use of structured (or unstructured) CTI formats, the support of interfaces and APIs, the frequency of updating/sharing, the trustworthiness of the CTI and its originality. The latter is also considered in this paper, but for a much broader type of sources than those in [15], which are mostly limited (with few exceptions) to our class of external open-source intelligence sources that is next introduced.…”

Section: Related Workmentioning

confidence: 99%

A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages

2020

View full text Add to dashboard Cite

The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats.

show abstract

“…To sustain the need of using, as an initial database, the list of IoT-oriented CVEs in our current proposal, numerous articles consider CVEs as main data source for vulnerabilities [5,13,14,15]. In Reference [14], the authors emphasize the need for a structured and trustworthy database of information regarding vulnerabilities, attacks, threats, countermeasures, and risks within the task of information security risk management processes. To achieve this, they introduced a taxonomy to classify and compare several data sources based on the type of information, integrability, timeliness, originality, type of source, and trustworthiness.…”

Section: Related Workmentioning

confidence: 99%

Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks

Georgescu

Iancu

Zurini

2019

Sensors

View full text Add to dashboard Cite

The aim of this paper was to enhance the process of diagnosing and detecting possible vulnerabilities within an Internet of Things (IoT) system by using a named entity recognition (NER)-based solution. In both research and practice, security system management experts rely on a large variety of heterogeneous security data sources, which are usually available in the form of natural language. This is challenging as the process is very time consuming and it is difficult to stay up to date with the constant findings in the areas of security threats, vulnerabilities, attacks, countermeasures, and risks. The proposed system is conceived as a semantic indexing solution of existing vulnerabilities and serves as an information tool for security management experts. By integrating the proposed system, the users can easily discover the potential vulnerabilities of their IoT devices. The proposed solution integrates ontologies and NER techniques in order to obtain a high rate of automation with the scope of reaching a self-maintained and up-to-date system in terms of vulnerabilities and common exposures knowledge. To achieve this, a total of 312 CVEs (common vulnerabilities and exposures) specific to the IoT field were identified. CVEs are arguably one of the most important cybersecurity resources nowadays, containing information about the latest discovered vulnerabilities. This set is further used as data corpus for an NER model designed to identify the main entities and relations that are relevant to IoT security. The goal is to automatically monitor cybersecurity information relevant to IoT, and filter and present it in an organized and structured framework based on users’ needs. The taxonomies specific to IoT security are implemented via a domain ontology, which is later used to process natural language. Relevant tokens are marked as entities and the relations between them identified. The text analysis solution is connected to a gateway which scans the environment and identifies the main IoT devices and communication technologies. The strength of the approach proposed within this research is that the designed semantic gateway is using context-aware searches in the modeled IoT security database and can identify possible vulnerabilities before they can be exploited.

show abstract

An analysis and classification of public information security data sources used in research and practice

Cited by 34 publications

References 20 publications

The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends

The Not Yet Exploited Goldmine of OSINT: Opportunities, Open Challenges and Future Trends

A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages

Named-Entity-Recognition-Based Automated System for Diagnosing Cybersecurity Situations in IoT Networks

Contact Info

Product

Resources

About