Analysis of adversary activities using cloud-based web services to enhance cyber threat intelligence

Al-Mohannadi, Hamad; Awan, Irfan; Hamar, Jassim Al

doi:10.1007/s11761-019-00285-7

Cited by 13 publications

(9 citation statements)

References 17 publications

(16 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [31], a novel systematic method for discovering and analyzing attack paths in real-world scale interdependent cyber physical systems is described. A threat intelligence approach exploring attack data collected using cloud-based web service to support the active threat intelligence is presented in [32]. Through the Pyramid of Pain, the level of difficulty in handling cyber threats is indicated by establishing different levels of Indicators of Compromise (IoC) to show the various levels of technical difficulty and understand attackers' behavior.…”

Section: Current Efforts On Attack Modeling and Attack Graphsmentioning

confidence: 99%

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Kalogeraki

Panayiotopoulos

2022

Electronics

View full text Add to dashboard Cite

Recently, the rapid growth of technology and the increased teleworking due to the COVID-19 outbreak have motivated cyber attackers to advance their skills and develop new sophisticated methods, e.g., Advanced Persistent Threat (APT) attacks, to leverage their cybercriminal capabilities. They compromise interconnected Critical Information Infrastructures (CIIs) (e.g., Supervisory Control and Data Acquisition (SCADA) systems) by exploiting a series of vulnerabilities and launching multiple attacks. In this context, industry players need to increase their knowledge on the security of the CIs they operate and further explore the technical aspects of cyber-attacks, e.g., attack’s course, vulnerabilities exploitability, attacker’s behavior, and location. Several research papers address vulnerability chain discovery techniques. Nevertheless, most of them do not focus on developing attack graphs based on incident analysis. This paper proposes an attack simulation and evidence chains generation model which computes all possible attack paths associated with specific, confirmed security events. The model considers various attack patterns through simulation experiments to estimate how an attacker has moved inside an organization to perform an intrusion. It analyzes artifacts, e.g., Indicators of Compomise (IoCs), and any other incident-related information from various sources, e.g., log files, which are evidence of cyber-attacks on a system or network.

show abstract

Section: Current Efforts On Attack Modeling and Attack Graphsmentioning

confidence: 99%

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Kalogeraki

Panayiotopoulos

2022

Electronics

View full text Add to dashboard Cite

show abstract

“…In the process of human body intelligent monitoring, it is necessary to use image monitoring technology to transmit human body intelligent monitoring signal. As the scene change has obvious interference effect on the monitoring effect, this effect will cause the attenuation of image visual signal, thus reducing the accuracy of monitoring [31,32]. According to Equation (3), the human body intelligent monitoring and tracking coefficient obtained under the influence of rapid regional change, such as rapid running, can be calculated.…”

Section: Information Security Communication Protocolmentioning

confidence: 99%

Intelligent Monitoring System for Prison Perimeter Based on Cloud Intelligence Technology

Pan

2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

In order to realize the security of prison perimeter, a prison perimeter intelligent monitoring system based on cloud intelligence technology is designed. Based on the multisupply chain collaboration framework, the prison network interface submodule and sniffer monitoring structure are connected on demand to complete the hardware execution environment of the prison perimeter intelligent monitoring system. Analyze the specific service mode of the cloud smart technology host, set the necessary cloud smart technology service monitoring protocol, judge the processing information parameters, select the prison perimeter remote communication port number, set the prison perimeter network IP address and password program, complete the construction of the software execution environment of the monitoring system, and intelligently monitor and track the abnormal conditions around the prison; combined with the relevant hardware and software structure, the design of prison perimeter intelligent monitoring system based on cloud intelligence technology is realized. The experimental results show that the DPI index of the designed system has an obvious upward trend, and the processing results are close to the original image results to avoid the impact caused by the change of monitoring scene.

show abstract

“…The result shows that the approach provides a better offloading performance. A threat intelligence approach was proposed to analyse the threat within a cloud honeypot as a service by applying elastic search [ 15 ]. Several parameters such as Matrix IoC, attack, behaviour and pattern were used for the threat analysis.…”

Section: Related Workmentioning

confidence: 99%

Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems

Alwaheidi

Islam

2022

Sensors

View full text Add to dashboard Cite

Cloud computing offers many benefits including business flexibility, scalability and cost savings but despite these benefits, there exist threats that require adequate attention for secure service delivery. Threats in a cloud-based system need to be considered from a holistic perspective that accounts for data, application, infrastructure and service, which can pose potential risks. Data certainly plays a critical role within the whole ecosystem and organisations should take account of and protect data from any potential threats. Due to the variation of data types, status, and location, understanding the potential security concerns in cloud-based infrastructures is more complex than in a traditional system. The existing threat modeling approaches lack the ability to analyse and prioritise data-related threats. The main contribution of the paper is a novel data-driven threat analysis (d-TM) approach for the cloud-based systems. The main motivation of d-TM is the integration of data from three levels of abstractions, i.e., management, control, and business and three phases, i.e., storage, process and transmittance, within each level. The d-TM provides a systematic flow of attack surface analysis from the user agent to the cloud service provider based on the threat layers in cloud computing. Finally, a cloud-based use case scenario was used to demonstrate the applicability of the proposed approach. The result shows that d-TM revealed four critical threats out of the seven threats based on the identified assets. The threats targeted management and business data in general, while targeting data in process and transit more specifically.

show abstract

Analysis of adversary activities using cloud-based web services to enhance cyber threat intelligence

Cited by 13 publications

References 17 publications

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

An Attack Simulation and Evidence Chains Generation Model for Critical Information Infrastructures

Intelligent Monitoring System for Prison Perimeter Based on Cloud Intelligence Technology

Data-Driven Threat Analysis for Ensuring Security in Cloud Enabled Systems

Contact Info

Product

Resources

About