Building an effective threat intelligence platform that would make Einstein proud

Ward, Leon

doi:10.1016/s1361-3723(17)30031-3

Cited by 3 publications

(4 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Conversely, an associated URL in threat data might have been used many times. Therefore, threat intelligence must be extracted from the threat data with possible IOCs and their contextual information [3,16,52,46]. Table 1 shows examples of some of these websites that provide threat feeds and are utilized for gathering OSINT.…”

Section: Source Descriptionmentioning

confidence: 99%

“…Using threat intelligence platforms, companies can improve their countermeasures against cyber-attacks and prepare detection and prevention mechanisms. In recent years, the cybersecurity communities have emphasized building common threat intelligence platforms to share threat information in a unified and structured way, and make CTI actionable [18,22,31,33,46,52]. Various specifications and protocols such as STIX, TAXII, Cybox, CWE, CAPEC and CVE are widely used to describe and share threat information through common platforms [5,6,12,37].…”

Section: Source Descriptionmentioning

confidence: 99%

“…Security teams write scripts and define rules to extract necessary information from CTI, and map alerts and incidents to CTI [3,16,38,46]. Whilst techniques such as defining rules and scripts can be automated, they do not help in identifying evolving threats and alerts [41,52,56], because rules can only be defined for behavior of known threats. Thus, human understanding and resolution are required to identify, define and update CTI, rules and scripts for emerging threats to adapt changing contexts.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Islam¹,

Babar²,

Croft³

et al. 2022

Preprint

View full text Add to dashboard Cite

A wide variety of Cyber Threat Information (CTI) is used by Security Operation Centres (SOCs) to perform validation of security incidents and alerts. Security experts manually define different types of rules and scripts based on CTI to perform validation tasks. These rules and scripts need to be updated continuously due to evolving threats, changing SOCs' requirements and dynamic nature of CTI. The manual process of updating rules and scripts delays the response to attacks. To reduce the burden of human experts and accelerate response, we propose a novel Artificial Intelligence (AI) based framework, SmartValidator. SmartValidator leverages Machine Learning (ML) techniques to enable automated validation of alerts. It consists of three layers to perform the tasks of data collection, model building and alert validation. It projects the validation task as a classification problem. Instead of building and saving models for all possible requirements, we propose to automatically construct the validation models based on SOC's requirements and CTI. We built a Proof of Concept (PoC) system with eight ML algorithms, two feature engineering techniques and 18 requirements to investigate the effectiveness and efficiency of SmartValidator. The evaluation results showed that when prediction models were built automatically for classifying cyber threat data, the F1-score of 75% of the models were above 0.8, which indicates adequate performance of the PoC for use in a real-world organization. The results further showed that dynamic construction of prediction models required 99% less models to be built than pre-building models for all possible requirements. Thus, SmartValidator is much more efficient to use when SOCs' requirements and threat behaviour are constantly evolving. The framework can be followed by various industries to accelerate and automate the validation of alerts and incidents based on their CTI and SOC's preferences.

show abstract

Section: Source Descriptionmentioning

confidence: 99%

Section: Source Descriptionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Islam¹,

Babar²,

Croft³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Threat intelligence (TI) is closely related to cybersecurity IS and SA. It embraces all evidence‐based knowledge about existing or emerging threats, which can be used to support cyberdefense decisions . TI has recently attracted great attention, including vendors of security solutions who offer diverse TI solutions …”

Section: Collaborative Security Information Sharing Situation Awarementioning

confidence: 99%

Threat intelligence platform for the energy sector

Wróbel

2019

Softw Pract Exp

View full text Add to dashboard Cite

In recent years, critical infrastructures and power systems in particular have been subjected to sophisticated cyberthreats, including targeted attacks and advanced persistent threats. A promising response to this challenging situation is building up enhanced threat intelligence (TI) that interlinks information sharing and fine-grained situation awareness. In this paper, a framework that integrates all levels of TI, ie, strategic, tactical, operational, and technical, is presented. The platform implements the centralized model of information exchange with peer-to-peer interactions between partners as an option. Several supportive solutions were introduced, including anonymity mechanisms or data processing and correlation algorithms. A data model that enables communication of cyberincident information, both in natural language and machine-readable formats, was defined. Similarly, security requirements for critical components were devised. A pilot implementation of the platform was developed and deployed in the operational environment, which enabled practical evaluation of the design. Also, the security of the anonymity architecture was analyzed.

show abstract

SmartValidator: A framework for automatic identification and classification of cyber threat data

Islam

Babar

Croft

et al. 2022

Journal of Network and Computer Applications

View full text Add to dashboard Cite

Building an effective threat intelligence platform that would make Einstein proud

Cited by 3 publications

References 0 publications

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

SmartValidator: A Framework for Automatic Identification and Classification of Cyber Threat Data

Threat intelligence platform for the energy sector

SmartValidator: A framework for automatic identification and classification of cyber threat data

Contact Info

Product

Resources

About