Neural network and blockchain based technique for cyber threat intelligence and situational awareness

Graf, Roman; King, Ross

doi:10.23919/cycon.2018.8405028

Cited by 18 publications

(14 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Security software: SIEM systems [80], intrusion detection/prevention systems [37], [103], [107], [128], [162], [173], [174], firewalls [37], [104], [127], [128], [174], anti-virus software [37], [111], [127], vulnerability scanners [173], identity and access management [104] • Network assets: Switches [104], [173], routers [104], [128], [173], servers [104], [127], [173], hosts [104], [173], proxies [174] • Virtualization environments: Hypervisor, virtual machine introspection, cloud environments [80] • Operational technology: Sensors, actuators, PLCs • Other Software: Open-Source Big Data Analytics [80], databases [173], identity and access management [173], mailserver [174], operating systems [111], [174] • Physical security assets: Security cameras, access control • External (Threat) Intelligence: Geolocation and DNS lookup [80], open source intelligence (OSINT) [47], [129], intelligence from threat sharing platforms or other organizations [130]- [132] • People:…”

Section: ) Data Collectionmentioning

confidence: 99%

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

Section: ) Data Collectionmentioning

confidence: 99%

Security Operations Center: A Systematic Study and Open Challenges

et al. 2020

View full text Add to dashboard Cite

“…To address challenges related to CTI automation, various research solutions are being proposed to dynamically manage cyber threat intelligence data. In this sense, Graf and King [23] employ a neural network autoencoder, supported by blockchain technology, for the classification and management of shared CTI information. Blockchain smart contracts are employed for the life-cycle management, supporting the acquisition, usage, and archival disposal of incidents.…”

Section: Related Workmentioning

confidence: 99%

Distributed Security Framework for Reliable Threat Intelligence Sharing

Preuveneers

Joosen

Bernabé

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Computer security incident response teams typically rely on threat intelligence platforms for information about sightings of cyber threat events and indicators of compromise. Other security building blocks, such as Network Intrusion Detection Systems, can leverage the information to prevent malicious adversaries from spreading malware across critical infrastructures. The effectiveness of threat intelligence platforms heavily depends on the willingness to share among organizations and the responsible use of sensitive information that may potentially harm the reputation of the reporting organization. The challenge that we address is the lack of trust in the source providing the threat intelligence and the information itself. We enhance our security framework TATIS—offering fine-grained protection for threat intelligence platform APIs—with distributed ledger capabilities to enable reliable and trustworthy threat intelligence sharing with the ability to audit the provenance of threat intelligence. We have implemented and evaluated the feasibility of our distributed framework on top of the Malware Information Sharing Platform (MISP) solution, and we evaluate the performance impact using real-world open-source threat intelligence feeds.

show abstract

“…Integration of these shared data into cybersecurity products and keeping these data up to date can be costly. As a solution to this situation, studies in which blockchain-based cyber intelligence data are shared are proposed [18] [19] [20].…”

Section: Literature Reviewmentioning

confidence: 99%

Blockchain Based Information Sharing Mechanism for Cyber Threat Intelligence

Büber

Şahingöz

2020

Balkan Journal of Electrical and Computer Engineering

View full text Add to dashboard Cite

In recent years, networked computers are extensively used in every aspect of our daily lives. Besides, the anonymous structure of the Internet results in an increase in the number of attacks not only for individual users but also for local area networks. Current attacks are more sophisticated, and they are developed by experienced intruders with the use of automated malware production methods. These organized intrusions can go over the defense lines of the systems due to the weakness of the detection/prevention mechanisms or carelessness of individual users. After sneaking into the system, these attacks can work until they are detected, and they can access many critical resources of the company. Earlier detection of these attacks is very trivial issue for the security admins. This can be accomplished by acquiring the signature (critical information) of the newest attacks as early as possible. One suggested solution is the use of a Threat Information Sharing system, which is set up between security firms and authorities. This approach enables the distribution of the marks of the recent (zero-day) attacks and the development of some proactive prevention mechanisms for them. The use of both peer to peer and centralized sharing mechanisms have some inherited deficiencies. Therefore, in this paper, a pure decentralized cybersecurity information sharing system is proposed with the use of blockchain technology. A controlled decision-making mechanism, authorization termination, and rule-sets maintenance are proposed to make distributed decisions within the system. For making a decision, two smart contracts should be used in the blockchain. One holds the positive votes while the other holds the negative ones. Members of the system are able to access cyber threat data by using company-related queries. The system can facilitate the integration of many data sources into cybersecurity management system. Additionally, it enables us to collect in a single repository that can be accessed for implementing real-time cybersecurity applications.

show abstract

Neural network and blockchain based technique for cyber threat intelligence and situational awareness

Cited by 18 publications

References 10 publications

Security Operations Center: A Systematic Study and Open Challenges

Security Operations Center: A Systematic Study and Open Challenges

Distributed Security Framework for Reliable Threat Intelligence Sharing

Blockchain Based Information Sharing Mechanism for Cyber Threat Intelligence

Contact Info

Product

Resources

About