Offensive Security: Cyber Threat Intelligence Enrichment With Counterintelligence and Counterattack

Rana, Muhammad Usman; Ellahi, Osama; Alam, Masoom; Webber, Julian; Mehbodniya, Abolfazl; Khan, Shawal

doi:10.1109/access.2022.3213644

Cited by 10 publications

(8 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CTI focuses primarily on defense against these attacks, but there is a need for new methods to unmask attackers. Rana et al [ 38 ] created malicious files as decoys, allowing the authors to gather information from susceptible PCs using honeypots. They used various tools for data analysis, including Visual Studio Code and Python.…”

Section: Resultsmentioning

confidence: 99%

“…The evaluation method uses counterintelligence techniques such as cyber deception and decoy files to obtain adversary information. Overall, this research focuses on providing better proactive adversarial system intelligence by capturing attackers’ system information through accurate document-based tokens in a proactive defensive environment while executing threat hunting with TTPs (Tactics Techniques Procedures) [ 38 ].…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

Cybersecurity is a significant concern for businesses worldwide, as cybercriminals target business data and system resources. Cyber threat intelligence (CTI) enhances organizational cybersecurity resilience by obtaining, processing, evaluating, and disseminating information about potential risks and opportunities inside the cyber domain. This research investigates how companies can employ CTI to improve their precautionary measures against security breaches. The study follows a systematic review methodology, including selecting primary studies based on specific criteria and quality valuation of the selected papers. As a result, a comprehensive framework is proposed for implementing CTI in organizations. The proposed framework is comprised of a knowledge base, detection models, and visualization dashboards. The detection model layer consists of behavior-based, signature-based, and anomaly-based detection. In contrast, the knowledge base layer contains information resources on possible threats, vulnerabilities, and dangers to key assets. The visualization dashboard layer provides an overview of key metrics related to cyber threats, such as an organizational risk meter, the number of attacks detected, types of attacks, and their severity level. This relevant systematic study also provides insight for future studies, such as how organizations can tailor their approach to their needs and resources to facilitate more effective collaboration between stakeholders while navigating legal/regulatory constraints related to information sharing.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Port-based classification or flow-based analysis and Deep Packet Inspection (DPI) are frequently used in these techniques [28]. These techniques have, however, a number of drawbacks, such as the requirement for thorough payload inspection, vulnerability to evasion strategies, and reliance on wellknown port numbers [2].…”

Section: Traditional Vpn Classification Methodsmentioning

confidence: 99%

“…These countries have enforced laws making VPN use on phones illegal, accompanied by severe fines and potential imprisonment. Such measures underscore the increasing focus on VPN usage globally, particularly when they are employed to circumvent geo-restrictions and access blocked content, raising significant issues regarding cybersecurity and national security [1][2][3].…”

Section: Introductionmentioning

confidence: 99%

Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive Framework

Alqahtany,

Syed

2024

Applied Sciences

View full text Add to dashboard Cite

In an era marked by technological advancement, the rising reliance on Virtual Private Networks (VPNs) necessitates sophisticated forensic analysis techniques to investigate VPN traffic, especially in mobile environments. This research introduces an innovative approach utilizing Convolutional Neural Networks (CNNs) and Graph Neural Networks (GNNs) for classifying VPN traffic, aiding forensic investigators in precisely identifying applications or websites accessed via VPN connections. By leveraging the combined strengths of CNNs and GNNs, our method provides an effective solution for discerning user activities during VPN sessions. Further extending this framework, we incorporate blockchain technology to meticulously record all mobile VPN transactions, ensuring a tamper-proof and transparent ledger that significantly bolsters the integrity and admissibility of forensic evidence in legal scenarios. A specific use-case demonstrates this methodology in mobile forensics, where our integrated approach not only accurately classifies data traffic but also securely logs transactional details on the blockchain, offering an unprecedented level of detail and reliability in forensic investigations. Extensive real-world VPN dataset experiments validate our approach, highlighting its potential to achieve high accuracy and offering invaluable insights for both technological and legal domains in the context of mobile VPN usage.

show abstract

“…Riesco et al [8] suggested using smart contracts and blockchain technology to encourage information sharing and create dynamic risk-management systems that may instantly reduce cyber risks. Using Python and Visual Studio Code for data analysis, Rana et al [9] used malicious files as decoys to extract information from susceptible systems.…”

Section: Introductionmentioning

confidence: 99%

Insights into Cybercrime Detection and Response: A Review of Time Factor

Taherdoost

2024

Information

View full text Add to dashboard Cite

Amidst an unprecedented period of technological progress, incorporating digital platforms into diverse domains of existence has become indispensable, fundamentally altering the operational processes of governments, businesses, and individuals. Nevertheless, the swift process of digitization has concurrently led to the emergence of cybercrime, which takes advantage of weaknesses in interconnected systems. The growing dependence of society on digital communication, commerce, and information sharing has led to the exploitation of these platforms by malicious actors for hacking, identity theft, ransomware, and phishing attacks. With the growing dependence of organizations, businesses, and individuals on digital platforms for information exchange, commerce, and communication, malicious actors have identified the susceptibilities present in these systems and have begun to exploit them. This study examines 28 research papers focusing on intrusion detection systems (IDS), and phishing detection in particular, and how quickly responses and detections in cybersecurity may be made. We investigate various approaches and quantitative measurements to comprehend the link between reaction time and detection time and emphasize the necessity of minimizing both for improved cybersecurity. The research focuses on reducing detection and reaction times, especially for phishing attempts, to improve cybersecurity. In smart grids and automobile control networks, faster attack detection is important, and machine learning can help. It also stresses the necessity to improve protocols to address increasing cyber risks while maintaining scalability, interoperability, and resilience. Although machine-learning-based techniques have the potential for detection precision and reaction speed, obstacles still need to be addressed to attain real-time capabilities and adjust to constantly changing threats. To create effective defensive mechanisms against cyberattacks, future research topics include investigating innovative methodologies, integrating real-time threat intelligence, and encouraging collaboration.

show abstract

Offensive Security: Cyber Threat Intelligence Enrichment With Counterintelligence and Counterattack

Cited by 10 publications

References 45 publications

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Integrating Blockchain and Deep Learning for Enhanced Mobile VPN Forensics: A Comprehensive Framework

Insights into Cybercrime Detection and Response: A Review of Time Factor

Contact Info

Product

Resources

About