Relevance Filtering for Shared Cyber Threat Intelligence (Short Paper)

Wagner, Thomas D.; Palomar, Esther; Mahbub, Khaled; Abdallah, Ali E.

doi:10.1007/978-3-319-72359-4_35

Cited by 8 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Low-level approaches are those that describe threats in detail. Such approaches may be based on the use of the list of attacks [15][16][17][18][19] or the list of attack scenarios [20]. Some approaches come down to analyzing the exploitation of vulnerabilities in the system [21][22][23].…”

Section: Related Workmentioning

confidence: 99%

Model of Threats to Computer Network Software

2019

View full text Add to dashboard Cite

This article highlights the issue of identifying information security threats to computer networks. The aim of the study is to increase the number of identified threats. Firstly, it was carried out the analysis of computer network models used to identify threats, as well as in approaches to building computer network threat models. The shortcomings that need to be corrected are highlighted. On the basis of the mathematical apparatus of attributive metagraphs, a computer network model is developed that allows to describe the software components of computer networks and all possible connections between them. On the basis of elementary operations on metagraphs, a model of threats to the security of computer network software is developed, which allows compiling lists of threats to the integrity and confidentiality of computer network software. These lists include more threats in comparison with the considered analogues.

show abstract

Section: Related Workmentioning

confidence: 99%

Model of Threats to Computer Network Software

2019

View full text Add to dashboard Cite

show abstract

“…A CTIP is relevant to an organization when its contained threat-related information relates to the organization’s context (e.g., location, domain, business process). A relevant CTIP is expected to be actionable to the organization consuming it [ 11 , 13 , 14 ]. A CTIP is actionable when the utilization of its content (i.e., the threat-related information that it contains) leads to a decision or an action to control an ongoing, imminent, or a future threat.…”

Section: Introductionmentioning

confidence: 99%

“…A CTIP is actionable when the utilization of its content (i.e., the threat-related information that it contains) leads to a decision or an action to control an ongoing, imminent, or a future threat. The necessity of filtering to avoid overload and “distilling the signal from the noise” has been extensively pointed out in the literature [ 13 , 14 , 15 , 16 , 17 , 18 ]. The lack of filtering overwhelms organizations’ processing capabilities [ 11 ] and demands expertise for narrowing down shared CTIP manually [ 14 ].…”

Section: Introductionmentioning

confidence: 99%

“…The necessity of filtering to avoid overload and “distilling the signal from the noise” has been extensively pointed out in the literature [ 13 , 14 , 15 , 16 , 17 , 18 ]. The lack of filtering overwhelms organizations’ processing capabilities [ 11 ] and demands expertise for narrowing down shared CTIP manually [ 14 ]. The overload of CTIP causes the organizations’ reluctance to participate in threat information sharing ecosystems, particularly in the case of SMEs, that represent 99% of all organizations in Europe [ 19 ] and in the United States [ 20 ].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Contextualized Filtering for Shared Cyber Threat Information

Dimitriadis

Prassas

Flores

et al. 2021

Sensors

View full text Add to dashboard Cite

Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.

show abstract

“…As the basis of the threat model, the authors most often use the list of attacks [11][12][13][14][15], the list of attack scenarios [16], the description of exploitation of vulnerabilities [17,18], and the description of attackers [19]. This approach does not allow to determine the list of threats.…”

Section: Introductionmentioning

confidence: 99%

Information Security Methods—Modern Research Directions

et al. 2019

View full text Add to dashboard Cite

In Tomsk University of Control Systems and Radioelectronics (TUSUR) one of the main areas of research is information security. The work is carried out by a scientific group under the guidance of Professor Shelupanov. One of the directions is the development of a comprehensive approach to assessing the security of the information systems. This direction includes the construction of an information security threats model and a protection system model, which allow to compile a complete list of threats and methods of protection against them. The main directions of information security tools development are dynamic methods of biometrics, methods for generating prime numbers for data encryption, steganography, methods and means of data protection in Internet of Things (IoT) systems. The article presents the main results of research in the listed areas of information security. The resultant properties in symmetric cryptography are based on the properties of the power of the generating functions. The authors have obtained symmetric principles for the development of primality testing algorithms, as discussed in the Appendix.Symmetry 2018, 10, x FOR PEER REVIEW 3 of 33 Ported to AMR system devices, IPsec ensures mutual authentication of network devices using the IKEv2 protocol. Optionally, the network can be configured based on the EAP-PSK protocol. During configuration, the devices receive network addresses and authentication keys, at which point the execution of EAP-PSK is stopped and data is transferred via IPsec. Another option is to use pre-installed certificates on the devices. In this case, the initial configuration is done manually, but the network does not require EAP-PSK to be used.Data integrity control and encryption during transmission are provided by ESP, which is the protocol used in IPsec at the transport level. This protocol ensures the security of both the data transmitted and packet headers at the network level.This approach makes it possible to ensure reliable authentication of the AMR system devices and the security of the data to be transmitted and opens a wide range of options for the configuration of network operation; however, it cannot be used in networks with heterogeneous communication channels. The EAP-PSK-based approach offers less flexibility but is suitable for networks with heterogeneous communication channels. For an AMR system, a list of threats was proposed based on the developed methodology. Threats to the confidentiality of the system are threats related to the collection of information about the system. This can be a list of devices, software versions, authentication data, access control policies, network addresses, interaction protocols, etc. Threats to the integrity of the automated system for commercial accounting are: substitution of an object, substitution of a communication channel, deletion of an object, destruction of a communication channel, addition of an unauthorized object, creation of an unauthorized communication channel; change of communication channel or object settings...

show abstract

Relevance Filtering for Shared Cyber Threat Intelligence (Short Paper)

Cited by 8 publications

References 5 publications

Model of Threats to Computer Network Software

Model of Threats to Computer Network Software

Contextualized Filtering for Shared Cyber Threat Information

Information Security Methods—Modern Research Directions

Contact Info

Product

Resources

About