Security Automation and Threat Information-Sharing Options

Kampanakis, Panos

doi:10.1109/msp.2014.99

Cited by 82 publications

(42 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Interdependence between the firms p γ Information sharing effectiveness between firms p φ 1 Each firm's unit cost (inefficiency) of own information leakage p φ 2 Each firm's unit benefit (efficiency) of the other firm's information leakage p φ 3 Each firm's unit benefit (efficiency) of joint information leakage p Г k Hacker k's information sharing effectiveness with the other hacker, Period 4: Hacker j exerts attack efforts TAj and TBj against firms A and B to obtain further information, and shares information Sj with hacker i for future joint benefit. The actual breach by hacker j, if it occurs and to the extent it occurs, occurs in period 4.…”

Section: Modelmentioning

confidence: 99%

“…Encouraging information sharing, the US federal government recommends Security Based Information Sharing Organizations (SB/ISOs), e.g., Information Sharing & Analysis Centers (ISACs), CERT, INFRAGARD, etc. Kampanakis [1] elaborates upon attempts to standardize security information sharing. Cyber attacks and information sharing differ in that the former demands funding, planning, effort, competence, infrastructure, etc., while the latter may be practically costless except providing the information, which today is possible in almost innumerable ways.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Investment, Hacking, and Information Sharing between Firms and between Hackers

Hausken

2017

Games

View full text Add to dashboard Cite

A four period game between two firms and two hackers is analyzed. The firms first defend and the hackers thereafter attack and share information. Each hacker seeks financial gain, beneficial information exchange, and reputation gain. The two hackers' attacks and the firms' defenses are inverse U-shaped in each other. A hacker shifts from attack to information sharing when attack is costly or the firm's defense is cheap. The two hackers share information, but a second more disadvantaged hacker receives less information, and mixed motives may exist between information sharing and own reputation gain. The second hacker's attack is deterred by the first hacker's reputation gain. Increasing information sharing effectiveness causes firms to substitute from defense to information sharing, which also increases in the firms' unit defense cost, decreases in each firm's unit cost of own information leakage, and increases in the unit benefit of joint leakage. Increasing interdependence between firms causes more information sharing between hackers caused by larger aggregate attacks, which firms should be conscious about. We consider three corner solutions. First and second, the firms deter disadvantaged hackers. When the second hacker is deterred, the first hacker does not share information. Third, the first hacker shares a maximum amount of information when certain conditions are met. Policy and managerial implications are provided for how firms should defend against hackers with various characteristics.

show abstract

Section: Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security Investment, Hacking, and Information Sharing between Firms and between Hackers

Hausken

2017

Games

View full text Add to dashboard Cite

show abstract

“…CybOX (cyber observable expression) is a language used to express network observables or states, and it provides foundation to many other standards. CybOX provides a common structure for representing network observables between or among related operational areas related to enterprise network security; its purpose is to capture and depict incidents and attributes observed in operational areas . These contents can be used to define or adorn attack patterns or appropriate parts of malicious program profiles in the rules; thus it can associate logic pattern structures with evidence that appear or exist in the real world to help perform attack detection and description.…”

Section: Related Workmentioning

confidence: 99%

“…The purpose of designing STIX is to extend indicator sharing to enable the management and widespread exchange of significantly more expressive sets of indicators as well as other full‐spectrum cyber threat information. STIX can implement the sharing of comprehensive, rich, and “high‐fidelity”' cyber threat information across organizational, community, and product/service boundaries . It provides a common mechanism for addressing structured cyber threat information across and among this full range of use cases, improving consistency, efficiency, interoperability, and overall situational awareness, and has better flexibility and extendibility.…”

Section: Related Workmentioning

confidence: 99%

A method for describing industrial control system network attack using object Petri net

Chen

et al. 2015

IEEJ Transactions Elec Engng

View full text Add to dashboard Cite

Nowadays, the threats industrial control systems face from the inside and outside are becoming more and more serious. However, there are very few works describing industrial control system network attacks, which in turn make it very essential for industrial control system network attack researches to describe and model such attacks. This paper proposes an approach to describe the procedure of industrial control system network attacks using the object Petri net, and takes a case study of smart substation attack as example to help introduce this method of description and modeling. This method adopts a hierarchical form of Petri net to describe the entire process of a network attack, which can control the scale of the Petri net model effectively and can describe the attack process in more detail and accurately at the same time.

show abstract

“…$15.00 https://doi.org/10.1145/nnnnnnn.nnnnnnn amount of efforts understanding their behavior so that detection, classification, and labeling of malware are performed with high accuracy using analysis techniques [7][8][9][10][11][12][13]. Threat information sharing for the improvement of the malware detection system by collecting and sharing more information also has been actively studied [14][15][16].…”

Section: Introductionmentioning

confidence: 99%

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Mohaisen¹,

Alrawi²,

Park³

et al. 2018

ICST Transactions on Security and Safety

View full text Add to dashboard Cite

Using runtime execution artifacts to identify malware and its associated "family" is an established technique in the security domain. Many papers in the literature rely on explicit features derived from network, file system, or registry interaction. While effective, the use of these fine-granularity data points makes these techniques computationally expensive. Moreover, the signatures and heuristics are often circumvented by subsequent malware authors. In this work, we propose Chatter, a system that is concerned only with the order in which high-level system events take place. Individual events are mapped onto an alphabet and execution traces are captured via terse concatenations of those letters. Then, leveraging an analyst labeled corpus of malware, n-gram document classification techniques are applied to produce a classifier predicting malware family. This paper describes that technique and its proof-of-concept evaluation. In its prototype form only network events are considered and eleven malware families are used. We show the technique achieves 83%-94% accuracy in isolation and makes non-trivial performance improvements when integrated with a baseline classifier of combined order features to reach an accuracy of up to 98.8%.

show abstract

Security Automation and Threat Information-Sharing Options

Cited by 82 publications

References 0 publications

Security Investment, Hacking, and Information Sharing between Firms and between Hackers

Security Investment, Hacking, and Information Sharing between Firms and between Hackers

A method for describing industrial control system network attack using object Petri net

Network-based Analysis and Classiﬁcation of Malware using Behavioral Artifacts Ordering

Contact Info

Product

Resources

About