Towards a Big Data Architecture for Facilitating Cyber Threat Intelligence

Wheelus, Charles; Bou‐Harb, Elias; Zhu, Xingquan

doi:10.1109/ntms.2016.7792484

Cited by 14 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…CTI can be acquired by a victim organization who records the attack investigation artifacts and shares them with peers. Wheelus et al [16] propose a tiered big data architecture for the automation of capturing and handling of network traffic. They generate features and artifacts that would be promptly available for machine learning algorithms and anomaly detectors.…”

Section: Background: Cyber Threat Intelligencementioning

confidence: 99%

ATHAFI: Agile Threat Hunting And Forensic Investigation

Puzis,

Zilberman,

Elovici

2020

Preprint

View full text Add to dashboard Cite

Attackers rapidly change their attacks to evade detection. Even the most sophisticated Intrusion Detection Systems that are based on artificial intelligence and advanced data analytic cannot keep pace with the rapid development of new attacks. When standard detection mechanisms fail or do not provide sufficient forensic information to investigate and mitigate attacks, targeted threat hunting performed by competent personnel is used. Unfortunately, many organization do not have enough security analysts to perform threat hunting tasks and today the level of automation of threat hunting is low.In this paper we describe a framework for agile threat hunting and forensic investigation (ATHAFI), which automates the threat hunting process at multiple levels. Adaptive targeted data collection, attack hypotheses generation, hypotheses testing, and continuous threat intelligence feeds allow to perform simple investigations in a fully automated manner. The increased level of automation will significantly boost the analyst's productivity during investigation of the harshest cases.Special Workflow Generation module adapts the threat hunting procedures either to the latest Threat Intelligence obtained from external sources (e.g. National CERT) or to the likeliest attack hypotheses generated by the Hypotheses Generation module. The combination of Attack Hypotheses Generation and Workflows Generation enables intelligent adjustment of workflows, which react to emerging threats effectively.

show abstract

Section: Background: Cyber Threat Intelligencementioning

confidence: 99%

ATHAFI: Agile Threat Hunting And Forensic Investigation

Puzis,

Zilberman,

Elovici

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…Viime vuosien aikana kyberhyökkäykset ovat lisääntyneet ja monimutkaistuneet, jonka vuoksi niiden havaitsemiseen, analysointiin ja suojaukseen tarvitaan yhä enemmän reaaliaikaista tietoa. (Conti ym., 2018;Wheelus, Bou-Harb & Zhu, 2016. )…”

Section: Tietoturvallisuus Organisaatiossaunclassified

Cyber Threat Intelligence

Dehghantanha¹,

Conti²,

Dargahi³

2018

Advances in Information Security

View full text Add to dashboard Cite

Maailman digitalisoitumisen seurauksena kerätyn datan määrä on kasvanut eksponentiaalisesti, tietojärjestelmät ovat monimutkaistuneet ja kyberhyökkäykset kehittyneet teknologian kehityksen mukana, jonka vuoksi perinteiset kyberhyökkäyksen torjuntamenetelmät eivät enää yksinään riitä suojaamaan organisaatioita. Tutkielmassa tarkastellaan miten Cyber Threat Intelligence edesauttaa organisaatioiden tietoturvaa ja mitä haasteita se tuo. Tutkielma on toteutettu kirjallisuuskatsauksena ja se pyrkii vastaamaan tutkimuskysymykseen: "Mitä on Cyber Threat Intelligence, miten se vaikuttaa ja mitä haasteita se tuo?". Kehittyneiden kyberhyökkäyksien takia yleistä toimintatapaa täytyisi siirtää hyökkäyksistä aiheutuneiden vahinkojen jälkikäteen korjaamisesta hyökkäyksien ennakoimiseen. Hyökkäyksien ennakoimiseen yksi tapa on hyödyntää Big Dataa, sillä kerätyn datan seasta loÿtyy vastauksia useampiinkin ongelmiin, mutta datan valtavan määrän ja monimutkaisuuden vuoksi, sitä on hidasta kerätä ja prosessoida sekä vaikea hallita. Uusi nouseva trendi on Cyber Threat Intelligence, jonka tarkoituksena on hyödyntää erilaisista lähteistä saatua analysoitua informaatiota kyberuhista ja sen perusteella tehdä päätöksiä tietoturvan parantamiseksi.

show abstract

“…In this study, a big data architecture is proposed and evaluated to automate the analysis of heterogeneous network data, allowing for effective cyber threat intelligence analytics. In this study, a big data architecture is proposed and evaluated to automate the analysis of heterogeneous network data, allowing for effective cyber threat intelligence analytics [1].…”

Section: Introductionmentioning

confidence: 99%

Data Analytics and Predictive Modeling for Toll Violation Prevention

Lembhe

2022

J Arti Inte & Cloud Comp

View full text Add to dashboard Cite

This study aims to utilize data analytics and predictive modeling techniques to prevent toll violations. By analyzing various sources of data such as travel datasets, unstructured data, and financial data, the study will develop algorithms that can accurately predict toll violations and identify potential fraud patterns. The research, which utilized unstructured data, points to the utility of data mining which would greatly benefit traffic research, particularly African-based studies, that suffer from data inadequacy. The study will also explore the use of machine learning algorithms to decipher the large textual data contained in transportation research papers. Additionally, the study will investigate the accuracy and performance of different predictive algorithms, such as linear regression, analysis of variance, and artificial neural networks, in predicting toll violations based on various factors such as category, purpose, total distance, and speed of travel. Furthermore, the study will examine the forensic aspects of big data in order to enhance the capabilities of forensic investigators in case of a network attack. In today’s rapidly changing world, the significance of accurate toll violation prevention using data analytics and predictive modeling techniques cannot be overstated. In today’s rapidly changing world, the significance of accurate toll violation prevention using data analytics and predictive modeling techniques cannot be overstated. By leveraging data analytics and predictive modeling, this study aims to develop an effective toll violation prevention system

show abstract

Towards a Big Data Architecture for Facilitating Cyber Threat Intelligence

Cited by 14 publications

References 12 publications

ATHAFI: Agile Threat Hunting And Forensic Investigation

ATHAFI: Agile Threat Hunting And Forensic Investigation

Cyber Threat Intelligence

Data Analytics and Predictive Modeling for Toll Violation Prevention

Contact Info

Product

Resources

About