A survey on technical threat intelligence in the age of sophisticated cyber attacks

2018 ◽  
Vol 72 ◽  
pp. 212-233 ◽  
Author(s):  
Wiem Tounsi ◽  
Helmi Rais
Keyword(s):  
Cyber Attacks ◽  
Threat Intelligence

scholarly journals A Novel Approach to Cyber Hazard Management Intelligence System

2018 ◽  
Vol 7 (2.7) ◽  
pp. 473
Author(s):  
B Bala Bharathi ◽  
E Suresh Babu
Keyword(s):  
Cyber Attacks ◽  
Hazard Management ◽  
Intelligence System ◽  
Novel Approach ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Consistent Information ◽  
A Company ◽  
Physical Address

Detecting and defending against insider and outsider threats seems to be a major challenge for information security system. such that cyber-attacks pose a silent threat for a company with a havoc likely to be in billions, besides slaughtering investor confidence and denting brand image. Long-established and ongoing solutions target mainly to assimilate many known threats in the form of consistent information such as logical & physical address, etc. into detection and blocking techniques. Our proposed solution elongates forward by using Cyber threat intelligence (CTI) which is used to inform decisions timely regarding subject response to the menance or hazard, where the vulnerable systems are identified using honeypot, through integration of logs for detecting network, host intrusions using SIEM technology which would efficiently manage the occurrence of threat by using cyber hazard management to mitigate the cyber threat actions, fortify incident response efforts and enhance your overall security posture.  

Active cyber defence strategies and techniques for banks and financial institutions

2020 ◽  
Vol 27 (3) ◽  
pp. 771-780
Author(s):  
Yorrick Creado ◽  
Vidyavati Ramteke
Keyword(s):  
Financial Institutions ◽  
Holistic Approach ◽  
Cyber Attacks ◽  
Research Approach ◽  
Content Type ◽  
Financial Firms ◽  
Threat Intelligence ◽  
Banking Institutions ◽  
Cyber Space ◽  
Defence Strategies

Purpose With the growing penetration of financial technology, financial firms and banking institutions have seen a rise in the volume of cyber-attacks in recent years. Cyber criminals are using more sophisticated techniques to beat traditional passive defences. The purpose of this paper is to explore, analyse and recommend various active cyber defence strategies and techniques that can be implemented by organizations in financial sector to secure and safeguard their assets and cyber space. Design/methodology/approach This paper adopts a secondary research approach on the various techniques that can be used effectively to adopt active cyber defence strategy. Findings Based on the existing strategies and techniques available and those being currently developed, this paper proposes a holistic approach that can be adopted by banks and financial institutions to secure their cyber space. This involves a combination of active and passive cyber defence techniques and effective threat intelligence. Originality/value The following paper has been checked for plagiarism and is within the acceptable standards for publishing in this journal. Appropriate references have been duly cited, and the formulation of the final recommendation is the original work of the authors.

scholarly journals Cyber Threat Intelligence and its Role in Proactive Incident Response

2017 ◽  
Author(s):  
Husam Hassan Ambusaidi ◽  
Dr. PRAKASH KUMAR UDUPI
Keyword(s):  
Early Detection ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Incident Response ◽  
Cyber Threats ◽  
Threat Intelligence ◽  
Reliable Source ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information.  Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed.  The research studies the role of cyber threat intelligence in early detection of the threats.

Analysis of Cyber-Attacks Against the Transportation Sector

2018 ◽  
pp. 1384-1402
Author(s):  
Brett van Niekerk
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Power Grid ◽  
Tourism Industry ◽  
Cyber Attacks ◽  
Transport Infrastructure ◽  
Cyber Defense ◽  
Transportation Sector ◽  
Threat Intelligence ◽  
Security Incidents

For many countries the physical transport infrastructure is critical to the economy, with ports forming a gateway for the majority of trade, and rail and road used to distribute goods. Airlines are crucial to the tourism industry. Whilst the focus of cyber-defense is on financial networks and the power grid, recent incidents illustrate that the transport infrastructure is also susceptible to cyber-attacks. The chapter provides an overview of cyber-security incidents related to the transportation sector, and analyses the reports of the incidents to illustrate the prevalence of threat types and impact. The chapter then discusses some efforts to mitigate the threats in terms of regulations, threat intelligence and information sharing, and awareness training.

scholarly journals Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

2021 ◽  
Vol 1 (1) ◽  
pp. 140-163
Author(s):  
Davy Preuveneers ◽  
Wouter Joosen
Keyword(s):  
Machine Learning ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Learning Models ◽  
Security Threat ◽  
Fine Grained ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

scholarly journals An Efficient Approach of Threat Hunting Using Memory Forensics

2020 ◽  
Vol 8 (5) ◽  
pp. 37-45 ◽  
Author(s):  
Danish Javeed ◽  
Muhammad Taimoor Khan ◽  
Ijaz Ahmad ◽  
Tahir Iqbal ◽  
Umar Mohammed Badamasi ◽  
...  
Keyword(s):  
Cyber Attacks ◽  
Main Memory ◽  
Malicious Code ◽  
Efficient Approach ◽  
Memory Forensics ◽  
Major Flaw ◽  
Threat Intelligence ◽  
Research Findings ◽  
Memory Codes

The capacity and occurrence of new cyber-attacks have shattered in recent years. Such measures have very complicated workflows and comprise multiple illegal actors and organizations. Threat hunting demonstrates the process of proactively searching through networks for threats based on zero-day attacks by repeating the hunting process again and again. Unlike threat intelligence, it uses different automated security tools to collect logs in order to provide a pattern for making new intelligence-based tools by following those logs. According to our research findings about “threat hunting tools” there’s a major flaw that the designed tools are limited to the collection of logs. It works completely on logs for generating new patterns avoiding system’s main memory. Codes written directly to memory fail this process to provide proactive hunting. To overcome this major challenge, we are proposing two distinct methods, either by generating malicious code alerts or by binding memory forensics processes with threat hunting tools to make active hunting possible

scholarly journals Cyber Threat Intelligence – Issue and Challenges

2018 ◽  
Vol 10 (1) ◽  
pp. 371 ◽  
Author(s):  
Md Sahrom Abu ◽  
Siti Rahayu Selamat ◽  
Aswami Ariffin ◽  
Robiah Yusof
Keyword(s):  
Financial Services ◽  
Common Ground ◽  
Cyber Attacks ◽  
Basic Question ◽  
Services Sector ◽  
Data Analyst ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Face Complex ◽  
Cyber Threat Intelligence

Today threat landscape evolving at the rapid rate with many organization continuously face complex and malicious cyber threats. Cybercriminal equipped by better skill, organized and well-funded than before. Cyber Threat Intelligence (CTI) has become a hot topic and being under consideration for many organization to counter the rise of cyber-attacks. The aim of this paper is to review the existing research related to CTI. Through the literature review process, the most basic question of what CTI is examines by comparing existing definitions to find common ground or disagreements. It is found that both organization and vendors lack a complete understanding of what information is considered to be CTI, hence more research is needed in order to define CTI. This paper also identified current CTI product and services that include threat intelligence data feeds, threat intelligence standards and tools that being used in CTI. There is an effort by specific industry to shared only relevance threat intelligence data feeds such as Financial Services Information Sharing and Analysis Center (FS-ISAC) that collaborate on critical security threats facing by global financial services sector only. While research and development center such as MITRE working in developing a standards format (e.g.; STIX, TAXII, CybOX) for threat intelligence sharing to solve interoperability issue between threat sharing peers. Based on the review for CTI definition, standards and tools, this paper identifies four research challenges in cyber threat intelligence and analyses contemporary work carried out in each. With an organization flooded with voluminous of threat data, the requirement for qualified threat data analyst to fully utilize CTI and turn the data into actionable intelligence become more important than ever. The data quality is not a new issue but with the growing adoption of CTI, further research in this area is needed.

Analysis of Cyber-Attacks against the Transportation Sector

2017 ◽  
pp. 68-91 ◽  
Author(s):  
Brett van Niekerk
Keyword(s):  
Information Sharing ◽  
Cyber Security ◽  
Power Grid ◽  
Tourism Industry ◽  
Cyber Attacks ◽  
Transport Infrastructure ◽  
Cyber Defense ◽  
Transportation Sector ◽  
Threat Intelligence ◽  
Security Incidents

For many countries the physical transport infrastructure is critical to the economy, with ports forming a gateway for the majority of trade, and rail and road used to distribute goods. Airlines are crucial to the tourism industry. Whilst the focus of cyber-defense is on financial networks and the power grid, recent incidents illustrate that the transport infrastructure is also susceptible to cyber-attacks. The chapter provides an overview of cyber-security incidents related to the transportation sector, and analyses the reports of the incidents to illustrate the prevalence of threat types and impact. The chapter then discusses some efforts to mitigate the threats in terms of regulations, threat intelligence and information sharing, and awareness training.

Sign in / Sign up

Export Citation Format

Share Document