Cyber threat intelligence is useful but has pitfalls

2018 ◽  
Keyword(s):  
Information Sharing ◽  
Specific Information ◽  
Content Type ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
New Industry ◽  
Multiple Actors

Significance Multiple actors seek to do harm online for a variety of reasons -- from financial to political motivations. This is creating a new industry: cyber threat intelligence (CTI). Impacts By developing both national and industry-specific information-sharing agreements, organisations may share vital CTI. Firms will increasingly specialise in specific components of CTI (such as examining particular regions or industries). Better defended firms will encourage criminals to become more innovative.

scholarly journals Actionable threat intelligence for digital forensics readiness

2019 ◽  
Vol 27 (2) ◽  
pp. 273-291 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
George J. Pangalos
Keyword(s):  
Digital Forensics ◽  
Quantitative Methodology ◽  
Content Type ◽  
Proposed Model ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Security Incidents ◽  
Novel Model ◽  
Forensic Value

PurposeThe purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.Design/methodology/approachThis paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.FindingsWhile threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.Originality/valueThe proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

A scheme for the sticky policy representation supporting secure cyber-threat intelligence analysis and sharing

2019 ◽  
Vol 27 (5) ◽  
pp. 687-710
Author(s):  
Oleksii Osliak ◽  
Andrea Saracino ◽  
Fabio Martinelli
Keyword(s):  
Data Representation ◽  
Privacy Preserving ◽  
Entity Recognition ◽  
Process Time ◽  
Practical Implementation ◽  
Data Types ◽  
Content Type ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Purpose This paper aims to propose a structured threat information expression (STIX)-based data representation for privacy-preserving data analysis to report format and semantics of specific data types and to represent sticky policies in the format of embedded human-readable data sharing agreements (DSAs). More specifically, the authors exploit and extend the STIX standard to represent in a structured way analysis-ready pieces of data and the attached privacy policies. Design/methodology/approach The whole scheme is designed to be completely compatible with the STIX 2.0 standard for cyber-threat intelligence (CTI) representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Findings Moreover, the paper provides a new scheme for general DSA representation that has been practically applied for the process of encoding specific attributes in different CTI reports. Research limitations/implications Because of the chosen approach, the research results may have limitations. Specifically, current practice for entity recognition has the limitation that was discovered during the research. However, its effect on process time was minimized and the way for improvement was proposed. Originality/value This paper has covered the existing gap including the lack of generality in DSA representation for privacy-preserving analysis of structured CTI. Therefore, the new model for DSA representation was introduced, as well as its practical implementation.

Data-driven analytics for cyber-threat intelligence and information sharing

2017 ◽  
Vol 67 ◽  
pp. 35-58 ◽  
Author(s):  
Sara Qamar ◽  
Zahid Anwar ◽  
Mohammad Ashiqur Rahman ◽  
Ehab Al-Shaer ◽  
Bei-Tseng Chu
Keyword(s):  
Information Sharing ◽  
Data Driven ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Darkweb Cyber Threat Intelligence Mining

2017 ◽  
Author(s):  
John Robertson ◽  
Ahmad Diab ◽  
Ericsson Marin ◽  
Eric Nunes ◽  
Vivin Paliath ◽  
...  
Keyword(s):  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool

2019 ◽  
Author(s):  
Nolan Arnold ◽  
Mohammadreza Ebrahimi ◽  
Ning Zhang ◽  
Ben Lazarine ◽  
Mark Patton ◽  
...  
Keyword(s):  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Sign in / Sign up

Export Citation Format

Share Document