Cyber Threat Intelligence – Issue and Challenges

Today threat landscape evolving at the rapid rate with many organization continuously face complex and malicious cyber threats. Cybercriminal equipped by better skill, organized and well-funded than before. Cyber Threat Intelligence (CTI) has become a hot topic and being under consideration for many organization to counter the rise of cyber-attacks. The aim of this paper is to review the existing research related to CTI. Through the literature review process, the most basic question of what CTI is examines by comparing existing definitions to find common ground or disagreements. It is found that both organization and vendors lack a complete understanding of what information is considered to be CTI, hence more research is needed in order to define CTI. This paper also identified current CTI product and services that include threat intelligence data feeds, threat intelligence standards and tools that being used in CTI. There is an effort by specific industry to shared only relevance threat intelligence data feeds such as Financial Services Information Sharing and Analysis Center (FS-ISAC) that collaborate on critical security threats facing by global financial services sector only. While research and development center such as MITRE working in developing a standards format (e.g.; STIX, TAXII, CybOX) for threat intelligence sharing to solve interoperability issue between threat sharing peers. Based on the review for CTI definition, standards and tools, this paper identifies four research challenges in cyber threat intelligence and analyses contemporary work carried out in each. With an organization flooded with voluminous of threat data, the requirement for qualified threat data analyst to fully utilize CTI and turn the data into actionable intelligence become more important than ever. The data quality is not a new issue but with the growing adoption of CTI, further research in this area is needed.

Download Full-text

A Novel Approach to Cyber Hazard Management Intelligence System

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.10866 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 473

Author(s):

B Bala Bharathi ◽

E Suresh Babu

Keyword(s):

Cyber Attacks ◽

Hazard Management ◽

Intelligence System ◽

Novel Approach ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Consistent Information ◽

A Company ◽

Physical Address

Detecting and defending against insider and outsider threats seems to be a major challenge for information security system. such that cyber-attacks pose a silent threat for a company with a havoc likely to be in billions, besides slaughtering investor confidence and denting brand image. Long-established and ongoing solutions target mainly to assimilate many known threats in the form of consistent information such as logical & physical address, etc. into detection and blocking techniques. Our proposed solution elongates forward by using Cyber threat intelligence (CTI) which is used to inform decisions timely regarding subject response to the menance or hazard, where the vulnerable systems are identified using honeypot, through integration of logs for detecting network, host intrusions using SIEM technology which would efficiently manage the occurrence of threat by using cyber hazard management to mitigate the cyber threat actions, fortify incident response efforts and enhance your overall security posture.

Download Full-text

A Study on a Cyber Threat Intelligence Analysis (CTI) Platform for the Proactive Detection of Cyber Attacks Based on Automated Analysis

2018 International Conference on Platform Technology and Service (PlatCon) ◽

10.1109/platcon.2018.8472766 ◽

2018 ◽

Cited By ~ 1

Author(s):

Byung Ik Kim ◽

Nakhyun Kim ◽

Seulgi Lee ◽

Hyeisun Cho ◽

Junhyung Park

Keyword(s):

Automated Analysis ◽

Cyber Attacks ◽

Intelligence Analysis ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

Download Full-text

Cyber Threat Intelligence and its Role in Proactive Incident Response

Journal of Student Research ◽

10.47611/jsr.vi.556 ◽

2017 ◽

Author(s):

Husam Hassan Ambusaidi ◽

Dr. PRAKASH KUMAR UDUPI

Keyword(s):

Early Detection ◽

Cyber Security ◽

Cyber Attacks ◽

Incident Response ◽

Cyber Threats ◽

Threat Intelligence ◽

Reliable Source ◽

Cyber Threat ◽

Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information. Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed. The research studies the role of cyber threat intelligence in early detection of the threats.

Download Full-text

Automated Cyber Threat Intelligence Reports Classification for Early Warning of Cyber Attacks in Next Generation SOC

Information and Communications Security - Lecture Notes in Computer Science ◽

10.1007/978-3-030-41579-2_9 ◽

2020 ◽

pp. 145-164 ◽

Cited By ~ 1

Author(s):

Wenzhuo Yang ◽

Kwok-Yan Lam

Keyword(s):

Early Warning ◽

Cyber Attacks ◽

Next Generation ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

Download Full-text

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1010008 ◽

2021 ◽

Vol 1 (1) ◽

pp. 140-163

Author(s):

Davy Preuveneers ◽

Wouter Joosen

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Cyber Attacks ◽

Learning Models ◽

Security Threat ◽

Fine Grained ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

Download Full-text