Network Security Enhancement using CTI and Log Analysis

Cyberattacks, ever increasing in severity, complexity and frequency are impacting the functioning of citizens, government, and businesses around the world. Protecting valuable intellectual property, business and personal information in digital form against theft, misuse, is an increasingly critical concern for everyone in the present digital era. The financial and reputational loss incurred due to Cyber-attacks motivate organizations to improve defensive measures to protect their organizational networks and information stored. This paper proposes an Cyber threat Intelligence (CTI) collection, log analysis and automated Threat alerting platform capable to analyze and respond to incidents that can lead to cyberattacks. The proposed system makes use of CTI received from Open Source intelligence (OSINT), Elasticsearch and Logstash to analyze, observe and generate alerts for malicious traffic/ activity in organization based on log analysis. At the same time an easy to understand visual representation can be made by the use using Kibana.

Download Full-text

A Novel Approach to Cyber Hazard Management Intelligence System

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.7.10866 ◽

2018 ◽

Vol 7 (2.7) ◽

pp. 473

Author(s):

B Bala Bharathi ◽

E Suresh Babu

Keyword(s):

Cyber Attacks ◽

Hazard Management ◽

Intelligence System ◽

Novel Approach ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Consistent Information ◽

A Company ◽

Physical Address

Detecting and defending against insider and outsider threats seems to be a major challenge for information security system. such that cyber-attacks pose a silent threat for a company with a havoc likely to be in billions, besides slaughtering investor confidence and denting brand image. Long-established and ongoing solutions target mainly to assimilate many known threats in the form of consistent information such as logical & physical address, etc. into detection and blocking techniques. Our proposed solution elongates forward by using Cyber threat intelligence (CTI) which is used to inform decisions timely regarding subject response to the menance or hazard, where the vulnerable systems are identified using honeypot, through integration of logs for detecting network, host intrusions using SIEM technology which would efficiently manage the occurrence of threat by using cyber hazard management to mitigate the cyber threat actions, fortify incident response efforts and enhance your overall security posture.

Download Full-text

Cyber-Attack Scoring Model Based on the Offensive Cybersecurity Framework

Applied Sciences ◽

10.3390/app11167738 ◽

2021 ◽

Vol 11 (16) ◽

pp. 7738

Author(s):

Kyounggon Kim ◽

Faisal Abdulaziz Alfouzan ◽

Huykang Kim

Keyword(s):

Cyber Security ◽

Personal Information ◽

Cyber Attacks ◽

The Internet ◽

Critical Infrastructures ◽

Cyber Attack ◽

Security Framework ◽

Scoring Model ◽

Advanced Persistent Threats ◽

The World

Cyber-attacks have become commonplace in the world of the Internet. The nature of cyber-attacks is gradually changing. Early cyber-attacks were usually conducted by curious personal hackers who used simple techniques to hack homepages and steal personal information. Lately, cyber attackers have started using sophisticated cyber-attack techniques that enable them to retrieve national confidential information beyond the theft of personal information or defacing websites. These sophisticated and advanced cyber-attacks can disrupt the critical infrastructures of a nation. Much research regarding cyber-attacks has been conducted; however, there has been a lack of research related to measuring cyber-attacks from the perspective of offensive cybersecurity. This motivated us to propose a methodology for quantifying cyber-attacks such that they are measurable rather than abstract. For this purpose, we identified each element of offensive cybersecurity used in cyber-attacks. We also investigated the extent to which the detailed techniques identified in the offensive cyber-security framework were used, by analyzing cyber-attacks. Based on these investigations, the complexity and intensity of cyber-attacks can be measured and quantified. We evaluated advanced persistent threats (APT) and fileless cyber-attacks that occurred between 2010 and 2020 based on the methodology we developed. Based on our research methodology, we expect that researchers will be able to measure future cyber-attacks.

Download Full-text

A Study on a Cyber Threat Intelligence Analysis (CTI) Platform for the Proactive Detection of Cyber Attacks Based on Automated Analysis

2018 International Conference on Platform Technology and Service (PlatCon) ◽

10.1109/platcon.2018.8472766 ◽

2018 ◽

Cited By ~ 1

Author(s):

Byung Ik Kim ◽

Nakhyun Kim ◽

Seulgi Lee ◽

Hyeisun Cho ◽

Junhyung Park

Keyword(s):

Automated Analysis ◽

Cyber Attacks ◽

Intelligence Analysis ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

Download Full-text

Cyber Threat Intelligence and its Role in Proactive Incident Response

Journal of Student Research ◽

10.47611/jsr.vi.556 ◽

2017 ◽

Author(s):

Husam Hassan Ambusaidi ◽

Dr. PRAKASH KUMAR UDUPI

Keyword(s):

Early Detection ◽

Cyber Security ◽

Cyber Attacks ◽

Incident Response ◽

Cyber Threats ◽

Threat Intelligence ◽

Reliable Source ◽

Cyber Threat ◽

Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information. Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed. The research studies the role of cyber threat intelligence in early detection of the threats.

Download Full-text

Automated Cyber Threat Intelligence Reports Classification for Early Warning of Cyber Attacks in Next Generation SOC

Information and Communications Security - Lecture Notes in Computer Science ◽

10.1007/978-3-030-41579-2_9 ◽

2020 ◽

pp. 145-164 ◽

Cited By ~ 1

Author(s):

Wenzhuo Yang ◽

Kwok-Yan Lam

Keyword(s):

Early Warning ◽

Cyber Attacks ◽

Next Generation ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

Download Full-text

Threat Assessment for Android Environment with Connectivity to IoT Devices from the Perspective of Situational Awareness

Wireless Communications and Mobile Computing ◽

10.1155/2019/5121054 ◽

2019 ◽

Vol 2019 ◽

pp. 1-14 ◽

Cited By ~ 3

Author(s):

Mookyu Park ◽

Jaehyeok Han ◽

Haengrok Oh ◽

Kyungho Lee

Keyword(s):

Situational Awareness ◽

Personal Information ◽

Threat Assessment ◽

Machine Learning Algorithms ◽

High Price ◽

Android Os ◽

Threat Intelligence ◽

Iot Devices ◽

Future Direction ◽

Cyber Threat Intelligence

As smartphones such as mobile devices become popular, malicious attackers are choosing them as targets. The risk of attack is steadily increasing as most people store various personal information such as messages, contacts, and financial information on their smartphones. Particularly, the vulnerabilities of the installed operating systems (e.g., Android, iOS, etc.) are trading at a high price in the black market. In addition, the development of the Internet of Things (IoT) technology has created a hyperconnected society in which various devices are connected to one network. Therefore, the safety of the smartphone is becoming an important factor to remotely control these technologies. A typical attack method that threatens the security of such a smartphone is a method of inducing installation of a malicious application. However, most studies focus on the detection of malicious applications. This study suggests a method to evaluate threats to be installed in the Android OS environment in conjunction with machine learning algorithms. In addition, we present future direction from the cyber threat intelligence perspective and situational awareness, which are the recent issues.

Download Full-text

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Journal of Cybersecurity and Privacy ◽

10.3390/jcp1010008 ◽

2021 ◽

Vol 1 (1) ◽

pp. 140-163

Author(s):

Davy Preuveneers ◽

Wouter Joosen

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Cyber Attacks ◽

Learning Models ◽

Security Threat ◽

Fine Grained ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

Download Full-text

A Comprehensive Perspective on Mobile Forensics

Advances in Digital Crime, Forensics, and Cyber Terrorism - Confluence of AI, Machine, and Deep Learning in Cyber Forensics ◽

10.4018/978-1-7998-4900-1.ch001 ◽

2021 ◽

pp. 1-28

Author(s):

Aju D. ◽

Anil Kumar Kakelli ◽

Ashwin Suresh Varma ◽

Kishore Rajendiran

Keyword(s):

Social Connectedness ◽

Personal Information ◽

Mobile Apps ◽

Data Extraction ◽

Cyber Attacks ◽

Technological Advancement ◽

Mobile Forensics ◽

Digital World ◽

Digital Era ◽

Computational Capability

The modern-day smartphones are the result of the technological progression that is happening in this digital world. This technological advancement has brought an incremental augmentation where these were not perceived as critical by the smartphone users. Also, the computational capability and networking competence has been dragooned constantly to maintain the momentum with the ever-expanding workload demands. This scenario has endorsed the smart gadgets such as smartphones and tablets to accomplish the growing complex challenges. In this digital era, the next generation users are substituting the conventional way of preference such as the personal computers and laptops with smartphone for the social connectedness, e-commerce, financial transaction, market updates, latest news, or even editing images. Users willingly install various mobile apps on to their smartphone and consequently providing their valuable and sensitive personal information to their service providers without thinking and knowing the security lapses and repercussions. Considering the fact, the smartphones' size and its portability, these devices are much more susceptible of being stolen, becoming jeopardized, or being exploited for various cyber-attacks and other malevolent activities. Essentially, the hackers look forward to the new mobile vulnerabilities so that they exploit the revealed vulnerability once a newer edition of the respective mobile operating system is released. In view of the fact that the smartphones are too vulnerable to various exploits, the necessity for a digital investigation entrained to establish a separate domain named mobile forensics. This established forensic domain is specialized in acquiring, extracting, analyzing, and reporting the evidence that is obtained from the smartphone devices so that the exploiting artifacts and its respective actions are determined and located. This chapter puts forward the various processes involved with the mobile forensics that can be employed for examining the evidences of various cyber incidents. Furthermore, it discusses the various vulnerabilities with the iOS and Android mobile operating systems and how they are being exploited in detail. The chapter also discusses the various approaches of data extraction and the respective industry standard for the tools that are being utilized for the same.

Download Full-text

Bitcoin Generation using Blockchain Technology

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.2.3.109 ◽

2018 ◽

Vol 2 (3) ◽

pp. 127 ◽

Cited By ~ 1

Author(s):

Balajee Maram

Keyword(s):

Distributed Model ◽

Generation Process ◽

Distributed Architecture ◽

Digital Form ◽

Client Server ◽

Blockchain Technology ◽

Digital Era ◽

The World ◽

Digital Transactions ◽

A Chain

There are limitations in client-server model of communication. Distributed architecture provides good accessibility to all the nodes in the network. A blockchain technology is follows distributed model. In the digital era, all the transactions are available in the digital form is called a ledger. This ledger belongs to all the users in the network are shared by all the users in the network. Every transaction is monitored and verified by every user in the network. The blockchain is a chain of blocks that contains a collection of transactions. Bitcoin is a cryptocurrency, depends on blockchain technology. The Bitcoins are generated from the mining of a block for the miner. Every user knows about each and every Bitcoin transaction in the blockchain network. The block is immutable, because every block is verified by each customer in the blockchain network. This is the initiation for new trend for security to the digital transactions in the world. This paper presents the logic in the blockchain and Bitcoin generation process using blockchain technology.

Download Full-text

Cyber Threat Intelligence – Issue and Challenges

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v10.i1.pp371-379 ◽

2018 ◽

Vol 10 (1) ◽

pp. 371 ◽

Cited By ~ 6

Author(s):

Md Sahrom Abu ◽

Siti Rahayu Selamat ◽

Aswami Ariffin ◽

Robiah Yusof

Keyword(s):

Financial Services ◽

Common Ground ◽

Cyber Attacks ◽

Basic Question ◽

Services Sector ◽

Data Analyst ◽

Threat Intelligence ◽

Cyber Threat ◽

Face Complex ◽

Cyber Threat Intelligence

Today threat landscape evolving at the rapid rate with many organization continuously face complex and malicious cyber threats. Cybercriminal equipped by better skill, organized and well-funded than before. Cyber Threat Intelligence (CTI) has become a hot topic and being under consideration for many organization to counter the rise of cyber-attacks. The aim of this paper is to review the existing research related to CTI. Through the literature review process, the most basic question of what CTI is examines by comparing existing definitions to find common ground or disagreements. It is found that both organization and vendors lack a complete understanding of what information is considered to be CTI, hence more research is needed in order to define CTI. This paper also identified current CTI product and services that include threat intelligence data feeds, threat intelligence standards and tools that being used in CTI. There is an effort by specific industry to shared only relevance threat intelligence data feeds such as Financial Services Information Sharing and Analysis Center (FS-ISAC) that collaborate on critical security threats facing by global financial services sector only. While research and development center such as MITRE working in developing a standards format (e.g.; STIX, TAXII, CybOX) for threat intelligence sharing to solve interoperability issue between threat sharing peers. Based on the review for CTI definition, standards and tools, this paper identifies four research challenges in cyber threat intelligence and analyses contemporary work carried out in each. With an organization flooded with voluminous of threat data, the requirement for qualified threat data analyst to fully utilize CTI and turn the data into actionable intelligence become more important than ever. The data quality is not a new issue but with the growing adoption of CTI, further research in this area is needed.

Download Full-text