scholarly journals Threat Hunting Early Experiment through Event Correlation and Memory Forensic

2021 ◽  
Vol 6 (1) ◽  
pp. 56-63
Author(s):  
Arif D. Purnomo ◽  
Charles Lim ◽  
Burman Noviansyah
Keyword(s):  
Cyber Security ◽  
Research Work ◽  
Early Experiment ◽  
Threat Detection ◽  
Event Correlation ◽  
Cyber Threats ◽  
Hunting Activity ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Network Pattern

The cyber threat landscapes nowadays are dynamically evolving over time, the cyber security practitioner in corporations need to adapt with more sophisticated way with the latest cyber threat attacks are launched. Cyber Threat Intelligence is one of the tools that can be utilized as a cyber threat detection. Generally, CTI operates by integrating its directory with events collected from Security Information and Event Management (SIEM) to correlates all of the appliances logs within corporation and providing summarized and meaningful information that can be reviewed to identify legitimate malicious cyber threat activity. However, relying only CTI subscription that only contains blacklist domain and ip addresses integrated with SIEM will only provide passive detection for known cyber threats. The needs for proactive cyber threat detection is required to compete with the modern threat landscape. This research work will try to explore the possibility of detecting unknown or undetected cyber threats using network event correlation and memory forensic to validate its existence. Throughout this research time span, we’re able to discover malicious network pattern that is proven to be undetected within internal organization endpoint protection. Therefore, this research will provide baseline for threat hunting activity based on network behavioural pattern.

scholarly journals Cyber Threat Intelligence and its Role in Proactive Incident Response

2017 ◽  
Author(s):  
Husam Hassan Ambusaidi ◽  
Dr. PRAKASH KUMAR UDUPI
Keyword(s):  
Early Detection ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Incident Response ◽  
Cyber Threats ◽  
Threat Intelligence ◽  
Reliable Source ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information.  Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed.  The research studies the role of cyber threat intelligence in early detection of the threats.

THE CHALLENGES OF SECURITY THREAT IN NIGERIA CYBERSPACE

2021 ◽  
Vol 5 (1) ◽  
pp. 193-201
Author(s):  
I. R. Saidu ◽  
T. Suleiman ◽  
U. E. Akpan
Keyword(s):  
Security Policy ◽  
Research Work ◽  
Critical Infrastructures ◽  
Intelligence Analysis ◽  
Security Threats ◽  
Security Threat ◽  
Secondary Sources ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence

This research work was conducted to examine critically and systematically cyber threat intelligence challenges and prospects in Nigeria. It judges the value and relevance of cyber threat intelligence in the society where they are lacking in providing necessary information. Dealing with these challenges that may cause threat intelligence to be useless has become a major concern to Nigeria. The work was intended to achieve the following objectives: to examine the nature of cybersecurity in Nigeria, to analyse the cybersecurity threats that can disrupt the functioning of the country, to identify the challenges facing the Nigeria cyberspace and the conduct of a cyber threat intelligence analysis, to discuss the means by which cyber threat can be used to boost Nigeria’s National Security Policy, to make recommendations to preserve important intelligence capabilities while ensuring the protection of its critical infrastructures through the use of threat intelligence. The scope of the study was limited to the period 2009 – 2019. The research was analytical. Relevant data were collected from both primary and secondary sources of data. The data analysis used the percentage instrument and the following conclusions were drawn: that threat data overload, threat data quality, privacy and legal issues and interoperability issues are some of the challenges of cyber threat intelligence; also, the need to continually invest in research, build local cyber threat management infrastructure and enhance the ability to anticipate, detect, respond and contain information security threats is very crucial. Nigeria 

scholarly journals BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

Electronics ◽  
2020 ◽  
Vol 9 (3) ◽  
pp. 521 ◽  
Author(s):  
Seonghyeon Gong ◽  
Changhoon Lee
Keyword(s):  
Sybil Attack ◽  
Validity And Reliability ◽  
Related Data ◽  
Cyber Threats ◽  
Fifth Generation ◽  
Inaccurate Data ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
The Impact

The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based security system which responds to these advanced cyber threats proactively by analyzing and sharing security-related data. However, the performance of CTI systems can be significantly compromised by creating and disseminating improper security policies if an attacker intentionally injects malicious data into the system. In this paper, we propose a blockchain-based CTI framework that improves confidence in the source and content of the data and can quickly detect and eliminate inaccurate data for resistance to a Sybil attack. The proposed framework collects CTI by a procedure validated through smart contracts and stores information about the metainformation of data in a blockchain network. The proposed system ensures the validity and reliability of CTI data by ensuring traceability to the data source and proposes a system model that can efficiently operate and manage CTI data in compliance with the de facto standard. We present the simulation results to prove the effectiveness and Sybil-resistance of the proposed framework in terms of reliability and cost to attackers.

scholarly journals A Methodology to Evaluate Standards and Platforms within Cyber Threat Intelligence

2020 ◽  
Vol 12 (6) ◽  
pp. 108
Author(s):  
Alessandra de Melo e Silva ◽  
João José Costa Gondim ◽  
Robson de Oliveira Albuquerque ◽  
Luis Javier García Villalba
Keyword(s):  
Cyber Security ◽  
Comprehensive Evaluation ◽  
Evaluation Criteria ◽  
Evaluation Methodology ◽  
Proactive Approach ◽  
The Past ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Selection Of

The cyber security landscape is fundamentally changing over the past years. While technology is evolving and new sophisticated applications are being developed, a new threat scenario is emerging in alarming proportions. Sophisticated threats with multi-vectored, multi-staged and polymorphic characteristics are performing complex attacks, making the processes of detection and mitigation far more complicated. Thus, organizations were encouraged to change their traditional defense models and to use and to develop new systems with a proactive approach. Such changes are necessary because the old approaches are not effective anymore to detect advanced attacks. Also, the organizations are encouraged to develop the ability to respond to incidents in real-time using complex threat intelligence platforms. However, since the field is growing rapidly, today Cyber Threat Intelligence concept lacks a consistent definition and a heterogeneous market has emerged, including diverse systems and tools, with different capabilities and goals. This work aims to provide a comprehensive evaluation methodology of threat intelligence standards and cyber threat intelligence platforms. The proposed methodology is based on the selection of the most relevant candidates to establish the evaluation criteria. In addition, this work studies the Cyber Threat Intelligence ecosystem and Threat Intelligence standards and platforms existing in state-of-the-art.

scholarly journals A Theoretical review on the importance of Threat Intelligence Sharing & The challenges intricated

2021 ◽  
Vol 12 (3) ◽  
pp. 3950-3956
Author(s):  
Sandhya Sukhabogi Et.al
Keyword(s):  
Cyber Defense ◽  
Related Data ◽  
Cyber Threats ◽  
Broad View ◽  
Intelligence Sharing ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Day By Day

Cyber Threat Intelligence (CTI) is the emerging strategy of cyber defense which helps organizations to combat the latest and more sophisticated cyber threats. Gathering this threat information, analyzing and communicating it between the security teams is very difficult and challenging because of the heterogeneous aspects involved.  The necessity of sharing the intelligence related data collected by organizations is increasing day by day to counter the ever changing and highly dynamic threat landscape. In this paper an attempt is made to understand CTI concept and how it is collected and analyzed to form useful actionable intelligence are observed. The importance of Threat intelligence sharing, and various standards working in the area of TIS are also mentioned. Finally the primary challenges in TIS are given a light in a broad view

scholarly journals RISK MANAGEMENT IN THE FINANCIAL SECTOR OF UKRAINE IN THE CONTEXT OF CYBER THREATS AND POST-PANDEMIC ECONOMIC RECOVERY

2021 ◽  
pp. 19-27
Author(s):  
Nazar Demchyshak ◽  
Anastasiia Shkyria
Keyword(s):  
Risk Management ◽  
National Security ◽  
Cyber Security ◽  
Financial Sector ◽  
Cyber Attacks ◽  
Cyber Threats ◽  
The World ◽  
Cyber Threat ◽  
Security Index ◽  
Cyber Risk

Purpose. The aim of the article is substantiation of approaches of domestic and foreign scientists to risk management in the financial sector of Ukraine in the context of cyber threats and the need to ensure national security and post-pandemic economic recovery. Methodology of research. General scientific and special methods of scientific research are used in the article, in particular: induction, deduction, scientific abstraction - to reveal the essence of the concepts of "cyber threat", “cyber security" and "digitalization"; statistical and graphical methods - to assess the current situation in the field of cyber defence in the world and the national cyber security index; methods of analysis and synthesis - in substantiating the conclusions of the research. Finding. Definitions of cyber risk, approaches to its interpretation and classification were considered. The importance of cyber security in the digitalization of the national economy was argued. The Strategy of Ukrainian Financial Sector Development until 2025 is analysed. The world statistics of frequency and losses due to cyber-attacks are studied and the cyber threats that caused the greatest losses in Ukraine are identified. The analysis of Ukraine’s positions in the National Cyber Security Index 2020 is carried out. The directions of cyber threat prevention that can be useful for Ukrainian companies are substantiated. Originality. The author’s definition of the term "cyber risk" is proposed, in which special attention in focused on the effects of cyber threats. The importance of cyber risk management in the conditions of inevitability of digitalization in the financial sector of Ukraine is substantiated. Approaches to the prevention of cyber-attacks, the implementation of which is necessary for the successful digital transformation of Ukraine, are proposed. Practical value. The results of the research will contribute to the formation of an effective risk management system in the financial sector of Ukraine in terms of digitalization of the financial space and post-pandemic recovery of the national economy. Key words: national security, cyber risk, cyber threat, cyber defence, digitalization, post-pandemic recovery, fintech.

scholarly journals Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform

Electronics ◽  
2021 ◽  
Vol 10 (3) ◽  
pp. 239
Author(s):  
Seonghyeon Gong ◽  
Changhoon Lee
Keyword(s):  
Large Scale ◽  
Cloud Layer ◽  
Energy Resources ◽  
Cloud Environment ◽  
Advanced Metering Infrastructure ◽  
Cyber Threats ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Advanced Metering ◽  
Cyber Threat Intelligence

Advanced information technologies have transformed into high-level services for more efficient use of energy resources through the fusion with the energy infrastructure. As a part of these technologies, the energy cloud is a technology that maximizes the efficiency of energy resources through the organic connection between the entities that produce and consume the energy. However, the disruption or destruction of energy cloud systems through cyberattacks can lead to incidents such as massive blackouts, which can lead to national disasters. Furthermore, since the technique and severity of modern cyberattacks continue to improve, the energy cloud environment must be designed to resist cyberattacks. However, since the energy cloud environment has different characteristics from general infrastructures such as the smart grid and the Advanced Metering Infrastructure (AMI), it requires security technology specialized to its environment. This paper proposes a cyber threat intelligence framework to improve the energy cloud environment’s security. Cyber Threat Intelligence (CTI) is a technology to actively respond to advanced cyber threats by collecting and analyzing various threat indicators and generating contextual knowledge about the cyber threats. The framework proposed in this paper analyzes threat indicators that can be collected in the advanced metering infrastructure and proposes a cyber threat intelligence generation technique targeting the energy cloud. This paper also proposes a method that can quickly apply a security model to a large-scale energy cloud infrastructure through a mechanism for sharing and spreading cyber threat intelligence between the AMI layer and the cloud layer. Our framework provides a way to effectively apply the proposed technologies through the CTI architecture, including the local AMI layer, the station layer, and the cloud layer. Furthermore, we show that the proposed framework can effectively respond to cyber threats by showing a 0.822 macro-F1 score and a 0.843 micro-F1 score for cyberattack detection in an environment that simulates a model of an attacker and an energy cloud environment.

scholarly journals Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

2021 ◽  
Vol 1 (1) ◽  
pp. 140-163
Author(s):  
Davy Preuveneers ◽  
Wouter Joosen
Keyword(s):  
Machine Learning ◽  
Cyber Security ◽  
Cyber Attacks ◽  
Learning Models ◽  
Security Threat ◽  
Fine Grained ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Cyber Threat Intelligence ◽  
Machine Learning Models

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

scholarly journals Distributed-Decentralized Intelligent Agents for Offensive Cyber Security: An Introduction to Offensive Cyber Threat Intelligence

2021 ◽  
Vol 9 (VII) ◽  
pp. 1138-1145
Author(s):  
Nayan Rande
Keyword(s):  
Cyber Security ◽  
Intelligent Agents ◽  
Cyber Warfare ◽  
Agent Based ◽  
Intelligent Software ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Build System ◽  
Cyber Threat Intelligence ◽  
System Methodology

In order to begin to design a large Offensive Cyber-Threat-Intelligence, we need a distributed-decentralised Intelligent Software framework, which can scale on demand and run with flexibility while providing a room for further improvement both on architectural level as well as strategical level for planning advanced attacks methodologies, will help us conduct secure transaction maintaining CIANA. In this paper, we try to present some of our investigations on Agent-based Modelling of Cyber-Space and Simulation of Cyber-Warfare over distributed system methodology in contributing to these designs. Using this as motivation we try to build system architecture for effective open intelligence for effective offensive cyber threat intelligence (CTI).

Sign in / Sign up

Export Citation Format

Share Document