BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance

The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based security system which responds to these advanced cyber threats proactively by analyzing and sharing security-related data. However, the performance of CTI systems can be significantly compromised by creating and disseminating improper security policies if an attacker intentionally injects malicious data into the system. In this paper, we propose a blockchain-based CTI framework that improves confidence in the source and content of the data and can quickly detect and eliminate inaccurate data for resistance to a Sybil attack. The proposed framework collects CTI by a procedure validated through smart contracts and stores information about the metainformation of data in a blockchain network. The proposed system ensures the validity and reliability of CTI data by ensuring traceability to the data source and proposes a system model that can efficiently operate and manage CTI data in compliance with the de facto standard. We present the simulation results to prove the effectiveness and Sybil-resistance of the proposed framework in terms of reliability and cost to attackers.

Download Full-text

A Theoretical review on the importance of Threat Intelligence Sharing & The challenges intricated

Turkish Journal of Computer and Mathematics Education (TURCOMAT) ◽

10.17762/turcomat.v12i3.1684 ◽

2021 ◽

Vol 12 (3) ◽

pp. 3950-3956

Author(s):

Sandhya Sukhabogi Et.al

Keyword(s):

Cyber Defense ◽

Related Data ◽

Cyber Threats ◽

Broad View ◽

Intelligence Sharing ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence ◽

Day By Day

Cyber Threat Intelligence (CTI) is the emerging strategy of cyber defense which helps organizations to combat the latest and more sophisticated cyber threats. Gathering this threat information, analyzing and communicating it between the security teams is very difficult and challenging because of the heterogeneous aspects involved. The necessity of sharing the intelligence related data collected by organizations is increasing day by day to counter the ever changing and highly dynamic threat landscape. In this paper an attempt is made to understand CTI concept and how it is collected and analyzed to form useful actionable intelligence are observed. The importance of Threat intelligence sharing, and various standards working in the area of TIS are also mentioned. Finally the primary challenges in TIS are given a light in a broad view

Download Full-text

Cyber Threat Intelligence and its Role in Proactive Incident Response

Journal of Student Research ◽

10.47611/jsr.vi.556 ◽

2017 ◽

Author(s):

Husam Hassan Ambusaidi ◽

Dr. PRAKASH KUMAR UDUPI

Keyword(s):

Early Detection ◽

Cyber Security ◽

Cyber Attacks ◽

Incident Response ◽

Cyber Threats ◽

Threat Intelligence ◽

Reliable Source ◽

Cyber Threat ◽

Cyber Threat Intelligence

Every day organizations are targeted by different and sophisticated cyber attacks. Most of these organizations are unaware that they are targeted and their networks are compromised. To detect the compromised networks the organizations need a reliable source of cyber threats information. Many cyber security service vendors provide threat intelligence information to allow early detection of the cyber threats. This research will explore different type of cyber threat intelligence and its role in proactive incident response. The research study the threat intelligence features and how the threat feeds collected and then distributed. The research studies the role of cyber threat intelligence in early detection of the threats.

Download Full-text

Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform

Electronics ◽

10.3390/electronics10030239 ◽

2021 ◽

Vol 10 (3) ◽

pp. 239

Author(s):

Seonghyeon Gong ◽

Changhoon Lee

Keyword(s):

Large Scale ◽

Cloud Layer ◽

Energy Resources ◽

Cloud Environment ◽

Advanced Metering Infrastructure ◽

Cyber Threats ◽

Threat Intelligence ◽

Cyber Threat ◽

Advanced Metering ◽

Cyber Threat Intelligence

Advanced information technologies have transformed into high-level services for more efficient use of energy resources through the fusion with the energy infrastructure. As a part of these technologies, the energy cloud is a technology that maximizes the efficiency of energy resources through the organic connection between the entities that produce and consume the energy. However, the disruption or destruction of energy cloud systems through cyberattacks can lead to incidents such as massive blackouts, which can lead to national disasters. Furthermore, since the technique and severity of modern cyberattacks continue to improve, the energy cloud environment must be designed to resist cyberattacks. However, since the energy cloud environment has different characteristics from general infrastructures such as the smart grid and the Advanced Metering Infrastructure (AMI), it requires security technology specialized to its environment. This paper proposes a cyber threat intelligence framework to improve the energy cloud environment’s security. Cyber Threat Intelligence (CTI) is a technology to actively respond to advanced cyber threats by collecting and analyzing various threat indicators and generating contextual knowledge about the cyber threats. The framework proposed in this paper analyzes threat indicators that can be collected in the advanced metering infrastructure and proposes a cyber threat intelligence generation technique targeting the energy cloud. This paper also proposes a method that can quickly apply a security model to a large-scale energy cloud infrastructure through a mechanism for sharing and spreading cyber threat intelligence between the AMI layer and the cloud layer. Our framework provides a way to effectively apply the proposed technologies through the CTI architecture, including the local AMI layer, the station layer, and the cloud layer. Furthermore, we show that the proposed framework can effectively respond to cyber threats by showing a 0.822 macro-F1 score and a 0.843 micro-F1 score for cyberattack detection in an environment that simulates a model of an attacker and an energy cloud environment.

Download Full-text

Trends in Existing and Emerging Cyber Threat Intelligence Platforms

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.l3188.1081219 ◽

2019 ◽

Vol 8 (12) ◽

pp. 3194-3201

Keyword(s):

Data Analysis ◽

Comparative Analysis ◽

Open Source ◽

Analytical Techniques ◽

Sensor Data ◽

Raw Data ◽

Cyber Threats ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

The purpose of this paper is to present comparative analysis of cyber threat intelligence platforms and their features. This work include comparative analysis of existing ontologies for cyber threat collectors/sensor, data enrichment and data analytical techniques used for raw data analysis and community models for sharing cyber threats, intelligence and countermeasures. Firstly, this work performs comparative analysis of various data sensors designed for collecting raw data from different networks: wired, wireless and mobile. Secondly, detail analysis is performed on various interfaces designed to map ontologies into schemas. Thirdly, efficient methods for data analysis are considered for comparative and detailed report. These method extracts threat information from raw data. Lastly, various cybersecurity community models are analyzed with an aim of identifying an efficient cyber threat sharing model. It is observed that ontology based data sensor mechanisms are more efficient as compared to taxonomy models. It helps in identifying various cyber threats in stipulated time period. In another observation, it is found that decision tree based data analytical techniques are more efficient for critical infrastructure based cyber threat intelligence systems as compared to other machine learning techniques. Further, open source community for cyber threat sharing is efficient if it allows everyone to share their threat information, create groups for specialized interests and keep logs of every subscriber. The proposed analysis is performed for open source and commercial cyber threat sharing platforms however various ontology models are available for intrusion detection systems in cyberspace. This work may be extended for other ontology models, deep learning threat analytical models and quality based threat sharing communities for non-IT sectors like: gas plants, water and electricity supply system etc. The proposed cybersecurity platform is useful for various practical systems where need of cybersecurity is increasing day by day. For example, Supervisory Control and Data Acquisition (SCADA) systems like: energy, oil/gas, transportation, power, water and waste water management systems etc. The conducted analysis is helpful in identifying appropriate cyber threat sharing platform for different applications

Download Full-text

A Shared Cyber Threat Intelligence Solution for SMEs

Electronics ◽

10.3390/electronics10232913 ◽

2021 ◽

Vol 10 (23) ◽

pp. 2913

Author(s):

Max van Haastrecht ◽

Guy Golpur ◽

Gilad Tzismadia ◽

Rolan Kab ◽

Cristian Priboi ◽

...

Keyword(s):

Systematic Review ◽

State Of The Art ◽

Cyber Threats ◽

Current State ◽

Intelligence Sharing ◽

Threat Intelligence ◽

Cyber Threat ◽

Cyber Threat Intelligence

Small- and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.

Download Full-text