Leveraging cyber threat intelligence for a dynamic risk framework

International Journal of Information Security - One of the most important goals in an organization is to have risks under an acceptance level along the time. All organizations are exposed to...     

The cyber threat landscape: Challenges and future research directions

Cyber threats are becoming more sophisticated with the blending of once distinct types of attack into more damaging forms. Increased variety and volume of attacks is inevitable given the desire of financially and criminally-motivated actors to obtain personal and confidential information, as highlighted in this paper. We describe how the Routine Activity Theory can be applied to mitigate these risks by reducing the opportunities for cyber crime to occur, making cyber crime more difficult to commit and by increasing the risks of detection and punishment associated with committing cyber crime. Potential research questions are also identified.     

An autoML network traffic analyzer for cyber threat detection

International Journal of Information Security - Timely detection and effective treatment of cyber-attacks for protecting personal and sensitive data from unauthorized disclosure constitute a core...     

人工智能技术在网络空间安全防御中的应用

如何及时处理海量网络态势信息并有效应对动态演化的网络攻击是网络空间安全防御面临的主要挑战,人工智能技术由于具有传统方法所不具备的智能特性,近年来在网络空间安全防御中得到了广泛的关注,并取得了大量的研究成果。综述了近年来神经网络、多Agent系统以及专家系统等人工智能技术在网络空间安全防御中的主要应用和方法,分析比较了它们各自的应用特点,给出了未来研究与发展的趋势。     

Malware incident response(IR) informed by cyber threat intelligence(CTI)

<正>Dear editor, Security experts have been fighting against cybercriminals for many years and existing research shows that this battle will continue. Malicious software has no remorse when it targets different organizations, regardless of its forms [1]. Ransomware [2] has caused serious issues in different industries, especially in healthcare. The existing report shows that 34% of ransomware is targeting healthcare organizations. Nowadays, criminals prefer crypto-jacking over ransomware (w...     

Behavioral analysis of botnets for threat intelligence

This paper examines the behavioral patterns of fast-flux botnets for threat intelligence. The Threat Intelligence infrastructure, which we have specifically developed for fast-flux botnet detection and monitoring, enables this analysis. Cyber criminals and attackers use botnets to conduct a wide range of operations including spam campaigns, phishing scams, malware delivery, denial of service attacks, and click fraud. The most advanced botnet operators use fast-flux infrastructure and DNS record manipulation techniques to make their networks more stealthy, scalable, and resilient. Our analysis shows that such networks share common lifecycle characteristics, and form clusters based on size, growth and type of malicious behavior. We introduce a social network connectivity metric, and show that command and control and malware botnets have similar scores with this metric while spam and phishing botnets have similar scores. We describe how a Guilt-by-Association approach and connectivity metric can be used to predict membership in particular botnet families. Finally, we discuss the intelligence utility of fast-flux botnet behavior analysis as a cyber defense tool against advanced persistent threats.     

A multi-level slow intelligence system for visualizing personal health care

This paper describes the design of an experimental multi-level slow intelligence system for visualizing personal health care, called the TDR system, consisting of interacting super-components each with different computation cycles specified by an abstract machine model. The TDR system has three major super-components: Tian (Heaven), Di (Earth) and Ren (Human), which are the essential ingredients of a human-centric psycho-physical system following the Chinese philosophy. Each super-component further consists of interacting components supported by an SIS server. This experimental TDR system provides a platform for exploring, visualizing and integrating different applications in personal health care, emergency management and social networking.     

Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system

Effective vulnerability management requires the integration of vulnerability information available on multiple sources, including social media. The information could be used to inform common users about impending vulnerabilities and countermeasures. First, we present the Cybersecurity Vulnerability Ontology (CVO), a conceptual model for formal knowledge representation of the vulnerability management domain. Second, we utilize the CVO to design a Cyber Intelligence Alert (CIA) system that issues cyber alerts about vulnerabilities and countermeasures. We rigorously evaluated the CVO as well as the accuracy, performance, and usefulness of the CIA system. Key contributions of this study to research and practice are discussed.     

Special issue on computational intelligence in cyber security [Preface]

The four papers in this special issue focus on computational intelligence in cyber security. The papers are summarized here.     

Measuring universal intelligence: Towards an anytime intelligence test

In this paper, we develop the idea of a universal anytime intelligence test. The meaning of the terms “universal” and “anytime” is manifold here: the test should be able to measure the intelligence of any biological or artificial system that exists at this time or in the future. It should also be able to evaluate both inept and brilliant systems (any intelligence level) as well as very slow to very fast systems (any time scale). Also, the test may be interrupted at any time, producing an approximation to the intelligence score, in such a way that the more time is left for the test, the better the assessment will be. In order to do this, our test proposal is based on previous works on the measurement of machine intelligence based on Kolmogorov complexity and universal distributions, which were developed in the late 1990s (C-tests and compression-enhanced Turing tests). It is also based on the more recent idea of measuring intelligence through dynamic/interactive tests held against a universal distribution of environments. We discuss some of these tests and highlight their limitations since we want to construct a test that is both general and practical. Consequently, we introduce many new ideas that develop early “compression tests” and the more recent definition of “universal intelligence” in order to design new “universal intelligence tests”, where a feasible implementation has been a design requirement. One of these tests is the “anytime intelligence test”, which adapts to the examinee's level of intelligence in order to obtain an intelligence score within a limited time.     

Artificial intelligence in cyber security: research advances,challenges, and opportunities

Artificial Intelligence Review - In recent times, there have been attempts to leverage artificial intelligence (AI) techniques in a broad range of cyber security applications. Therefore, this paper...     

DEALER: decentralized incentives for threat intelligence reporting and exchange

International Journal of Information Security - The exchange of threat intelligence information can make a significant contribution to improving IT security in companies and has become increasingly...     

一种基于HIDS的威胁情报解决方案

近年来,以挖矿木马和勒索病毒为首的新型安全事件越来越多,企业对于信息安全建设的重视度越来越高。这类新型攻击模式往往有着攻击方式多变、攻击影响大的特点。文章提供了一种基于主机型入侵检测系统(Host-based Intrusion Detection System,HIDS)的威胁情报解决方案,通过高效结合HIDS的检测能力和威胁情报数据,帮助企业第一时间发现恶意事件,并提供不同情况下的应急响应方案。     

Editorial: Special issue on neural computing and applications in cyber intelligence: ATCI 2020

Neural Computing and Applications -     

Network attack prediction method based on threat intelligence for IoT

Multimedia Tools and Applications - The Social Internet of Things (SIoT) is a combination of the Internet of Things (IoT) and social networks, which enables better service discovery and improves...     

A study on cyber threat prediction based on intrusion detection event for APT attack detection

A number of APT(Advanced Persistent Threat) attack malwares are being detected as of late together with attempts by the state and enterprises to leak personal information. To detect and respond to them, malwares must first be detected by security monitoring system. In particular, availability of a method to detect and predict such malwares in advance will lead to preventing security incidents. This study will propose a method of prediction based on intrusion detection event and a functional configuration to realize the method and will assess the prediction model based on intrusion detection events proposed through a test consisting of the stages of learning, prediction and evaluation.     

基于威胁情报的自动生成入侵检测规则方法

针对传统的IDS规则更新方法基本只能提取已知攻击行为的特征,或者在原有特征的基础上寻找最佳的一般表达式,无法针对当前发生的热点网络安全事件做出及时更新,提出基于威胁情报的自动生成入侵检测规则方法.文章分类模块使用Word2Vec进行特征提取,利用AdaBoost算法训练文章分类模型获取威胁情报文本;定位IoC所在的段落...