Skip to main content
SpringerLink
Log in

A Survey on Threat Intelligence Techniques for Constructing, Detecting, and Reacting to Advanced Intrusion Campaigns

  • Conference paper
  • First Online:
Advances in Data Science and Artificial Intelligence (ICDSAI 2022)

Part of the book series: Springer Proceedings in Mathematics & Statistics ((PROMS,volume 403))

  • 307 Accesses

Abstract

The rise of intrusion has increased the need for cybersecurity in various organizations. A set of these intrusions by an adversary against a particular organization are called intrusion campaigns. Threat intelligence techniques help detect and respond to intrusion attempts and help organizations set up a framework that can secure their services and interests. This chapter surveys different parameters and resources required to construct such a threat intelligence technique for an organization. Furthermore, the chapter discusses the various cases and models of an Intrusion Detection System (IDS) and Intrusion Response System (IRS) along with their comparison using the security resources collected during the construction of a Threat Intelligence model. All of this combined forms the threat intelligence technique.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Intrusion campaigns, https://stixproject.github.io/data-model/1.2/campaign/CampaignType/ (2022).

  2. Challenges in cyber security, https://www.rasmussen.edu/degrees/technology/blog/cyber-security-problems/ (2022).

  3. R. A. Bridges, T. R. Glass-Vanderlan, M. D. Iannacone, M. S. Vincent, Q. G. Chen, A survey of intrusion detection systems leveraging host data, ACM Comput. Surv. 52 (6). https://doi.org/10.1145/3344382

  4. What is threat intelligence? https://www.recordedfuture.com/threat-intelligence/ (2022).

  5. Why threat intelligence, https://www.threatintelligence.com/blog/threat-intelligence (2022).

  6. V. Mavroeidis, R. Hohimer, T. Casey, A. Jesang, Threat actor type inference and characterization within cyber threat intelligence, in: 2021 13th International Conference on Cyber Conflict (CyCon), 2021, pp. 327–352. https://doi.org/10.23919/CyCon51939.2021.9468305.

  7. S.-Y. Huang, T. Ban, Monitoring social media for vulnerability-threat prediction and topic analysis, in: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1771–1776. https://doi.org/10.1109/TrustCom50675.2020.00243.

  8. Mitre att&ck, https://attack.mitre.org/ (2022).

  9. V. Legoy, M. Caselli, C. Seifert, A. Peter, Automated retrieval of att&ck tactics and techniques for cyber threat reports, CoRR abs/2004.14322. arXiv:2004.14322. https://arxiv.org/abs/2004.14322

  10. M. Al-Ramahi, I. Alsmadi, J. Davenport, Exploring hackers assets: topics of interest as indicators of compromise, in: Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 2020, pp. 1–4.

    Google Scholar 

  11. W. Zeng, Z. Liu, Y. Yang, G. Yang, Q. Luo, QBC inconsistency-based threat intelligence IoC recognition, IEEE Access 9 (2021) 153102–153107. https://doi.org/10.1109/ACCESS.2021.3128070.

    Article  Google Scholar 

  12. S. Chandel, M. Yan, S. Chen, H. Jiang, T.-Y. Ni, Threat intelligence sharing community: A countermeasure against advanced persistent threat, in: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019, pp. 353–359. https://doi.org/10.1109/MIPR.2019.00070.

  13. Stix, https://oasis-open.github.io/cti-documentation/stix/intro (2022).

  14. Apt, https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/ (2022).

  15. A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, Survey of intrusion detection systems: techniques, datasets and challenges, Cybersecurity 2. https://doi.org/10.1186/s42400-019-0038-7.

  16. A. H. Almutairi, N. T. Abdelmajeed, Innovative signature based intrusion detection system: Parallel processing and minimized database, in: 2017 International Conference on the Frontiers and Advances in Data Science (FADS), 2017, pp. 114–119. https://doi.org/10.1109/FADS.2017.8253208.

  17. V. Jyothsna, K. M. Prasad, arXiv:2004.14322, in: J. Sen (Ed.), Computer and Network Security, IntechOpen, Rijeka, 2020, Ch. 3, pp. 1–16. https://doi.org/10.5772/intechopen.82287.

  18. B. R. Raghunath, S. N. Mahadeo, Network intrusion detection system (NIDS), in: 2008 First International Conference on Emerging Trends in Engineering and Technology, 2008, pp. 1272–1277. https://doi.org/10.1109/ICETET.2008.252.

  19. Y.-j. Ou, Y. Lin, Y. Zhang, Y.-j. Ou, The design and implementation of host-based intrusion detection system, in: 2010 Third International Symposium on Intelligent Information Technology and Security Informatics, 2010, pp. 595–598. https://doi.org/10.1109/IITSI.2010.127.

  20. K.-M. Yu, M.-F. Wu, W.-T. Wong, Protocol-based classification for intrusion detection, in: Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science, ACACOS’08, World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, Wisconsin, USA, 2008, p. 29–34.

    Google Scholar 

  21. A. Kumar, H. C. Maurya, R. Misra, A research paper on hybrid intrusion detection system, International Journal of Engineering and Advanced Technology (IJEAT) Vol 2.

    Google Scholar 

  22. J. McHugh, Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory, ACM Trans. Inf. Syst. Secur. 3 (4) (2000) 262–294. https://doi.org/10.1145/382912.382923.

    Article  Google Scholar 

  23. J. Hu, X. Yu, D. Qiu, H.-H. Chen, A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection, IEEE Network 23 (1) (2009) 42–47. https://doi.org/10.1109/MNET.2009.4804323.

    Article  Google Scholar 

  24. A. Adebowale, S. Idowu, A. Amarachi, Comparative study of selected data mining algorithms used for intrusion detection, International Journal of Soft Computing and Engineering (IJSCE) 3 (3) (2013) 237–241.

    Google Scholar 

  25. S. Thaseen, C. A. Kumar, An analysis of supervised tree based classifiers for intrusion detection system, in: 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering, 2013, pp. 294–299. https://doi.org/10.1109/ICPRIME.2013.6496489.

  26. N. Koroniotis, N. Moustafa, E. Sitnikova, B. P. Turnbull, arXiv:2004.14322, CoRR abs/1811.00701. arXiv:1811.00701. http://arxiv.org/abs/1811.00701

  27. C. A. Carver, U. W. Pooch, An intrusion response taxonomy and its role in automatic intrusion response, in: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, IEEE Computer Society Press West Point, NY, USA, 2000, pp. 129–135.

    Google Scholar 

  28. H. S. Jomaa, J. Grabocka, L. Schmidt-Thieme, Hyp-rl: Hyperparameter optimization by reinforcement learning, arXiv preprint arXiv:1906.11527.

    Google Scholar 

  29. D. J. Ragsdale, C. Carver, J. W. Humphries, U. W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, in: SMC 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics. ’cybernetics evolving to systems, humans, organizations, and their complex interactions’ (cat. no. 0, Vol. 4, IEEE, 2000, pp. 2344–2349.

    Google Scholar 

  30. F. Ullah, M. A. Babar, On the scalability of big data cyber security analytics systems, Journal of Network and Computer Applications 198 (2022) 103294.

    Article  Google Scholar 

  31. N. B. Anuar, S. Furnell, M. Papadaki, N. Clarke, Response mechanisms for intrusion response systems (IRSS), University of Plymouth: Plymouth, UK.

    Google Scholar 

  32. C.-J. Chung, P. Khatkar, T. Xing, J. Lee, D. Huang, NICE: Network intrusion detection and countermeasure selection in virtual network systems, IEEE transactions on dependable and secure computing 10 (4) (2013) 198–211.

    Article  Google Scholar 

  33. S. Bandyopadhyay, S. Saha, Some single- and multiobjective optimization techniques, in: Unsupervised classification, Springer, 2013, p. 17–58.

    Google Scholar 

  34. A. Nadeem, M. P. Howarth, An intrusion detection & adaptive response mechanism for MANETs, Ad Hoc Networks 13 (2014) 368–380.

    Article  Google Scholar 

  35. A. Nadeem, M. Howarth, Protection of MANETs from a range of attacks using an intrusion detection and prevention system, Telecommunication Systems 52 (4) (2013) 2047–2058.

    Article  Google Scholar 

  36. Y. Ping, Z. Futai, J. Xinghao, L. Jianhua, Multi-agent cooperative intrusion response in mobile ad hoc networks, Journal of Systems Engineering and Electronics 18 (4) (2007) 785–794.

    Article  Google Scholar 

  37. A. Shameli-Sendi, H. Louafi, W. He, M. Cheriet, Dynamic optimal countermeasure selection for intrusion response system, IEEE Transactions on Dependable and Secure Computing 15 (5) (2016) 755–770.

    Article  Google Scholar 

  38. B. Kordy, P. Kordy, S. Mauw, P. Schweitzer, ADTool: security analysis with attack–defense trees, in: International conference on quantitative evaluation of systems, Springer, 2013, pp. 173–176.

    Google Scholar 

  39. N. Kheir, N. Cuppens-Boulahia, F. Cuppens, H. Debar, A service dependency model for cost-sensitive intrusion response, in: European Symposium on Research in Computer Security, Springer, 2010, pp. 626–642.

    Google Scholar 

  40. C. Hwang, K. Yoon, Methods for multiple attribute decision making. in multiple attribute decision making 1981 (pp. 58–191) (1981).

    Google Scholar 

  41. H. A. Kholidy, A. Erradi, S. Abdelwahed, F. Baiardi, A risk mitigation approach for autonomous cloud intrusion response system, Computing 98 (11) (2016) 1111–1135.

    Article  MathSciNet  Google Scholar 

  42. D. Perez-Botero, J. Szefer, R. B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in: Proceedings of the 2013 international workshop on Security in cloud computing, 2013, pp. 3–10.

    Google Scholar 

  43. S. Iannucci, V. Cardellini, O. D. Barba, I. Banicescu, A hybrid model-free approach for the near-optimal intrusion response control of non-stationary systems, Future Generation Computer Systems 109 (2020) 111–124.

    Article  Google Scholar 

  44. V. Mnih, K. Kavukcuoglu, D. Silver, A. A. Rusu, J. Veness, M. G. Bellemare, A. Graves, M. Riedmiller, A. K. Fidjeland, G. Ostrovski, et al., Human-level control through deep reinforcement learning, nature 518 (7540) (2015) 529–533.

    Google Scholar 

  45. J. Lu, V. Behbood, P. Hao, H. Zuo, S. Xue, G. Zhang, Transfer learning using computational intelligence: A survey, Knowledge-Based Systems 80 (2015) 14–23.

    Article  Google Scholar 

  46. M. L. Puterman, Markov decision processes: discrete stochastic dynamic programming, John Wiley & Sons, 2014.

    MATH  Google Scholar 

  47. J. Zhu, K. Zou, X. Liu, K. Gao, Establishment of response evaluation model and empirical study of risk in enterprise threat intelligence, in: 2020 2nd International Conference on Economic Management and Model Engineering (ICEMME), IEEE, 2020, pp. 735–738.

    Google Scholar 

  48. F. Li, F. Xiong, C. Li, L. Yin, G. Shi, B. Tian, SRAM: A state-aware risk assessment model for intrusion response, in: 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), 2017, pp. 232–237. https://doi.org/10.1109/DSC.2017.9.

  49. X. Zhang, C. Li, W. Zheng, Intrusion prevention system design, in: The Fourth International Conference on Computer and Information Technology, 2004. CIT ’04., 2004, pp. 386–390. https://doi.org/10.1109/CIT.2004.1357226.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Karnataka, Surathkal, India

    Ashutosh Anand, Mudit Singhal, Swapnil Guduru & B R Chandavarkar

Authors
  1. Ashutosh Anand
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mudit Singhal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Swapnil Guduru
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. B R Chandavarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science & Engineering, Indian Institute of Technology Patna, Patna, Bihar, India

    Rajiv Misra

  2. Department of Computer Science, Central University of Rajasthan, Ajmer, Rajasthan, India

    Nishtha Kesswani

  3. Department of EE Engineering, University of London, London, UK

    Muttukrishnan Rajarajan

  4. Department of ECE, National University of Singapore, Singapore, Singapore

    Bharadwaj Veeravalli

  5. EMLYON Business School, Écully, France

    Imene Brigui

  6. Department of Computer Science, Florida Polytechnic University, Lakeland, FL, USA

    Ashok Patel

  7. Director, Indian Institute of Technology Patna, Bihar, India

    T. N. Singh

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Anand, A., Singhal, M., Guduru, S., Chandavarkar, B.R. (2023). A Survey on Threat Intelligence Techniques for Constructing, Detecting, and Reacting to Advanced Intrusion Campaigns. In: Misra, R., et al. Advances in Data Science and Artificial Intelligence. ICDSAI 2022. Springer Proceedings in Mathematics & Statistics, vol 403. Springer, Cham. https://doi.org/10.1007/978-3-031-16178-0_23

Download citation

Publish with us

Policies and ethics

Search

Navigation