Abstract
The rise of intrusion has increased the need for cybersecurity in various organizations. A set of these intrusions by an adversary against a particular organization are called intrusion campaigns. Threat intelligence techniques help detect and respond to intrusion attempts and help organizations set up a framework that can secure their services and interests. This chapter surveys different parameters and resources required to construct such a threat intelligence technique for an organization. Furthermore, the chapter discusses the various cases and models of an Intrusion Detection System (IDS) and Intrusion Response System (IRS) along with their comparison using the security resources collected during the construction of a Threat Intelligence model. All of this combined forms the threat intelligence technique.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Intrusion campaigns, https://stixproject.github.io/data-model/1.2/campaign/CampaignType/ (2022).
Challenges in cyber security, https://www.rasmussen.edu/degrees/technology/blog/cyber-security-problems/ (2022).
R. A. Bridges, T. R. Glass-Vanderlan, M. D. Iannacone, M. S. Vincent, Q. G. Chen, A survey of intrusion detection systems leveraging host data, ACM Comput. Surv. 52 (6). https://doi.org/10.1145/3344382
What is threat intelligence? https://www.recordedfuture.com/threat-intelligence/ (2022).
Why threat intelligence, https://www.threatintelligence.com/blog/threat-intelligence (2022).
V. Mavroeidis, R. Hohimer, T. Casey, A. Jesang, Threat actor type inference and characterization within cyber threat intelligence, in: 2021 13th International Conference on Cyber Conflict (CyCon), 2021, pp. 327–352. https://doi.org/10.23919/CyCon51939.2021.9468305.
S.-Y. Huang, T. Ban, Monitoring social media for vulnerability-threat prediction and topic analysis, in: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2020, pp. 1771–1776. https://doi.org/10.1109/TrustCom50675.2020.00243.
Mitre att&ck, https://attack.mitre.org/ (2022).
V. Legoy, M. Caselli, C. Seifert, A. Peter, Automated retrieval of att&ck tactics and techniques for cyber threat reports, CoRR abs/2004.14322. arXiv:2004.14322. https://arxiv.org/abs/2004.14322
M. Al-Ramahi, I. Alsmadi, J. Davenport, Exploring hackers assets: topics of interest as indicators of compromise, in: Proceedings of the 7th Symposium on Hot Topics in the Science of Security, 2020, pp. 1–4.
W. Zeng, Z. Liu, Y. Yang, G. Yang, Q. Luo, QBC inconsistency-based threat intelligence IoC recognition, IEEE Access 9 (2021) 153102–153107. https://doi.org/10.1109/ACCESS.2021.3128070.
S. Chandel, M. Yan, S. Chen, H. Jiang, T.-Y. Ni, Threat intelligence sharing community: A countermeasure against advanced persistent threat, in: 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR), 2019, pp. 353–359. https://doi.org/10.1109/MIPR.2019.00070.
Stix, https://oasis-open.github.io/cti-documentation/stix/intro (2022).
Apt, https://www.imperva.com/learn/application-security/apt-advanced-persistent-threat/ (2022).
A. Khraisat, I. Gondal, P. Vamplew, J. Kamruzzaman, Survey of intrusion detection systems: techniques, datasets and challenges, Cybersecurity 2. https://doi.org/10.1186/s42400-019-0038-7.
A. H. Almutairi, N. T. Abdelmajeed, Innovative signature based intrusion detection system: Parallel processing and minimized database, in: 2017 International Conference on the Frontiers and Advances in Data Science (FADS), 2017, pp. 114–119. https://doi.org/10.1109/FADS.2017.8253208.
V. Jyothsna, K. M. Prasad, arXiv:2004.14322, in: J. Sen (Ed.), Computer and Network Security, IntechOpen, Rijeka, 2020, Ch. 3, pp. 1–16. https://doi.org/10.5772/intechopen.82287.
B. R. Raghunath, S. N. Mahadeo, Network intrusion detection system (NIDS), in: 2008 First International Conference on Emerging Trends in Engineering and Technology, 2008, pp. 1272–1277. https://doi.org/10.1109/ICETET.2008.252.
Y.-j. Ou, Y. Lin, Y. Zhang, Y.-j. Ou, The design and implementation of host-based intrusion detection system, in: 2010 Third International Symposium on Intelligent Information Technology and Security Informatics, 2010, pp. 595–598. https://doi.org/10.1109/IITSI.2010.127.
K.-M. Yu, M.-F. Wu, W.-T. Wong, Protocol-based classification for intrusion detection, in: Proceedings of the 7th WSEAS International Conference on Applied Computer and Applied Computational Science, ACACOS’08, World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, Wisconsin, USA, 2008, p. 29–34.
A. Kumar, H. C. Maurya, R. Misra, A research paper on hybrid intrusion detection system, International Journal of Engineering and Advanced Technology (IJEAT) Vol 2.
J. McHugh, Testing intrusion detection systems: A critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory, ACM Trans. Inf. Syst. Secur. 3 (4) (2000) 262–294. https://doi.org/10.1145/382912.382923.
J. Hu, X. Yu, D. Qiu, H.-H. Chen, A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection, IEEE Network 23 (1) (2009) 42–47. https://doi.org/10.1109/MNET.2009.4804323.
A. Adebowale, S. Idowu, A. Amarachi, Comparative study of selected data mining algorithms used for intrusion detection, International Journal of Soft Computing and Engineering (IJSCE) 3 (3) (2013) 237–241.
S. Thaseen, C. A. Kumar, An analysis of supervised tree based classifiers for intrusion detection system, in: 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering, 2013, pp. 294–299. https://doi.org/10.1109/ICPRIME.2013.6496489.
N. Koroniotis, N. Moustafa, E. Sitnikova, B. P. Turnbull, arXiv:2004.14322, CoRR abs/1811.00701. arXiv:1811.00701. http://arxiv.org/abs/1811.00701
C. A. Carver, U. W. Pooch, An intrusion response taxonomy and its role in automatic intrusion response, in: Proceedings of the 2000 IEEE Workshop on Information Assurance and Security, IEEE Computer Society Press West Point, NY, USA, 2000, pp. 129–135.
H. S. Jomaa, J. Grabocka, L. Schmidt-Thieme, Hyp-rl: Hyperparameter optimization by reinforcement learning, arXiv preprint arXiv:1906.11527.
D. J. Ragsdale, C. Carver, J. W. Humphries, U. W. Pooch, Adaptation techniques for intrusion detection and intrusion response systems, in: SMC 2000 conference proceedings. 2000 IEEE international conference on systems, man and cybernetics. ’cybernetics evolving to systems, humans, organizations, and their complex interactions’ (cat. no. 0, Vol. 4, IEEE, 2000, pp. 2344–2349.
F. Ullah, M. A. Babar, On the scalability of big data cyber security analytics systems, Journal of Network and Computer Applications 198 (2022) 103294.
N. B. Anuar, S. Furnell, M. Papadaki, N. Clarke, Response mechanisms for intrusion response systems (IRSS), University of Plymouth: Plymouth, UK.
C.-J. Chung, P. Khatkar, T. Xing, J. Lee, D. Huang, NICE: Network intrusion detection and countermeasure selection in virtual network systems, IEEE transactions on dependable and secure computing 10 (4) (2013) 198–211.
S. Bandyopadhyay, S. Saha, Some single- and multiobjective optimization techniques, in: Unsupervised classification, Springer, 2013, p. 17–58.
A. Nadeem, M. P. Howarth, An intrusion detection & adaptive response mechanism for MANETs, Ad Hoc Networks 13 (2014) 368–380.
A. Nadeem, M. Howarth, Protection of MANETs from a range of attacks using an intrusion detection and prevention system, Telecommunication Systems 52 (4) (2013) 2047–2058.
Y. Ping, Z. Futai, J. Xinghao, L. Jianhua, Multi-agent cooperative intrusion response in mobile ad hoc networks, Journal of Systems Engineering and Electronics 18 (4) (2007) 785–794.
A. Shameli-Sendi, H. Louafi, W. He, M. Cheriet, Dynamic optimal countermeasure selection for intrusion response system, IEEE Transactions on Dependable and Secure Computing 15 (5) (2016) 755–770.
B. Kordy, P. Kordy, S. Mauw, P. Schweitzer, ADTool: security analysis with attack–defense trees, in: International conference on quantitative evaluation of systems, Springer, 2013, pp. 173–176.
N. Kheir, N. Cuppens-Boulahia, F. Cuppens, H. Debar, A service dependency model for cost-sensitive intrusion response, in: European Symposium on Research in Computer Security, Springer, 2010, pp. 626–642.
C. Hwang, K. Yoon, Methods for multiple attribute decision making. in multiple attribute decision making 1981 (pp. 58–191) (1981).
H. A. Kholidy, A. Erradi, S. Abdelwahed, F. Baiardi, A risk mitigation approach for autonomous cloud intrusion response system, Computing 98 (11) (2016) 1111–1135.
D. Perez-Botero, J. Szefer, R. B. Lee, Characterizing hypervisor vulnerabilities in cloud computing servers, in: Proceedings of the 2013 international workshop on Security in cloud computing, 2013, pp. 3–10.
S. Iannucci, V. Cardellini, O. D. Barba, I. Banicescu, A hybrid model-free approach for the near-optimal intrusion response control of non-stationary systems, Future Generation Computer Systems 109 (2020) 111–124.
V. Mnih, K. Kavukcuoglu, D. Silver, A. A. Rusu, J. Veness, M. G. Bellemare, A. Graves, M. Riedmiller, A. K. Fidjeland, G. Ostrovski, et al., Human-level control through deep reinforcement learning, nature 518 (7540) (2015) 529–533.
J. Lu, V. Behbood, P. Hao, H. Zuo, S. Xue, G. Zhang, Transfer learning using computational intelligence: A survey, Knowledge-Based Systems 80 (2015) 14–23.
M. L. Puterman, Markov decision processes: discrete stochastic dynamic programming, John Wiley & Sons, 2014.
J. Zhu, K. Zou, X. Liu, K. Gao, Establishment of response evaluation model and empirical study of risk in enterprise threat intelligence, in: 2020 2nd International Conference on Economic Management and Model Engineering (ICEMME), IEEE, 2020, pp. 735–738.
F. Li, F. Xiong, C. Li, L. Yin, G. Shi, B. Tian, SRAM: A state-aware risk assessment model for intrusion response, in: 2017 IEEE Second International Conference on Data Science in Cyberspace (DSC), 2017, pp. 232–237. https://doi.org/10.1109/DSC.2017.9.
X. Zhang, C. Li, W. Zheng, Intrusion prevention system design, in: The Fourth International Conference on Computer and Information Technology, 2004. CIT ’04., 2004, pp. 386–390. https://doi.org/10.1109/CIT.2004.1357226.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Anand, A., Singhal, M., Guduru, S., Chandavarkar, B.R. (2023). A Survey on Threat Intelligence Techniques for Constructing, Detecting, and Reacting to Advanced Intrusion Campaigns. In: Misra, R., et al. Advances in Data Science and Artificial Intelligence. ICDSAI 2022. Springer Proceedings in Mathematics & Statistics, vol 403. Springer, Cham. https://doi.org/10.1007/978-3-031-16178-0_23
Download citation
DOI: https://doi.org/10.1007/978-3-031-16178-0_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-16177-3
Online ISBN: 978-3-031-16178-0
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)