Skip to main content
SpringerLink
Log in

Methodology for Cyber Threat Intelligence with Sensor Integration

  • Conference paper
  • First Online:
CSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI) (CSEI 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 678))

  • 311 Accesses

Abstract

Identifying attacks on computer networks is a complex task, given the huge number of machines, data diversity, and a large volume of data. Cyber Threat Intelligence consists of collecting, classifying, enriching, classifying data, and producing knowledge about threats in network defense systems. In this scenario, we find network Intrusion Detection Systems that specifically analyze network traffic and through signatures detect anomalies, generating records for system operators. The purpose of this work is to present a methodology to generate knowledge about Threat Intelligence, from the records of network sensors, collecting Threat or Compromise Indicators and enriching them to feed Threat Intelligence Sharing Platforms. Our methodology speeds up the decision-making process as it incorporates an up-to-date, public repository of signatures already in the collector, eliminating the threat identification phase in an additional step. For the demonstration and evaluation of the methodology, a proof of concept was carried out that covered the entire threat identification cycle.

The authors are grateful for the support of ABIN TED 08/2019.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abdullahi, M., et al.: Detecting cybersecurity attacks in internet of things using artificial intelligence methods: a systematic literature review. Electronics 11(2), 1–28 (2022). https://doi.org/10.3390/electronics11020198

    Article  MathSciNet  Google Scholar 

  2. Albasheer, H., et al.: Cyber-attack prediction based on network intrusion detection systems for alert correlation techniques: a survey. Sensors 22(4), 1494 (2022). https://doi.org/10.3390/S22041494

    Article  Google Scholar 

  3. Alcantara, L., Padilha, G., Abreu, R., D’Amorim, M.: Syrius: synthesis of rules for intrusion detectors. IEEE Trans. Reliab. 71, 1–12 (2021). https://doi.org/10.1109/TR.2021.3061297

    Article  Google Scholar 

  4. Bhati, N.S., Khari, M., García-Díaz, V., Verdú, E.: A Review on Intrusion Detection Systems and Techniques (2020). https://doi.org/10.1142/S0218488520400140

  5. Burger, E.W., Goodman, M.D., Kampanakis, P., Zhu, K.A.: Taxonomy model for cyber threat intelligence information exchange technologies. In: WISCS 2014: Proceedings of the 2014 ACM Workshop on Information Sharing and Collaborative Security, pp. 51–60 (2014). https://doi.org/10.1145/2663876.2663883

  6. Cheswick, W.R., Bellovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley (1994). https://archive.org/details/firewallsinterne00ches

  7. de Melo e Silva, A., Gondim, J.J.C., de Oliveira Albuquerque, R., Villalba, L.J.G.: A methodology to evaluate standards and platforms within cyber threat intelligence. Future Internet 12(6), 1–23 (2020). https://doi.org/10.3390/fi12060108

  8. DTF: Date Time Format Info. Universal Sortable Date Time Pattern. http://shorturl.at/kWZ25

  9. Elmellas, J.: Knowledge is power: the evolution of threat intelligence. Comput. Fraud Secur. 2016(7), 5–9 (2016)

    Article  Google Scholar 

  10. Ferrag, M.A., Babaghayou, M., Yazici, A.: Cyber security for fog-based smart grid SCADA systems: solutions and challenges. J. Inf. Secur. Appl. 52, 102500 (2020). https://doi.org/10.1016/j.jisa.2020.102500

    Article  Google Scholar 

  11. Hoepers, C., Steding-Jessen, K., Montes, A.: Honeynets applied to the CSIRT scenario. In: FIRST, p. 9 (2003). http://www.honeynet.org/alliance/

  12. Irfan, A.N., Ariffin, A., ri Mahrin, M.N., Anuar, S.: A malware detection framework based on forensic and unsupervised machine learning methodologies. In: ACM International Conference Proceeding Series, pp. 194–200 (2020). https://doi.org/10.1145/3384544.3384556

  13. Kalogeraki, E.M., Papastergiou, S., Panayiotopoulos, T.: An attack simulation and evidence chains generation model for critical information infrastructures. Electronics 11(3), 404 (2022). https://doi.org/10.3390/electronics11030404

    Article  Google Scholar 

  14. Kim, E., Kim, K., Shin, D., Jin, B., Kim, H.: Cytime: cyber threat intelligence management framework for automatically generating security rules. In: ACM International Conference Proceeding Series Part F1377 (2018). https://doi.org/10.1145/3226052.3226056

  15. Klock, A.C.T., Gasparini, I., Pimenta, M.S.: 5W2H framework. In: Proceedings of the 15th Brazilian Symposium on Human Factors in Computing Systems, pp. 1–10. ACM, New York (2016). https://doi.org/10.1145/3033701.3033715

  16. Koloveas, P., Chantzios, T., Alevizopoulou, S., Skiadopoulos, S., Tryfonopoulos, C.: inTIME: a machine learning-based framework for gathering and leveraging web data to cyber-threat intelligence. Electronics 10(7), 818 (2021). https://doi.org/10.3390/electronics10070818

    Article  Google Scholar 

  17. Kristiansen, L.M., Agarwal, V., Franke, K., Shah, R.S.: CTI-Twitter: gathering cyber threat intelligence from twitter using integrated supervised and unsupervised learning. In: Proceedings - 2020 IEEE International Conference on Big Data, Big Data 2020, pp. 2299–2308 (2020). https://doi.org/10.1109/BigData50022.2020.9378393

  18. Marchio, J.: Analytic tradecraft and the intelligence community: enduring value, intermittent emphasis. Intell. Natl. Secur. 29(2), 159–183 (2014). https://doi.org/10.1080/02684527.2012.746415

    Article  Google Scholar 

  19. Masip-Bruin, X., et al.: Cybersecurity in ICT supply chains: key challenges and a relevant architecture. Sensors 21(18) (2021). https://doi.org/10.3390/S21186057

  20. Mavroeidis, V., Jøsang, A.: Data-driven threat hunting using sysmon. In: ACM International Conference Proceeding Series, pp. 82–88 (2018). https://doi.org/10.1145/3199478.3199490

  21. McAuliffe, N., Wolcott, D., Schaefer, L., Kelem, N., Hubbard, B., Haley, T.: Is your computer being misused? A survey of current intrusion detection system technology. In: Proceedings - Annual Computer Security Applications Conference, ACSAC, pp. 260–272 (1990). https://doi.org/10.1109/CSAC.1990.143785

  22. Mironeanu, C., Archip, A., Amarandei, C.M., Craus, M.: Experimental cyber attack detection framework. Electronics 10(14) (2021). https://doi.org/10.3390/ELECTRONICS10141682

  23. Nam, K., Kim, K.: A study on SDN security enhancement using open source IDS/IPS Suricata. In: 9th International Conference on Information and Communication Technology Convergence: ICT Convergence Powered by Smart Intelligence, ICTC 2018, pp. 1124–1126 (2018). https://doi.org/10.1109/ICTC.2018.8539455

  24. Nash, A.: Demystifying cyber threat intelligence sharing platforms: an evaluation of data quality issues and their effects on cyber attribution. Master degree in science, Faculty of Utica College (2021). http://shorturl.at/bdgRX

  25. OISF: Suricata | Open Source IDS/IPS/NSM engine (2020). https://suricata-ids.org/. https://github.com/OISF/suricata/

  26. Panwar, A., Ahn, G.J., Doupé, A., Zhao, Z.: iGen: toward automatic generation and analysis of indicators of compromise (IOCs) using convolutional neural network. Master of science, Arizona State University (2017). https://hdl.handle.net/2286/R.I.44216

  27. Riesco, R., Villagrá, V.A.: Leveraging cyber threat intelligence for a dynamic risk framework. Int. J. Inf. Secur. 18(6), 715–739 (2019). https://doi.org/10.1007/s10207-019-00433-2

    Article  Google Scholar 

  28. Roopak, M., Tian, G.Y., Chambers, J.: An intrusion detection system against DDoS attacks in IoT networks. In: 2020 10th Annual Computing and Communication Workshop and Conference, CCWC 2020, pp. 562–567 (2020). https://doi.org/10.1109/CCWC47524.2020.9031206

  29. Sander, T., Hailpern, J.: UX aspects of threat information sharing platforms. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 51–59. ACM, New York (2015). https://doi.org/10.1145/2808128.2808136

  30. Schlette, D., Böhm, F., Caselli, M., Pernul, G.: Measuring and visualizing cyber threat intelligence quality. Int. J. Inf. Secur. 20(1), 21–38 (2021). https://doi.org/10.1007/s10207-020-00490-y

    Article  Google Scholar 

  31. Schreiber, J., Meehan, M., Langston, R.: 2021 Open Source IDS Tools: Suricata vs Snort vs Bro (Zeek) | AT &T Cybersecurity (2020). http://shorturl.at/oPS37

  32. Shafiq, M., Yu, X., Bashir, A.K., Chaudhry, H.N., Wang, D.: A machine learning approach for feature selection traffic classification using security analysis. J. Supercomput. 74(10), 4867–4892 (2018). https://doi.org/10.1007/s11227-018-2263-3

    Article  Google Scholar 

  33. Siebert, E.: Indicadores de ataque versus indicadores de comprometimento. Technical report, CrowdStrike Holdings, Inc, Austin, Texas (2020). http://shorturl.at/bru49

  34. de Sousa, C.E., Gondim, J.J.C., Albuquerque, R.d.O.: ENRICHER: ferramenta de enriquecimento de dados integrada à plataforma MISP. Dissertation completion graduation, Universidade de Brasília (2021)

    Google Scholar 

  35. Sworna, Z.T., Islam, C., Babar, M.A.: APIRO: a framework for automated security tools API recommendation. ACM Trans. Softw. Eng. Methodol. 41 (2022). https://doi.org/10.1145/3512768

  36. Wendt, D.W.: Exploring The Strategies Cybersecurity Specialists Need To Improve Adaptive Cyber Defenses Within The Financial Sector: An Exploratory Study. D.c.s, Colorado Technical University (2019). https://shorturl.at/ouV46

  37. Zhou, Y., Tang, Y., Yi, M., Xi, C., Lu, H.: CTI view: APT threat intelligence analysis system. Secur. Commun. Netw. 2022 (2022). https://doi.org/10.1155/2022/9875199

Download references

Author information

Authors and Affiliations

  1. Post Graduation in Electrical Engineering (PPEE), Department of Electrical Engineering, University of Brasília (UnB), Brasília, DF, 70910-900, Brazil

    João-Alberto Pincovscy & João-José Costa-Gondim

  2. Department of Computer Science (CIC), University of Brasilia (UnB), Brasilia, DF, 70910-900, Brazil

    João-José Costa-Gondim

Authors
  1. João-Alberto Pincovscy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. João-José Costa-Gondim
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to João-Alberto Pincovscy .

Editor information

Editors and Affiliations

  1. Universidad del País Vasco, Bilbao, Spain

    Marcelo V. Garcia

  2. FISEI, Universidad Técnica de Ambato, Ambato, Ecuador

    Carlos Gordón-Gallegos

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Pincovscy, JA., Costa-Gondim, JJ. (2023). Methodology for Cyber Threat Intelligence with Sensor Integration. In: Garcia, M.V., Gordón-Gallegos, C. (eds) CSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI). CSEI 2022. Lecture Notes in Networks and Systems, vol 678. Springer, Cham. https://doi.org/10.1007/978-3-031-30592-4_2

Download citation

Publish with us

Policies and ethics

Search

Navigation