Abstract
We present and illustrate a recursive model which automatically organizes relationships between indicators of compromise (IoC) into richer information sets. It combines insights from natural language processing, supervised clustering, and network analysis to identify relations between IoC and thus to reduce information fragmentation. The quality of this combined information improves with every IoC that is added to the network, so that defenders can generate a more comprehensive and complete picture about a threat almost in real time and at very low transaction cost.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For example, a code syntax could require strings to be opened and closed by the brackets “{” and “}”, so that these reserved characters would have to be filtered.
- 2.
Note that we disregard the feature IoC # in the subsequent analysis since it is collinear to timestamp.
References
Albert, R., & Barabási, A. L. (2002). Statistical mechanics of complex networks. Reviews of Modern Physics, 74(1), 47.
Balduzzi, D., & Tononi, G. (2008). Integrated information in discrete dynamical systems: Motivation and theoretical framework. PLoS Computational Biology, 4(6), e1000091.
Barabási, A. L., & Albert, R. (1999). Emergence of scaling in random networks. Science, 286(5439), 509–512.
Barabási, A. L., & Bonabeau, E. (2003). Scale-free networks. Scientific American, 288(5), 60–69.
Biau, G., & Scornet, E. (2016). A random forest guided tour. TEST, 25(2), 197–227.
Boccaletti, S., Latora, V., Moreno, Y., Chavez, M., & Hwang, D.-U. (2006). Complex networks: Structure and dynamics. Physics Reports, 424, 175–308.
Cambria, E., & White, B. (2014). Jumping NLP curves: A review of natural language processing research. IEEE Computational Intelligence Magazine, 9(2), 48–57.
Cutler, A., Cutler, D. R., & Stevens, J. R. (2012). Random forests. In C. Zhang & Y. Ma (Eds.), Ensemble Machine Learning (pp. 157–175). Boston, MA: Springer.
Engel, D., & Malone, T. W. (2018). Integrated information as a metric for group interaction. PloS One, 13(10), e0205335.
Freeman, L. C. (1978). Centrality in social networks: Conceptual clarification. Social Networks, 1(3), 215–239.
Gillard, S., Percia David, D., Mermoud, A., & Maillart, T. (2022). Efficient collective action for tackling time-critical cybersecurity threats. arXiv:2206.15055
Kokkonen, T., Hautamaki, J., Siltanen, J., & Hamalainen, T. (2016). Model for sharing the information of cyber security situation awareness between organizations. In Proceedings of the IEEE 23rd International Conference on Telecommunications (ICT) (pp. 1–5).
Maimon, O., & Rokach, L. (eds.). (2005). Data mining and knowledge discovery handbook. Springer Science & Business Media.
Miao, J., & Zhu, W. (2022). Precision-recall curve (PRC) classification trees. Evolutionary Intelligence, 15(3), 1545–1569.
Opsahl, T., Agneessens, F., & Skvoretz, J. (2010). Node centrality in weighted networks: Generalizing degree and shortest paths. Social Networks, 32(3), 245–251.
Page, L., Brin, S., Motwani, R., & Winograd, T. (1999). The Pagerank citation ranking: Bringing order to the web. Stanford InfoLab.
Schaeffer, S. (2007). Graph clustering. Computer Science Review, 1(1), 27–64.
Strogatz, S. (2001). Exploring complex networks. Nature, 410(6825), 268–276.
Sun, N., Zhang, J., Rimba, P., Gao, S., Zhang, L. Y., & Xiang, Y. (2019). Data-driven cybersecurity incident prediction: A survey. IEEE Communications Surveys & Tutorials, 21(2), 1744–1772.
Watts, D. J., & Strogatz, S. (1998). Collective dynamics of ‘small-world’ networks. Nature, 393(6684), 440–442.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
1 Electronic supplementary material
Below is the link to the electronic supplementary material.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gillard, S., Aeschlimann, C. (2023). Improving the Effectiveness of Cyberdefense Measures. In: Keupp, M.M. (eds) Cyberdefense. International Series in Operations Research & Management Science, vol 342. Springer, Cham. https://doi.org/10.1007/978-3-031-30191-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-031-30191-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30190-2
Online ISBN: 978-3-031-30191-9
eBook Packages: Business and ManagementBusiness and Management (R0)