Analysis of adversary activities using cloud-based web services to enhance cyber threat intelligence

被引:14
作者
Al-Mohannadi, Hamad [1 ]
Awan, Irfan [1 ]
Al Hamar, Jassim [2 ]
机构
[1] Univ Bradford, Sch Elect Engn & Comp Sci, Bradford, W Yorkshire, England
[2] Minist Interior, Doha, State Of Qatar, Qatar
关键词
Threat intelligence; Cyber threat; Honeypots; Cloud services; Log analysis; Elastic Stack;
D O I
10.1007/s11761-019-00285-7
中图分类号
TP39 [计算机的应用];
学科分类号
081203 ; 0835 ;
摘要
The understanding of cyber threats to a network is challenging yet rewarding as it allows an organisation to prevent a potential attack. Numerous efforts have been made to predict cyber threat before they occur. To build a threat intelligence framework, an organisation must understand attack data collected from the network events and analyse them to identify the cyber attack artefacts such as IP address, domain name, tools and techniques, username and password, and geographic location of the attacker, which could be used to understand the nature of attack to a system or network. However, it is very difficult or dangerous to collect and analyse live data from a production system. Honeypot technology is well known for mimicking the real system while collecting actual data that can be in near real time in order to monitor the activities on the network. This paper proposes a threat intelligence approach analysing attack data collected using cloud-based web service in order to support the active threat intelligence.
引用
收藏
页码:175 / 187
页数:13
相关论文
共 37 条
[1]   Understanding Awareness of Cyber Security Threat Among IT Employees [J].
AL-Mohannadi, Hamad ;
Awan, Irfan ;
Al Hamar, Jassim ;
Al Hamar, Yousef ;
Shah, Mohammad ;
Musa, Ahmad .
2018 IEEE 6TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD WORKSHOPS (W-FICLOUD 2018), 2018, :188-192
[2]   Cyber-Attack Modeling Analysis Techniques: An Overview [J].
AL-Mohannadi, Hamad ;
Mirza, Qublai ;
Namanya, Anitta ;
Awan, Irfan ;
Cullen, Andrea ;
Disso, Jules .
2016 IEEE 4TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD WORKSHOPS (FICLOUDW), 2016, :69-76
[3]   A hierarchical hybrid framework for modelling anomalous behaviours [J].
Angiulli, Fabrizio ;
Argento, Luciano ;
Furfaro, Angelo ;
Parise, Andrea .
SIMULATION MODELLING PRACTICE AND THEORY, 2018, 82 :103-115
[4]  
[Anonymous], 2006, ACM SIGOPS OPER SYST, DOI DOI 10.1145/1218063.1217938
[5]  
[Anonymous], 2016, MITRE FRAMEWORK CYBE
[6]  
[Anonymous], 2011, LEADING ISSUES INFOR
[7]  
[Anonymous], 2016, SQRRL FRAMEWORK CYBE
[8]  
Bank of England, 2016, CBEST INTELLIGENCE L
[9]  
Binaco D, 2015, FRAMEWORK CYBER THRE
[10]  
Brown S., 2012, Honeypots in the Cloud