Contextualized Filtering for Shared Cyber Threat Information

被引:2
|
作者
Dimitriadis, Athanasios [1 ,2 ]
Prassas, Christos [1 ]
Flores, Jose Luis [3 ]
Kulvatunyou, Boonserm [4 ]
Ivezic, Nenad [4 ]
Gritzalis, Dimitris A. [5 ]
Mavridis, Ioannis K. [1 ]
机构
[1] Univ Macedonia, Dept Appl Informat, 156 Egnatia Str, Thessaloniki 54636, Greece
[2] NIST, Engn Lab, 100 Bur Dr, Gaithersburg, MD 20899 USA
[3] Basque Res & Technol Alliance BRTA, IKERLAN Technol Res Ctr, Ind Cybersecur, PJM Arizmendiarrieta 2, Arrasate Mondragon 20500, Spain
[4] NIST, Engn Lab, 100 Bur Dr, Gaithersburg, MD 20899 USA
[5] Athens Univ Econ & Business AUEB, Dept Informat, Athens 10434, Greece
关键词
cyber threat information sharing; actionable threat information; filtering; business process context; INTELLIGENCE;
D O I
10.3390/s21144890
中图分类号
O65 [分析化学];
学科分类号
070302 ; 081704 ;
摘要
Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.
引用
收藏
页数:17
相关论文
共 50 条
  • [31] Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions
    Kessler, Gary C.
    JOURNAL OF DIGITAL FORENSICS SECURITY AND LAW, 2009, 4 (03) : 57 - 59
  • [32] Tackling the cyber threat
    Bouhdada, Jalal
    NUCLEAR ENGINEERING INTERNATIONAL, 2017, 62 (759): : 26 - 26
  • [33] The cyber threat landscape
    Sutton, Martin
    Journal of the Institute of Telecommunications Professionals, 2020, 14 : 30 - 35
  • [34] Cyber-Security and Threat Politics: US Efforts to Secure the Information Age
    Deibert, Ronald J.
    INTERNATIONAL STUDIES REVIEW, 2009, 11 (02) : 373 - 375
  • [35] Cyber Threat Information Classification and Life Cycle Management using Smart Contracts
    Graf, Roman
    King, Ross
    ICISSP: PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2018, : 304 - 311
  • [36] An Evolutionary Game-Theoretic Framework for Cyber-threat Information Sharing
    Tosh, Deepak
    Sengupta, Shamik
    Kamhoua, Charles
    Kwiat, Kevin
    Martin, Andrew
    2015 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2015, : 7341 - 7346
  • [37] Robust Cyber-threat and Vulnerability Information Analyzer for Dynamic Risk Assessment
    Malik, Adeel A.
    Tosh, Deepak K.
    2021 IEEE INTERNATIONAL MEDITERRANEAN CONFERENCE ON COMMUNICATIONS AND NETWORKING (IEEE MEDITCOM 2021), 2021, : 168 - 173
  • [38] Data-driven analytics for cyber-threat intelligence and information sharing
    Qamar, Sara
    Anwar, Zahid
    Rahman, Mohammad Ashiqur
    Al-Shaer, Ehab
    Chu, Bei-Tseng
    COMPUTERS & SECURITY, 2017, 67 : 35 - 58
  • [39] Evaluation and Enhancement of the Actionability of Publicly Available Cyber Threat Information in Digital Forensics
    Dimitriadis, Athanasios
    Lontzetidis, Efstratios
    Mavridis, Ioannis
    PROCEEDINGS OF THE 2021 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR), 2021, : 318 - 323
  • [40] Emojis and Law: contextualized flexibility of meaning in cyber communication
    Wagner, Anne
    Marusek, Sarah
    Yu, Wei
    SOCIAL SEMIOTICS, 2020, 30 (03) : 396 - 414