Contextualized Filtering for Shared Cyber Threat Information

被引:2
|
作者
Dimitriadis, Athanasios [1 ,2 ]
Prassas, Christos [1 ]
Flores, Jose Luis [3 ]
Kulvatunyou, Boonserm [4 ]
Ivezic, Nenad [4 ]
Gritzalis, Dimitris A. [5 ]
Mavridis, Ioannis K. [1 ]
机构
[1] Univ Macedonia, Dept Appl Informat, 156 Egnatia Str, Thessaloniki 54636, Greece
[2] NIST, Engn Lab, 100 Bur Dr, Gaithersburg, MD 20899 USA
[3] Basque Res & Technol Alliance BRTA, IKERLAN Technol Res Ctr, Ind Cybersecur, PJM Arizmendiarrieta 2, Arrasate Mondragon 20500, Spain
[4] NIST, Engn Lab, 100 Bur Dr, Gaithersburg, MD 20899 USA
[5] Athens Univ Econ & Business AUEB, Dept Informat, Athens 10434, Greece
关键词
cyber threat information sharing; actionable threat information; filtering; business process context; INTELLIGENCE;
D O I
10.3390/s21144890
中图分类号
O65 [分析化学];
学科分类号
070302 ; 081704 ;
摘要
Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-the-art in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.
引用
收藏
页数:17
相关论文
共 50 条
  • [41] Representing contextualized information in the NSDL
    Lagoze, Carl
    Krafft, Dean
    Cornwell, Tim
    Eckstrom, Dean
    Jesuroga, Susan
    Wilper, Chris
    RESEARCH AND ADVANCED TECHNOLOGY FOR DIGITAL LIBRARIES, 2006, 4172 : 329 - 340
  • [42] Quantifying Degree of Cyber Bullying Using Level of Information Shared and Associated Trust
    Mishra, Manish Kumar
    Kumar, Sumit
    Vaish, Abhishek
    Prakash, Satya
    2015 ANNUAL IEEE INDIA CONFERENCE (INDICON), 2015,
  • [43] Beating back the cyber threat
    Fowler, David
    Engineer, 2018, 298 (7895): : 34 - 35
  • [44] Limits to a cyber-threat
    Emerson, R. Guy
    CONTEMPORARY POLITICS, 2016, 22 (02) : 178 - 196
  • [45] Defending against the cyber threat
    Zolfagharifard, Ellie
    Engineer, 2010, 1-NOVEMBER
  • [46] Cyber-security threat
    Klebba, Jesse
    CHEMISTRY & INDUSTRY, 2017, 81 (10) : 9 - 9
  • [47] Modeling Cyber Threat Intelligence
    Bromander, Siri
    Swimmer, Morton
    Eian, Martin
    Skjotskift, Geir
    Borg, Fredrik
    ICISSP: PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2020, : 273 - 280
  • [48] Is jihadism a cyber-threat?
    Torres Soriano, Manuel R.
    REVISTA DE OCCIDENTE, 2015, (406) : 20 - 34
  • [49] Cyber Threat Intelligence 101
    Dror-John Röcher
    Datenschutz und Datensicherheit - DuD, 2018, 42 (10) : 623 - 628
  • [50] Cyber Threat Intelligence for "Things"
    Wagner, Thomas D.
    2019 INTERNATIONAL CONFERENCE ON CYBER SITUATIONAL AWARENESS, DATA ANALYTICS AND ASSESSMENT (CYBER SA), 2019,