A Feature-driven Method for Automating the Assessment of OSINT Cyber Threat Sources. Issue 113 (February 2022)
- Record Type:
- Journal Article
- Title:
- A Feature-driven Method for Automating the Assessment of OSINT Cyber Threat Sources. Issue 113 (February 2022)
- Main Title:
- A Feature-driven Method for Automating the Assessment of OSINT Cyber Threat Sources
- Authors:
- Tundis, Andrea
Ruppert, Samuel
Mühlhäuser, Max - Abstract:
- Abstract: Global malware campaigns and large-scale data breaches show how everyday life can be impacted when the defensive measures fail to protect computer systems from cyber threats. Understanding the threat landscape and the adversaries' attack tactics to perform it represent key factors for enabling an efficient defense against threats over the time. Of particular importance is the acquisition of timely and accurate information from threats intelligence sources available on the web which can provide additional intelligence on emerging threats even before they can be observed as actual attacks. Currently, specific indicators of compromise (e.g. IP addresses, domains, hashsums of malicious files) are shared in a semi-automated and structured way via so-called threat feeds. Unfortunately, current systems have to deal with the trade-off between the timeliness of such an alert (i.e. warning at the first mention of a threat) and the need to wait for verification by other sources (i.e. warning after multiple sources have verified the threat). In addition, due to the increasing number of open sources, it is challenging to find the right balance between feasibility and costs in order to identify a relatively small subset of valuable sources. In this paper, a method to automate the assessment of cyber threat intelligence sources and predict a relevance score for each source is proposed. Specifically, a model based on meta-data and word embedding is defined and experimented byAbstract: Global malware campaigns and large-scale data breaches show how everyday life can be impacted when the defensive measures fail to protect computer systems from cyber threats. Understanding the threat landscape and the adversaries' attack tactics to perform it represent key factors for enabling an efficient defense against threats over the time. Of particular importance is the acquisition of timely and accurate information from threats intelligence sources available on the web which can provide additional intelligence on emerging threats even before they can be observed as actual attacks. Currently, specific indicators of compromise (e.g. IP addresses, domains, hashsums of malicious files) are shared in a semi-automated and structured way via so-called threat feeds. Unfortunately, current systems have to deal with the trade-off between the timeliness of such an alert (i.e. warning at the first mention of a threat) and the need to wait for verification by other sources (i.e. warning after multiple sources have verified the threat). In addition, due to the increasing number of open sources, it is challenging to find the right balance between feasibility and costs in order to identify a relatively small subset of valuable sources. In this paper, a method to automate the assessment of cyber threat intelligence sources and predict a relevance score for each source is proposed. Specifically, a model based on meta-data and word embedding is defined and experimented by training regression models to predict the relevance score of sources on Twitter. The results evaluation show that the assigned score allows to reduce the waiting time for intelligence verification, on the basis of its relevance, thus improving the time advantage of early threat detection. … (more)
- Is Part Of:
- Computers & security. Issue 113(2022)
- Journal:
- Computers & security
- Issue:
- Issue 113(2022)
- Issue Display:
- Volume 113, Issue 113 (2022)
- Year:
- 2022
- Volume:
- 113
- Issue:
- 113
- Issue Sort Value:
- 2022-0113-0113-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-02
- Subjects:
- Open source cyber threat intelligence -- Cybersecurity -- Machine learning -- Feature engineering -- Twitter
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2021.102576 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20434.xml