The Experts below are selected from a list of 561 Experts worldwide ranked by ideXlab platform
Sagar Samtani - One of the best experts on this subject based on the ideXlab platform.
-
dark net ecosystem Cyber Threat Intelligence cti tool
Intelligence and Security Informatics, 2019Co-Authors: Nolan Arnold, Mohammadreza Ebrahimi, Ning Zhang, Ben Lazarine, Mark Patton, Hsinchun Chen, Sagar SamtaniAbstract:The frequency and costs of Cyber-attacks are increasing each year. By the end of 2019, the total cost of data breaches is expected to reach $2.1 trillion through the ever-growing online presence of enterprises and their consumers. The tools to perform these attacks and the breached data can often be purchased within the Dark-net. Many of the Threat actors within this realm use its various platforms to broker, discuss, and strategize these Cyber-Threat assets. To combat these attacks, researchers are developing Cyber-Threat Intelligence (CTI) tools to proactively monitor the ever-growing online hacker community. This paper will detail the creation and use of a CTI tool that leverages a social network to identify Cyber-Threats across major Dark-net data sources. Through this network, emerging Threats can be quickly identified so proactive or reactive security measures can be implemented.
-
ISI - Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool
2019 IEEE International Conference on Intelligence and Security Informatics (ISI), 2019Co-Authors: Nolan Arnold, Mohammadreza Ebrahimi, Ning Zhang, Ben Lazarine, Mark Patton, Hsinchun Chen, Sagar SamtaniAbstract:The frequency and costs of Cyber-attacks are increasing each year. By the end of 2019, the total cost of data breaches is expected to reach $2.1 trillion through the ever-growing online presence of enterprises and their consumers. The tools to perform these attacks and the breached data can often be purchased within the Dark-net. Many of the Threat actors within this realm use its various platforms to broker, discuss, and strategize these Cyber-Threat assets. To combat these attacks, researchers are developing Cyber-Threat Intelligence (CTI) tools to proactively monitor the ever-growing online hacker community. This paper will detail the creation and use of a CTI tool that leverages a social network to identify Cyber-Threats across major Dark-net data sources. Through this network, emerging Threats can be quickly identified so proactive or reactive security measures can be implemented.
-
Cybersecurity as an Industry: A Cyber Threat Intelligence Perspective
The Palgrave Handbook of International Cybercrime and Cyberdeviance, 2019Co-Authors: Sagar Samtani, Maggie Abate, Victor Benjamin, Weifeng LiAbstract:The rapid integration of information technology has been met with an alarming rate of Cyber-attacks conducted by malicious hackers using sophisticated exploits. Many organizations have aimed to develop timely, relevant, and actionable Cyber Threat Intelligence (CTI) about emerging Threats and key Threat actors to enable effective Cybersecurity decisions. To streamline and create efficient and effective CTI capabilities, many major Cybersecurity companies such as FireEye, Anomali, ThreatConnect, McAfee, CyLance, ZeroFox, and numerous others have aimed to develop CTI platforms, enabling an unprecedented ability to prioritize Threats, pinpoint key Threat actors, understand their tools, techniques, and procedures (TTP), deploy appropriate security controls, and ultimately, improve overall Cybersecurity hygiene. Given the significant benefits of such platforms, our objective for this chapter is to provide a systematic review of existing CTI platforms within industry today. Such a review can offer significant value to academics across multiple disciplines (e.g., sociology, computational linguistics, computer science, information systems, information science, etc.) and industry professionals across public and private sectors. Systematically reviewing existing CTI platforms identified five future possible directions CTI start-ups can explore: (1) shift from reactive to proactive OSINT-based CTI platforms, (2) enhancement of natural language processing (NLP) and text mining capabilities, (3) enhancement of data mining capabilities, (4) further integration of big data and cloud computing technologies, and (5) opportunities and strategies for academia to address identified gaps.
-
ISI - Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018Co-Authors: Ryan Williams, Sagar Samtani, Mark Patton, Hsinchun ChenAbstract:Cyber Threats have emerged as a key societal concern. To counter the growing Threat of Cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to Threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories on-the-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
-
Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018Co-Authors: Ryan Williams, Sagar Samtani, Mark Patton, Hsinchun ChenAbstract:Cyber Threats have emerged as a key societal concern. To counter the growing Threat of Cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to Threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories on-the-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
Hsinchun Chen - One of the best experts on this subject based on the ideXlab platform.
-
dark net ecosystem Cyber Threat Intelligence cti tool
Intelligence and Security Informatics, 2019Co-Authors: Nolan Arnold, Mohammadreza Ebrahimi, Ning Zhang, Ben Lazarine, Mark Patton, Hsinchun Chen, Sagar SamtaniAbstract:The frequency and costs of Cyber-attacks are increasing each year. By the end of 2019, the total cost of data breaches is expected to reach $2.1 trillion through the ever-growing online presence of enterprises and their consumers. The tools to perform these attacks and the breached data can often be purchased within the Dark-net. Many of the Threat actors within this realm use its various platforms to broker, discuss, and strategize these Cyber-Threat assets. To combat these attacks, researchers are developing Cyber-Threat Intelligence (CTI) tools to proactively monitor the ever-growing online hacker community. This paper will detail the creation and use of a CTI tool that leverages a social network to identify Cyber-Threats across major Dark-net data sources. Through this network, emerging Threats can be quickly identified so proactive or reactive security measures can be implemented.
-
ISI - Dark-Net Ecosystem Cyber-Threat Intelligence (CTI) Tool
2019 IEEE International Conference on Intelligence and Security Informatics (ISI), 2019Co-Authors: Nolan Arnold, Mohammadreza Ebrahimi, Ning Zhang, Ben Lazarine, Mark Patton, Hsinchun Chen, Sagar SamtaniAbstract:The frequency and costs of Cyber-attacks are increasing each year. By the end of 2019, the total cost of data breaches is expected to reach $2.1 trillion through the ever-growing online presence of enterprises and their consumers. The tools to perform these attacks and the breached data can often be purchased within the Dark-net. Many of the Threat actors within this realm use its various platforms to broker, discuss, and strategize these Cyber-Threat assets. To combat these attacks, researchers are developing Cyber-Threat Intelligence (CTI) tools to proactively monitor the ever-growing online hacker community. This paper will detail the creation and use of a CTI tool that leverages a social network to identify Cyber-Threats across major Dark-net data sources. Through this network, emerging Threats can be quickly identified so proactive or reactive security measures can be implemented.
-
ISI - Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018Co-Authors: Ryan Williams, Sagar Samtani, Mark Patton, Hsinchun ChenAbstract:Cyber Threats have emerged as a key societal concern. To counter the growing Threat of Cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to Threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories on-the-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
-
Incremental Hacker Forum Exploit Collection and Classification for Proactive Cyber Threat Intelligence: An Exploratory Study
2018 IEEE International Conference on Intelligence and Security Informatics (ISI), 2018Co-Authors: Ryan Williams, Sagar Samtani, Mark Patton, Hsinchun ChenAbstract:Cyber Threats have emerged as a key societal concern. To counter the growing Threat of Cyber-attacks, organizations, in recent years, have begun investing heavily in developing Cyber Threat Intelligence (CTI). Fundamentally a data driven process, many organizations have traditionally collected and analyzed data from internal log files, resulting in reactive CTI. The online hacker community can offer significant proactive CTI value by alerting organizations to Threats they were not previously aware of. Amongst various platforms, forums provide the richest metadata, data permanence, and tens of thousands of freely available Tools, Techniques, and Procedures (TTP). However, forums often employ anti-crawling measures such as authentication, throttling, and obfuscation. Such limitations have restricted many researchers to batch collections. This exploratory study aims to (1) design a novel web crawler augmented with numerous anti-crawling countermeasures to collect hacker exploits on an ongoing basis, (2) employ a state-of-the-art deep learning approach, Long Short-Term Memory (LSTM) Recurrent Neural Network (RNN), to automatically classify exploits into pre-defined categories on-the-fly, and (3) develop interactive visualizations enabling CTI practitioners and researchers to explore collected exploits for proactive, timely CTI. The results of this study indicate, among other findings, that system and network exploits are shared significantly more than other exploit types.
-
exploring emerging hacker assets and key hackers for proactive Cyber Threat Intelligence
Journal of Management Information Systems, 2017Co-Authors: Sagar Samtani, Hsinchun Chen, Ryan Chinn, Jay F NunamakerAbstract:AbstractCyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many companies rely on Cyber Threat Intelligence (CTI), or Threat Intelligence related to computers, networks, and information technology (IT). However, CTI traditionally analyzes attacks after they have already happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to develop proactive CTI by better understanding the Threats present in hacker communities. This study contributes a novel CTI framework by leveraging an automated and principled web, data, and text mining approach to collect and analyze vast amounts of malicious hacker tools directly from large, international underground hacker communities. By using this framework, we identified many freely available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools may have been the cause of recent breaches against organizations such as the Office of Personnel Manag...
Gunther Pernul - One of the best experts on this subject based on the ideXlab platform.
-
Measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’être of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
-
measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’etre of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
-
unifying Cyber Threat Intelligence
Trust and Privacy in Digital Business, 2019Co-Authors: Florian Menges, Christine Sperl, Gunther PernulAbstract:The Threat landscape and the associated number of IT security incidents are constantly increasing. In order to address this problem, a trend towards cooperative approaches and the exchange of information on security incidents has been developing over recent years. Today, several different data formats with varying properties are available that allow to structure and describe incidents as well as Cyber Threat Intelligence (CTI) information. Observed differences in data formats implicate problems in regard to consistent understanding and compatibility. This ultimately builds a barrier for efficient information exchange. Moreover, a common definition for the components of CTI formats is missing. In order to improve this situation, this work presents an approach for the description and unification of these formats. Therefore, we propose a model that describes the elementary properties as well as a common notation for entities within CTI formats. In addition, we develop a unified model to show the results of our work, to improve the understanding of CTI data formats and to discuss possible future research directions.
-
TrustBus - Unifying Cyber Threat Intelligence.
Trust Privacy and Security in Digital Business, 2019Co-Authors: Florian Menges, Christine Sperl, Gunther PernulAbstract:The Threat landscape and the associated number of IT security incidents are constantly increasing. In order to address this problem, a trend towards cooperative approaches and the exchange of information on security incidents has been developing over recent years. Today, several different data formats with varying properties are available that allow to structure and describe incidents as well as Cyber Threat Intelligence (CTI) information. Observed differences in data formats implicate problems in regard to consistent understanding and compatibility. This ultimately builds a barrier for efficient information exchange. Moreover, a common definition for the components of CTI formats is missing. In order to improve this situation, this work presents an approach for the description and unification of these formats. Therefore, we propose a model that describes the elementary properties as well as a common notation for entities within CTI formats. In addition, we develop a unified model to show the results of our work, to improve the understanding of CTI data formats and to discuss possible future research directions.
-
Graph-based visual analytics for Cyber Threat Intelligence
Cybersecurity, 2018Co-Authors: Fabian Böhm, Florian Menges, Gunther PernulAbstract:The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter Cyber Threats. To enable cooperation in detecting and preventing attacks it is an inevitable necessity to have structured and standardized formats to describe an incident. Corresponding formats are complex and of an extensive nature as they are often designed for automated processing and exchange. These characteristics hamper the readability and, therefore, prevent humans from understanding the documented incident. This is a major problem since the success and effectiveness of any security measure rely heavily on the contribution of security experts. To meet these shortcomings we propose a visual analytics concept enabling security experts to analyze and enrich semi-structured Cyber Threat Intelligence information. Our approach combines an innovative way of persisting this data with an interactive visualization component to analyze and edit the Threat information. We demonstrate the feasibility of our concept using the Structured Threat Information eXpression, the state-of-the-art format for reporting Cyber security issues.
Daniel Schlette - One of the best experts on this subject based on the ideXlab platform.
-
Measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’être of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
-
measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’etre of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
Fabian Böhm - One of the best experts on this subject based on the ideXlab platform.
-
Measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’être of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
-
measuring and visualizing Cyber Threat Intelligence quality
International Journal of Information Security, 2020Co-Authors: Daniel Schlette, Fabian Böhm, Marco Caselli, Gunther PernulAbstract:The very raison d’etre of Cyber Threat Intelligence (CTI) is to provide meaningful knowledge about Cyber security Threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated Threat Intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against Cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing Threat Intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
-
Graph-based visual analytics for Cyber Threat Intelligence
Cybersecurity, 2018Co-Authors: Fabian Böhm, Florian Menges, Gunther PernulAbstract:The ever-increasing amount of major security incidents has led to an emerging interest in cooperative approaches to encounter Cyber Threats. To enable cooperation in detecting and preventing attacks it is an inevitable necessity to have structured and standardized formats to describe an incident. Corresponding formats are complex and of an extensive nature as they are often designed for automated processing and exchange. These characteristics hamper the readability and, therefore, prevent humans from understanding the documented incident. This is a major problem since the success and effectiveness of any security measure rely heavily on the contribution of security experts. To meet these shortcomings we propose a visual analytics concept enabling security experts to analyze and enrich semi-structured Cyber Threat Intelligence information. Our approach combines an innovative way of persisting this data with an interactive visualization component to analyze and edit the Threat information. We demonstrate the feasibility of our concept using the Structured Threat Information eXpression, the state-of-the-art format for reporting Cyber security issues.
