research-article

From Cyber Security Information Sharing to Threat Management

Authors:
Sarah Brown

Fox-IT, Delft, Netherlands

Fox-IT, Delft, Netherlands
View Profile

,
Joep Gommers

Intelworks, Amsterdam, Netherlands

Intelworks, Amsterdam, Netherlands
View Profile

,
Oscar Serrano

NCI Agency, The Hague, Netherlands

NCI Agency, The Hague, Netherlands
View Profile

WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative SecurityOctober 2015Pages 43–49https://doi.org/10.1145/2808128.2808133

Published:12 October 2015Publication History

WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security

Pages 43–49

ABSTRACT

Across the world, organizations have teams gathering threat data to protect themselves from incoming cyber attacks and maintain a strong cyber security posture. Teams are also sharing information, because along with the data collected internally, organizations need external information to have a comprehensive view of the threat landscape. The information about cyber threats comes from a variety of sources, including sharing communities, open-source and commercial sources, and it spans many different levels and timescales. Immediately actionable information are often low-level indicators of compromise, such as known malware hash values or command-and-control IP addresses, where an actionable response can be executed automatically by a system. Threat intelligence refers to more complex cyber threat information that has been acquired or inferred through the analysis of existing information. Information such as the different malware families used over time with an attack or the network of threat actors involved in an attack, is valuable information and can be vital to understanding and predicting attacks, threat developments, as well as informing law enforcement investigations. This information is also actionable, but on a longer time scale. Moreover, it requires action and decision-making at the human level. There is a need for effective intelligence management platforms to facilitate the generation, refinement, and vetting of data, post sharing. In designing such a system, some of the key challenges that exist include: working with multiple intelligence sources, combining and enriching data for greater intelligence, determining intelligence relevance based on technical constructs, and organizational input, delivery into organizational workflows and into technological products. This paper discusses these challenges encountered and summarizes the community requirements and expectations for an all-encompassing Threat Intelligence Management Platform. The requirements expressed in this paper, when implemented, will serve as building blocks to create systems that can maximize value out of a set of collected intelligence and translate those findings into action for a broad range of stakeholders.

References

Allen, J. and Lehrer, N. 1992. DARPA/Rome Laboratory Planning and Scheduling Initiative Knowledge Representation Specification Language (KRSL), Version 2.0.1 Reference Manual. ISX Corporation.Google Scholar
Aziz, A. System and method of detecting malicious traffic while reducing false positives. US8776229 B1.Google Scholar
Bonifacio, M. et al. 2004. Peer-Mediated Distributed Knowledge Management. Agent-Mediated Knowledge Management. L. van Elst et al., eds. Springer Berlin Heidelberg. 31--47.Google Scholar
Burger, E.W. et al. 2014. Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies. Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (New York, NY, USA, 2014), 51--60. Google ScholarDigital Library
Clark, R.M. 2004. Intelligence Analysis: A Target-centric Approach. CQ Press.Google Scholar
Dandurand, L. and Serrano, O.S. 2013. Towards improved cyber security information sharing. Cyber Conflict (CyCon), 2013 5th International Conference on (Jun. 2013), 1--16.Google Scholar
Edwards, C. et al. System and method of data collection, processing, analysis, and annotation for monitoring cyber-threats and the notification thereof to subscribers. US 20020038430 A1.Google Scholar
Ehrig, M. et al. 2003. SWAP: Ontology-based Knowledge Management with Peer-to-Peer Technology.Google Scholar
Fransen, F. et al. 2015. Cyber security information exchange to gain insight into the effects of cyber threats and incidents. e & i Elektrotechnik und Informationstechnik. 132, 2 (2015), 106--112.Google Scholar
Fulton, J.A. 1992. Technical report on the semantic unification meta-model. Standards working document ISO TC184/SC4/WG3 N103. IGES/PDES Organization, Dictionary/Methodology Committee.Google Scholar
Gruber, T.R. 1995. Toward principles for the design of ontologies used for knowledge sharing? International Journal of Human-Computer Studies. 43, 5-6 (Nov. 1995), 907--928. Google ScholarDigital Library
INFOSEC Research Council 2006. Hard Problems List. Cyber Security and Information Assurance Interagency Working Group (CSIA IWG).Google Scholar
Kalfoglou, Y. and Schorlemmer, M. 2003. Ontology Mapping: The State of the Art. The knowledge engineering review. 18, 1 (2003), 1--31. Google ScholarDigital Library
Kampanakis, P. 2014. Security Automation and Threat Information-Sharing Options. Security Privacy, IEEE. 12, 5 (Sep. 2014), 42--51.Google Scholar
Serrano, O. et al. 2014. On the Design of a Cyber Security Data Sharing System. Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security (New York, NY, USA, 2014), 61--69. Google ScholarDigital Library
Sommer, R. and Paxson, V. 2010. Outside the closed world: On using machine learning for network intrusion detection. Security and Privacy (SP), 2010 IEEE Symposium on (2010), 305--316. Google ScholarDigital Library
2014. Standards and tools for exchange and processing of actionable information. ENISA -- European Union Agency for Network and Information Security.Google Scholar

Index Terms

From Cyber Security Information Sharing to Threat Management

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Read More
A Summary of the Development of Cyber Security Threat Intelligence Sharing

In recent years, the sharing of cybersecurity threat intelligence (hereinafter referred to as threat intelligence) has received increasing attention from national network security management organizations and network security enterprises. Academia and ...
Read More
From information security to cyber security

The term cyber security is often used interchangeably with the term information security. This paper argues that, although there is a substantial overlap between cyber security and information security, these two concepts are not totally analogous. ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security
October 2015
84 pages
ISBN:9781450338226
DOI:10.1145/2808128
General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Tomas Sander
HP, USA
,
Moti Yung
Columbia University and Google, USA
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 12 October 2015
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
cyber security
data sharing
threat intelligence
Qualifiers
- research-article
Conference

Acceptance Rates
WISCS '15 Paper Acceptance Rate6of16submissions,38%Overall Acceptance Rate23of58submissions,40%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 57
  Total Citations
  View Citations
- 2,431
  Total Downloads
- Downloads (Last 12 months)216
- Downloads (Last 6 weeks)39
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

From Cyber Security Information Sharing to Threat Management

WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security

ABSTRACT

References

Cited By

Index Terms

Recommendations

Government regulations in cyber security: Framework, standards and recommendations

A Summary of the Development of Cyber Security Threat Intelligence Sharing

From information security to cyber security