Abstract
Cyber Threat sharing helps with defending against cyber attacks in a timely manner. Many frameworks have been proposed for CTI sharing such as Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII). However, CTI sharing in a controlled and automated manner is critical. In this paper, we demonstrate Relationship Based Access Control (ReBAC) as an appropriate model for CTI sharing. We also develop an approach for automated threat detection, generation and sharing of structured CTI and taking course of actions to mitigate cyber threats. Finally, we implement an Automated Cyber Defense System in a cloud based environment.
Similar content being viewed by others
Notes
Course of Action. https://oasis-open.github.io/cti-documentation/stix/intro, accessed: 2019-07-08
Stix : A structured language for cyber threat intelligence. https://oasis-open.github.io/cti-documentation/, accessed: 2019-07-01
Oasis cyber threat intelligence (cti) tc. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti, accessed: 2019-07-09
Stix : A structured language for cyber threat intelligence. https://oasis-open.github.io/cti-documentation/, accessed: 2019-07-01
Oasis cyber threat intelligence (cti) tc. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti, accessed: 2019-07-09
CACAO: a future for collaborative cybersecurity course of action. https://www.lookingglasscyber.com/blog/cacao-a-future-for-collaborative-cybersecurity-course-of-action/, accessed: 2020-03-10, OASIS Collaborative Automated Course of Action Operations (CACAO) for Cyber Security TC. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cacao, accessed: 2020-03-10
Ceilometer. https://www.openstack.org/software/releases/ussuri/components/ceilometer, accessed: 2019-07-01
Confidentiality, Integrity, Availability: The three components of the CIA Triad. https://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/https://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/, accessed: 2019-08-13
References
Abdelsalam, M., Krishnan, R., Huang, Y., & Sandhu, R. (2018). Malware detection in cloud infrastructures using convolutional neural networks. In 2018 IEEE 11th International conference on cloud computing (CLOUD) (pp. 162–169): IEEE.
Barnum, S. (2012). Standardizing cyber threat intelligence information with the structured threat information expression (stix). Mitre Corporation, 11, 1–22.
Bohnert, T., & Monteiro, E. (2005). A comment on simulating lrd traffic with Pareto on/off sources. In Proceedings of the 2005 ACM conference on Emerging network experiment and technology (pp. 228–229).
Burden, K., & Palmer, C. (2003). Internet crime: Cyber crime—a new breed of criminal? Computer Law & Security Review, 19(3), 222–227.
Chaabane, A., Acs, G., Kaafar, M.A., & et al. (2012). You are what you like! information leakage through users’ interests. In Proceedings of the 19th annual network & distributed system security symposium (NDSS). Citeseer.
Cheng, Y., Park, J., & Sandhu, R. (2012). A user-to-user relationship-based access control model for online social networks. In IFIP Annual conference on data and applications security and privacy (pp. 8–24): Springer.
Connolly, J., Davidson, M., & Schmidt, C. (2014). The trusted automated exchange of indicator information (taxii). The MITRE Corporation, 1–20.
Crampton, J., & Sellwood, J. (2014). Path conditions and principal matching: a new approach to access control. In Proceedings of the 19th ACM symposium on access control models and technologies (pp. 187–198): ACM.
Debar, H., Becker, M., & Siboni, D. (1992). A neural network component for an intrusion detection system. In null (p. 240): IEEE.
Elliott, A., & Knight, S. (2010). Role explosion: acknowledging the problem. In Software Engineering research and practice (pp. 349–355).
Fong, P.W. (2011). Relationship-based access control: protection model and policy language. In Proceedings of the first ACM conference on Data and application security and privacy (pp. 191–202): ACM.
Garton, L., Haythornthwaite, C., & Wellman, B. (1997). Studying online social networks. Journal of Computer-Mediated Communication, 3(1), JCMC313.
Gates, C. (2007). Access control requirements for web 2.0 security and privacy. IEEE Web, 2(0).
Haass, J.C., Ahn, G.J., & Grimmelmann, F. (2015). Actra: a case study for threat information sharing. In Proceedings of the 2nd ACM workshop on information sharing and collaborative security (pp. 23–26): ACM.
Haque, M.F., & Krishnan, R. (2019). Toward relationship based access control for secure sharing of structured cyber threat intelligence. In International conference on secure knowledge management in artificial intelligence era (pp. 21–37): Springer.
Hartigan, J.A., & Wong, M.A. (1979). Algorithm as 136: a k-means clustering algorithm. Journal of the Royal Statistical Society. Series C (Applied Statistics), 28(1), 100–108.
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F., & Voas, J. (2015). Attribute-based access control. Computer, 48(2), 85–88.
Iannacone, M.D., Bohn, S., Nakamura, G., Gerth, J., Huffer, K.M., Bridges, R.A., Ferragut, E.M., & Goodall, J.R. (2015). Developing an ontology for cyber security knowledge graphs. CISR, 15, 12.
Jagatic, T.N., Johnson, N.A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94– 100.
Johnson, C., Badger, M., Waltermire, D., Snyder, J., & Skorupka, C. (2016). Guide to cyber threat information sharing. Tech. rep., National Institute of Standards and Technology.
Lane, J., Stodden, V., Bender, S., & Nissenbaum, H. (2014). Privacy, big data, and the public good: frameworks for engagement. Cambridge University Press.
Li, H., & Liu, D. (2010). Research on intelligent intrusion prevention system based on snort. In 2010 International conference on computer, mechatronics, control and electronic engineering, (Vol. 1 pp. 251–253): IEEE.
Liao, H.J., Lin, C.H.R., Lin, Y.C., & Tung, K.Y. (2013). Intrusion detection system: a comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24.
Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security, 2016 (10), 8–17.
Meadows, C.A. (1996). Analyzing the Needham-Schroeder public key protocol: a comparison of two approaches. In European symposium on research in computer security (pp. 351–364): Springer.
Pandove, K., Jindal, A., & Kumar, R. (2010). Email spoofing. International Journal of Computer Applications, 5(1), 27– 30.
Sandhu, R.S., & Samarati, P. (1994). Access control: principle and practice. IEEE Communications Magazine, 32(9), 40– 48.
Syed, Z., Padia, A., Finin, T., Mathews, L., & Joshi, A. (2016). Uco: a unified cybersecurity ontology. In Workshops at the thirtieth AAAI conference on artificial intelligence.
Thornburgh, T. (2004). Social engineering: the dark art. In Proceedings of the 1st annual conference on information security curriculum development (pp. 133–135): ACM.
Acknowledgements
This work is partially supported by DoD ARO Grant W911NF-15-1-0518, NSF CREST Grant HRD-1736209 and NSF CAREER Grant CNS-1553696.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Haque, M.F., Krishnan, R. Toward Automated Cyber Defense with Secure Sharing of Structured Cyber Threat Intelligence. Inf Syst Front 23, 883–896 (2021). https://doi.org/10.1007/s10796-020-10103-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-020-10103-7