research-article

CyTIME: Cyber Threat Intelligence ManagEment framework for automatically generating security rules

Authors:

Hyoungshick KimAuthors Info & Claims

CFI 2018: Proceedings of the 13th International Conference on Future Internet Technologies

Article No.: 7, Pages 1 - 5

https://doi.org/10.1145/3226052.3226056

Published: 20 June 2018 Publication History

Get Access

Abstract

It is becoming increasingly necessary for organizations to build a Cyber Threat Intelligence (CTI) platform to fight against sophisticated attacks. To reduce the risk of cyber attacks, security administrators and/or analysts can use a CTI platform to aggregate relevant threat information about adversaries, targets and vulnerabilities, analyze it and share key observations from the analysis with collaborators. In this paper, we introduce CyTIME (Cyber Threat Intelligence ManagEment framework) which is a framework for managing CTI data. CyTIME can periodically collect CTI data from external CTI data repositories via standard interfaces such as Trusted Automated Exchange of Indicator Information (TAXII). In addition, CyTIME is designed to automatically generate security rules without human intervention to mitigate discovered new cybersecurity threats in real time. To show the feasibility of CyTIME, we performed experiments to measure the time to complete the task of generating the security rule corresponding to a given CTI data. We used 1,000 different CTI files related to network attacks. Our experiment results demonstrate that CyTIME automatically generates security rules and store them into the internal database within 12.941 seconds on average (max = 13.952, standard deviation = 0.580).

References

[1]

Barnum, S. Standardizing cyber threat intelligence information with the structured threat information expression (stix). The MITRE Corporation (2012), 1--22.

Google Scholar

[2]

Connolly, J., Davidson, M., and Schmidt, C. The trusted automated exchange of indicator information (taxii). The MITRE Corporation (2014), 1--20.

Google Scholar

[3]

Park, W., and Ahn, S. Performance comparison and detection analysis in snort and suricata environment. Wireless Personal Communications 94 (2017), 241--252.

Digital Library

Google Scholar

[4]

Qamar, S., Anwar, Z., Rahman, M. A., Al-Shaer, E., and Chu, B.-T. Data-driven analytics for cyber-threat intelligence and information sharing. Computers & Security 67 (2017), 35--58.

Digital Library

Google Scholar

[5]

Skopik, F., Settanni, G., and Fiedler, R. A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security 60 (2016), 154--176.

Digital Library

Google Scholar

[6]

Wagner, C., Dulaunoy, A., Wagener, G., and Iklody, A. Misp: The design and implementation of a collaborative threat intelligence sharing platform. In Proceedings of the 1st ACM Workshop on Information Sharing and Collaborative Security (2016).

Digital Library

Google Scholar

Cited By

View all

Li ZYu XZhao Y(2024)A Web Semantic Mining Method for Fake Cybersecurity Threat Intelligence in Open Source CommunitiesInternational Journal on Semantic Web and Information Systems10.4018/IJSWIS.35009520:1(1-22)Online publication date: 8-Aug-2024
https://doi.org/10.4018/IJSWIS.350095
Settanni FZamponi ABasile C(2024)Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679397(321-328)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679397
Ling CLiu BXia WHe SJiang ZWang Q(2024)Automated Anti-malware Detection Rules Converter Based on SIMIOC2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580029(1770-1775)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580029
Show More Cited By

Index Terms

CyTIME: Cyber Threat Intelligence ManagEment framework for automatically generating security rules
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems
  2. Network security

Recommendations

Threat led advanced persistent threat penetration test

Cyber security attacks have been on the rise in recent years. One of the most destructive attacks are known as advanced persistent threat (APT) attacks which can inflict massive damages to a network. A common approach of testing the security of an IT ...
On Cyber Threats to Smart Digital Environments
ICSDE'18: Proceedings of the 2nd International Conference on Smart Digital Environment

Cyber threats and attacks have significantly increased in complexity and quantity throughout this past year. In this paper, the top fifteen cyber threats and trends are articulated in detail to provide awareness throughout the community and raising ...
On investigating ARP spoofing security solutions

The address resolution protocol (ARP) has proven to work well under regular circumstances, but it was not designed to cope with malicious hosts. By performing ARP spoofing attacks, a malicious host can either impersonate another host [man-in-the-...

Comments

Information & Contributors

Information

Published In

CFI 2018: Proceedings of the 13th International Conference on Future Internet Technologies

June 2018

40 pages

ISBN:9781450364669

DOI:10.1145/3226052

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

AsiaFI: Asia Future Internet
FIF: Future Internet Forum

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 June 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CFI 2018

CFI 2018: The 13th International Conference on Future Internet Technologies

June 20 - 22, 2018

Seoul, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 29 of 55 submissions, 53%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
562
Total Downloads

Downloads (Last 12 months)59
Downloads (Last 6 weeks)10

Reflects downloads up to 19 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Li ZYu XZhao Y(2024)A Web Semantic Mining Method for Fake Cybersecurity Threat Intelligence in Open Source CommunitiesInternational Journal on Semantic Web and Information Systems10.4018/IJSWIS.35009520:1(1-22)Online publication date: 8-Aug-2024
https://doi.org/10.4018/IJSWIS.350095
Settanni FZamponi ABasile C(2024)Dynamic Security Provisioning for Cloud-Native Networks: An Intent-Based Approach2024 IEEE International Conference on Cyber Security and Resilience (CSR)10.1109/CSR61664.2024.10679397(321-328)Online publication date: 2-Sep-2024
https://doi.org/10.1109/CSR61664.2024.10679397
Ling CLiu BXia WHe SJiang ZWang Q(2024)Automated Anti-malware Detection Rules Converter Based on SIMIOC2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD61410.2024.10580029(1770-1775)Online publication date: 8-May-2024
https://doi.org/10.1109/CSCWD61410.2024.10580029
Allegretta MSiracusano GGonzalez RVallina PGramaglia M(2023)Using CTI Data to Understand Real World Cyberattacks2023 18th Wireless On-Demand Network Systems and Services Conference (WONS)10.23919/WONS57325.2023.10061921(100-103)Online publication date: 30-Jan-2023
https://doi.org/10.23919/WONS57325.2023.10061921
Sachidananda VPatil RPeng HYang LLam K(2023)ThreatLand: Extracting Intelligence from Audit Logs via NLP methods2023 20th Annual International Conference on Privacy, Security and Trust (PST)10.1109/PST58708.2023.10320173(1-6)Online publication date: 21-Aug-2023
https://doi.org/10.1109/PST58708.2023.10320173
Leite CDen Hartog JDos Santos DCostante E(2023)Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents2023 IEEE International Conference on Big Data (BigData)10.1109/BigData59044.2023.10386324(2999-3008)Online publication date: 15-Dec-2023
https://doi.org/10.1109/BigData59044.2023.10386324
Cui BLi JHou W(2023)ATDG: An Automatic Cyber Threat Intelligence Extraction Model of DPCNN and BIGRU Combined with Attention MechanismWeb Information Systems Engineering – WISE 202310.1007/978-981-99-7254-8_15(189-204)Online publication date: 21-Oct-2023
https://doi.org/10.1007/978-981-99-7254-8_15
Pincovscy JCosta-Gondim J(2023)Methodology for Cyber Threat Intelligence with Sensor IntegrationCSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI)10.1007/978-3-031-30592-4_2(14-28)Online publication date: 1-May-2023
https://doi.org/10.1007/978-3-031-30592-4_2
van Haastrecht MGolpur GTzismadia GKab RPriboi CDavid DRăcătăian ABaumgartner LFricker SRuiz JArmas EBrinkhuis MSpruit M(2021)A Shared Cyber Threat Intelligence Solution for SMEsElectronics10.3390/electronics1023291310:23(2913)Online publication date: 24-Nov-2021
https://doi.org/10.3390/electronics10232913
Gazzarata GTroiano EVerderame LAiello MVaccari ICambiaso EMerlo A(2021)FINSTIX: A Cyber-Physical Data Model for Financial Critical InfrastructuresCyber-Physical Security for Critical Infrastructures Protection10.1007/978-3-030-69781-5_4(48-63)Online publication date: 18-Feb-2021
https://doi.org/10.1007/978-3-030-69781-5_4
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Threat led advanced persistent threat penetration test

On Cyber Threats to Smart Digital Environments

On investigating ARP spoofing security solutions

Comments

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Threat led advanced persistent threat penetration test

On Cyber Threats to Smart Digital Environments

On investigating ARP spoofing security solutions

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations