Cyber threat intelligence sharing technologies and threat sharing model using blockchain

Download
2021-5-7
Özdemir, Ahmet
Against the measures taken, the nature of the threats in the cyber environment is evolving day by day. While script kiddie made amateur cyber attacks were usually experienced beforehand, more sophisticated and targeted attacks are frequently encountered nowadays. Besides that, commonly used signature based techniques for attack detection and threat information staying within organization is insufficient for dynamically changing, organized and targeted threats. Furthermore, with the advance of new technology, computer networks are growing, the number and variety of interconnected devices are increasing and as a consequence attack surface is expanding. As a result, it does not seem possible to reduce all of the vulnerabilities that we encounter. From now on, cyber attack is not a matter of ‘if’, but it is a matter of ‘when’. In order to detect complex attacks one of the newly developed approaches is cyber threat intelligence sharing. Threat intelligence is evidence-based knowledge about threat and assists to decide. It has no value if it is not disseminated though. Organizations can increase situational awareness about targeted cyber threats by sharing internal cyber threat information with trusted partners and integrating external cyber threat information with their security systems in real-time basis. However, common language that allows automation at identification and sharing of threat information is crucial for timely intervention. To that end, various standards are being developed by many organizations and companies. In this study, standards and tools developed for the representation and sharing of threat information are compared, and new threat sharing model is developed using a permissioned blockchain.

Suggestions

Citadel: Cyber threat intelligence assisted defense system for software-defined networks
Yürekten, Özgür; Demirci, Mehmet (2021-05-22)
Defending networks is becoming more challenging due to the growing number and variety of cyber threats. On the other hand, network security professionals have new technologies and tools at their disposal. This paper focuses on a few of these technologies and investigates new ways to take advantage of them. To this end, we present Citadel, a novel security system utilizing cyber threat intelligence (CTI) to construct automated defense solutions in software-defined networking (SDN) environments. Citadel also ...
Challenges of countering cyber terrorism in the hybrid war contexts
Tanrısever, Oktay Fırat (null; 2019-10-15)
This conference paper seeks to explore the characteristics of cyber terrorism and challenges of countering cyber terrorism in the hybrid war contexts. This conference paper also intends to highlight the difficulties of coping with the terrorist uses of the cyber space and social media when the perpetrators of cyber terrorist acts remain anonymous and the parties of hybrid warfare adhere to the principle of deniability constantly The conference paper puts forward the argument that the concept of cyber terror...
Anomaly-Based Intrusion Detection by Machine Learning: A Case Study on Probing Attacks to an Institutional Network
Tufan, Emrah; Tezcan, Cihangir; Acartürk, Cengiz (2021-01-01)
Cyber attacks constitute a significant threat to organizations with implications ranging from economic, reputational, and legal consequences. As cybercriminals' techniques get sophisticated, information security professionals face a more significant challenge to protecting information systems. In today's interconnected realm of computer systems, each attack vector has a network dimension. The present study investigates network intrusion attempts with anomaly-based machine learning models to provide better p...
Cyber bullying: A new face of peer bullying
Erdur Baker, Özgür (2007-03-01)
Problem Statement: Information and communication technologies provide a wide range of benefits for schools but it comes with a cost: Cyber bullying (also called electronic bullying) as a new form of bullying has emerged from the misuse of those technologies. Although cyber bullying has been a growing concern in several countries, research substantiating this concern is limited.
Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm
Cakmakci, Salva Daneshgadeh; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (Elsevier BV, 2020-10-01)
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks....
Citation Formats
A. Özdemir, “Cyber threat intelligence sharing technologies and threat sharing model using blockchain,” M.S. - Master of Science, Middle East Technical University, 2021.