Mining Threat Intelligence about Open-Source Projects and Libraries from Code Repository Issues and Bug Reports

Open-Source Projects and Libraries are being used in software development while also bearing multiple security vulnerabilities. This use of third party ecosystem creates a new kind of attack surface for a product in development. An intelligent attacker can attack a product by exploiting one of the vulnerabilities present in linked projects and libraries. In this paper, we mine threat intelligence about open source projects and libraries from bugs and issues reported on public code repositories. We also track library and project dependencies for installed software on a client machine. We represent and store this threat intelligence, along with the software dependencies in a security knowledge graph. Security analysts and developers can then query and receive alerts from the knowledge graph if any threat intelligence is found about linked libraries and projects, utilized in their products

Security Management Framework for the Internet of Things

The increase in the design and development of wireless communication technologies offers multiple opportunities for the management and control of cyber-physical systems with connections between smart and autonomous devices, which provide the delivery of simplified data through the use of cloud computing. Given this relationship with the Internet of Things (IoT), it established the concept of pervasive computing that allows any object to communicate with services, sensors, people, and objects without human intervention. However, the rapid growth of connectivity with smart applications through autonomous systems connected to the internet has allowed the exposure of numerous vulnerabilities in IoT systems by malicious users. This dissertation developed a novel ontology-based cybersecurity framework to improve security in IoT systems using an ontological analysis to adapt appropriate security services addressed to threats. The composition of this proposal explores two approaches: (1) design time, which offers a dynamic method to build security services through the application of a methodology directed to models considering existing business processes; and (2) execution time, which involves monitoring the IoT environment, classifying vulnerabilities and threats, and acting in the environment, ensuring the correct adaptation of existing services. The validation approach was used to demonstrate the feasibility of implementing the proposed cybersecurity framework. It implies the evaluation of the ontology to offer a qualitative evaluation based on the analysis of several criteria and also a proof of concept implemented and tested using specific industrial scenarios. This dissertation has been verified by adopting a methodology that follows the acceptance in the research community through technical validation in the application of the concept in an industrial setting.O aumento no projeto e desenvolvimento de tecnologias de comunicação sem fio oferece múltiplas oportunidades para a gestão e controle de sistemas ciber-físicos com conexões entre dispositivos inteligentes e autônomos, os quais proporcionam a entrega de dados simplificados através do uso da computação em nuvem. Diante dessa relação com a Internet das Coisas (IoT) estabeleceu-se o conceito de computação pervasiva que permite que qualquer objeto possa comunicar com os serviços, sensores, pessoas e objetos sem intervenção humana. Entretanto, o rápido crescimento da conectividade com as aplicações inteligentes através de sistemas autônomos conectados com a internet permitiu a exposição de inúmeras vulnerabilidades dos sistemas IoT para usuários maliciosos. Esta dissertação desenvolveu um novo framework de cibersegurança baseada em ontologia para melhorar a segurança em sistemas IoT usando uma análise ontológica para a adaptação de serviços de segurança apropriados endereçados para as ameaças. A composição dessa proposta explora duas abordagens: (1) tempo de projeto, o qual oferece um método dinâmico para construir serviços de segurança através da aplicação de uma metodologia dirigida a modelos, considerando processos empresariais existentes; e (2) tempo de execução, o qual envolve o monitoramento do ambiente IoT, a classificação de vulnerabilidades e ameaças, e a atuação no ambiente garantindo a correta adaptação dos serviços existentes. Duas abordagens de validação foram utilizadas para demonstrar a viabilidade da implementação do framework de cibersegurança proposto. Isto implica na avaliação da ontologia para oferecer uma avaliação qualitativa baseada na análise de diversos critérios e também uma prova de conceito implementada e testada usando cenários específicos. Esta dissertação foi validada adotando uma metodologia que segue a validação na comunidade científica através da validação técnica na aplicação do nosso conceito em um cenário industrial

Evaluation of Cloud-Based Cyber Security System

Cloud-based cyber security systems leverage the power of cloud computing to protect digital assets from cyber threats. By utilizing remote servers and advanced algorithms, these systems provide real-time monitoring, threat detection, and incident response. They offer scalable solutions, enabling businesses to adapt to evolving threats and handle increasing data volumes. Cloud-based security systems provide benefits such as reduced infrastructure costs, continuous updates and patches, centralized management, and global threat intelligence. They protect against various attacks, including malware, phishing, DDoS, and unauthorized access. With their flexibility, reliability, and ease of deployment, cloud-based cyber security systems are becoming essential for organizations seeking robust protection in today's interconnected digital landscape. The research significance of cloud-based cyber security systems lies in their ability to address the growing complexity and scale of cyber threats in today's digital landscape. By leveraging cloud computing, these systems offer several key advantages for researchers and organizations: Scalability: Cloud-based systems can scale resources on-demand, allowing researchers to handle large volumes of data and analyze complex threat patterns effectively. Cost-efficiency: The cloud eliminates the need for extensive on-premises infrastructure, reducing costs associated with hardware, maintenance, and upgrades. Researchers can allocate resources based on their needs, optimizing cost-effectiveness. Real-time monitoring and threat detection: Cloud-based systems provide real-time monitoring of network traffic, enabling quick identification of suspicious activities and potential threats. Researchers can leverage advanced analytics and machine learning algorithms to enhance threat detection capabilities. Collaboration and knowledge sharing: Cloud platforms facilitate collaboration among researchers and organizations by enabling the sharing of threat intelligence, best practices, and research findings. Compliance and regulatory requirements: Cloud platforms often offer built-in compliance features and tools to meet regulatory requirements, assisting researchers in adhering to data protection and privacy standards. Overall, the research significance of cloud-based cyber security systems lies in their ability to provide scalable, cost-effective, and advanced security capabilities, empowering researchers to mitigate evolving cyber threats and protect sensitive data and systems effectively. We will be using Weighted Product Methodology (WPM) which is a decision-making technique that assigns weights to various criteria and ranks alternatives based on their weighted scores. It involves multiplying the ratings of each criterion by their corresponding weights and summing them up to determine the overall score. This method helps prioritize options and make informed decisions in complex situations. Taken of Operational, Technological, Organizational Recorded Electronic Delivery, Recorded Electronic Deliver, Blockchain technology, Database security, Software updates, Antivirus and antimalware The Organizational cyber security measures comes in last place, while Technological cyber security measures is ranked top and Operational measures comes in between the above two in second place. In conclusion, a cloud-based cyber security system revolutionizes the way organizations safeguard their digital assets. By utilizing remote servers, advanced algorithms, and real-time monitoring, it offers scalable and robust protection against evolving threats. With features like threat detection, data encryption, and centralized management, it ensures enhanced security, agility, and efficiency. Embracing a cloud-based approach empowers organizations to stay ahead in the ever-changing landscape of cyber security, effectively safeguarding their critical data and infrastructure

Developing and Building Ontologies in Cyber Security

Cyber Security is one of the most arising disciplines in our modern society. We work on Cybersecurity domain and in this the topic we chose is Cyber Security Ontologies. In this we gather all latest and previous ontologies and compare them on the basis of different analyzing factors to get best of them. Reason to select this topic is to assemble different ontologies from different era of time. Because, researches that included in this SLR is mostly studied single ontology. If any researcher wants to study ontologies, he has to study every single ontology and select which one is best for his research. So, we assemble different types of ontology and compare them against each other to get best of them. A total 24 papers between years 2010-2020 are carefully selected through systematic process and classified accordingly. Lastly, this SLR have been presented to provide the researchers promising future directions in the domain of cybersecurity ontologies.Comment: 8 pages, 2 figure

Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Cybersecurity knowledge graphs

Cybersecurity knowledge graphs, which represent cyber-knowledge with a graph-based data model, provide holistic approaches for processing massive volumes of complex cybersecurity data derived from diverse sources. They can assist security analysts to obtain cyberthreat intelligence, achieve a high level of cyber-situational awareness, discover new cyber-knowledge, visualize networks, data flow, and attack paths, and understand data correlations by aggregating and fusing data. This paper reviews the most prominent graph-based data models used in this domain, along with knowledge organization systems that define concepts and properties utilized in formal cyber-knowledge representation for both background knowledge and specific expert knowledge about an actual system or attack. It is also discussed how cybersecurity knowledge graphs enable machine learning and facilitate automated reasoning over cyber-knowledge