Two Heads are Better than One: A Theoretical Model for Cybersecurity Intelligence Sharing (CIS) between Organisations

So-called ‘social bots’ have garnered a lot of attention lately. Previous research showed that they attempted to influence political events such as the Brexit referendum and the US presidential elections. It remains, however, somewhat unclear what exactly can be understood by the term ‘social bot’. This paper addresses the need to better understand the intentions of bots on social media and to develop a shared understanding of how ‘social’ bots differ from other types of bots. We thus describe a systematic review of publications that researched bot accounts on social media. Based on the results of this literature review, we propose a scheme for categorising bot accounts on social media sites. Our scheme groups bot accounts by two dimensions – Imitation of human behaviour and Intent

Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyberattacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived eight key findings and discuss how existing gaps should be addressed by future research

Chapter Blockchain Applications in Cybersecurity

Blockchain has been widely known thanks to Bitcoin and the cryptocurrencies. In this chapter, we analyze different aspects that relate to the application of blockchain with techniques commonly used in the field of cybersecurity. Beginning by introducing the use of blockchain technology as a secure infrastructure, the document delves into how blockchain can be useful to achieve several security requirements, common to most applications. The document has been focused on some specific cybersecurity disciplines to maintain simplicity: backup and recovery, threat intelligence and content delivery networks. As illustrated, some projects and initiatives are in the process of joining these two fields to provide solutions to existing problems

Blockchain Applications in Cybersecurity

Blockchain has been widely known thanks to Bitcoin and the cryptocurrencies. In this chapter, we analyze different aspects that relate to the application of blockchain with techniques commonly used in the field of cybersecurity. Beginning by introducing the use of blockchain technology as a secure infrastructure, the document delves into how blockchain can be useful to achieve several security requirements, common to most applications. The document has been focused on some specific cybersecurity disciplines to maintain simplicity: backup and recovery, threat intelligence and content delivery networks. As illustrated, some projects and initiatives are in the process of joining these two fields to provide solutions to existing problems

Enabling Privacy-preserving Sharing of Cyber Threat Information in the Cloud

Network threats often come from multiple sources and affect a variety of domains. Collaborative sharing and analysis of Cyber Threat Information (CTI) can greatly improve the prediction and prevention of cyber-attacks. However, CTI data containing sensitive and confidential information can cause privacy exposure and disclose security risks, which will deter organisations from sharing their CTI data. To address these concerns, the consortium of the EU H2020 project entitled Collaborative and Confidential Information Sharing and Analysis for Cyber Protection (C3ISP) has designed and implemented a framework (i.e. C3ISP Framework) as a service for cyber threat management. This paper focuses on the design and development of an API Gateway, which provides a bridge between end-users and their data sources, and the C3ISP Framework. It facilitates end-users to retrieve their CTI data, regulate data sharing agreements in order to sanitise the data, share the data with privacy-preserving means, and invoke collaborative analysis for attack prediction and prevention. In this paper, we report on the implementation of the API Gateway and experiments performed. The results of these experiments show the efficiency of our gateway design, and the benefits for the end-users who use it to access the C3ISP Framework

A comparative analysis of cyber-threat intelligence sources, formats and languages

The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats

Enhancing The Secured Software Framework Using Vulnerability Patterns And Flow Diagrams

This article describes the process of simplifying the software security classification. The inputs of this process include a reference model from previous researcher and existing Common Vulnerabilities and Exposure (CVE) database. An interesting aim is to find out how we can make the secured software framework implementable in practice. In order to answer this question, some inquiries were set out regarding reference model and meta-process for classification to be a workable measurement system. The outputs of the process are the results discussion of experimental result and expert's validation. The experimental result use the existing CVE database which serves as an analysis when a) the framework is applied on three mix datasets, and b) when the framework is applied on two focus datasets. The first explains the result when the framework is applied on the CVE data randomly which consist mix of vendors and the latter is applied on the CVE data randomly but on selective vendors. The metric used in this assessment are precision and recall rate. The result shows there is a strong indicator that the framework can produce acceptable output accuracy. Apart from that, several experts' views were discussed to show the correctness and eliminate the ambiguity of classification rules and to prove the whole framework process

Розробка структури блокчейн-сховища для індикаторів компрометації в розподіленій системі обміну загрозами

Завданням роботи є розробка архітектури розподіленої системи обміну IoC та створення порівняльних характеристик технологій для реалізації архітектурних елементів. Мета цієї дипломної роботи полягає у створенні системи для ефективного зберігання та обміну індикаторами компрометації. Об’єктом дослідження є архітектура розподіленої системи обміну індикаторами компрометації з блокчейн сховищем для IoC. Предметом дослідження є можливість ефективного збереження та обміну чутливими даними, таким як IoC.The task of the work is to develop the architecture of a distributed IoC exchange system and create comparative characteristics of the technology for the implementation of architectural elements, such as databases or blockchains. The purpose of this graduate work is to create a system for effective storage and exchange of indicators of compromise. The object of research is the architecture of a distributed system of exchange of compromise indicators with blockchain storage for IoC. The subject of the study is the ability to efficiently store and exchange sensitive data such as IoC