Graph Databases and E-commerce Cybersecurity - a Match Made in Heaven? The Innovative Technology to Enhance Cyberthreat Mitigation

This paper discusses the rationale behind applying state-of-the-art graph databases as one of the innovative ways of enhancing the artificial intelligence-powered cybersecurity of e-commerce service. Firstly, the graph theory and graph databases are introduced. Then, the paper argues why graph databases are a good fit for cybersecurity experts’ tasks and what the advantages of applying graph databases in cybersecurity are. Then, a number of available, existing tools which combine the graph database technology and cybersecurity are shown. The main contribution of the paper is a real-life scenario which has been presented of a tool designed by the authors, which employs the graph database technology and e-commerce cybersecurity, with the conclusions given thereafter

Actionable Intelligence-Oriented Cyber Threat Modeling Framework

Amid the growing challenges of cybersecurity, the new paradigm of cyber threat intelligence (or CTI) has gained momentum to better deal with cyber threats. There, however, has been one fundamental and very practical problem of information overload organizations face in constructing an effective CTI program. We developed a cyber threat intelligence prototype that automatically and dynamically performs the correlation of business assets, vulnerabilities, and cyber threat information in a scoped setting to remediate the challenge of information overload. Conveniently called TIME (for Threat Intelligence Modeling Environment), it repeats the cycle of: (1) collect internal asset data; (2) gather vulnerability and threat data; (3) correlate vulnerabilities with assets; and (4) derive CTI and alerts significant internal asset-related vulnerabilities in a timely manner. For this, it takes advantage of CTI reports produced by online sites and several NIST standards intended to formalize vulnerability and threat management

NLP-Based Techniques for Cyber Threat Intelligence

In the digital era, threat actors employ sophisticated techniques for which, often, digital traces in the form of textual data are available. Cyber Threat Intelligence~(CTI) is related to all the solutions inherent to data collection, processing, and analysis useful to understand a threat actor's targets and attack behavior. Currently, CTI is assuming an always more crucial role in identifying and mitigating threats and enabling proactive defense strategies. In this context, NLP, an artificial intelligence branch, has emerged as a powerful tool for enhancing threat intelligence capabilities. This survey paper provides a comprehensive overview of NLP-based techniques applied in the context of threat intelligence. It begins by describing the foundational definitions and principles of CTI as a major tool for safeguarding digital assets. It then undertakes a thorough examination of NLP-based techniques for CTI data crawling from Web sources, CTI data analysis, Relation Extraction from cybersecurity data, CTI sharing and collaboration, and security threats of CTI. Finally, the challenges and limitations of NLP in threat intelligence are exhaustively examined, including data quality issues and ethical considerations. This survey draws a complete framework and serves as a valuable resource for security professionals and researchers seeking to understand the state-of-the-art NLP-based threat intelligence techniques and their potential impact on cybersecurity

Sharing Is Caring: Hurdles and Prospects of Open, Crowd-Sourced Cyber Threat Intelligence

Abstract—Cyber threat intelligence (CTI) is widely recognized as an important area in cybersecurity but it remains an area showing silos and reserved for large organizations. For an area whose strength is in open and responsive sharing, we see that the generation of feeds has a small scale, is secretive, and is nearly always from specialized businesses that have a commercial interest in not publicly sharing insights at a speed where it could be effective in raising preparedness or stopping an attack. This article has three purposes. First, we extensively review the state and challenges of open, crowd-sourced CTI, with a focus on the perceived barriers. Second, having identified that confidentiality (in multiple forms) is a key barrier, we perform a confidentiality threat analysis of existing sharing architectures and standards, including reviewing circa one million of real-world feeds between 2014 and 2022 from the popular open platform MISP toward quantifying the inherent risks. Our goal is to build the case that, either by redesigning sharing architectures or simply performing simple sanitization of shared information, the confidentiality argument is not as strong as one may have presumed. Third, after identifying key requirements for open crowd-based sharing of CTI, we propose a reference (meta-) architecture. Managerial Relevance—CTI is widely recognized as a key advantage toward cyber resilience in its multiple dimensions, from business continuity to reputation/regulatory protection. Furthermore, as we review in this article, there are strong indications that the next generation of approaches to cybersecurity will be centered on CTI. Whereas CTI is an established business area, we see little adoption, closed communities, or high costs that small businesses cannot afford. For an area that, intuitively, should be open, as velocity and accuracy of information is crucial, we shed light on why we have no significant open, crowd-sourced CTI. In other words, why is usage so lacking? We identify reasons and deconstruct unclear and unhelpful rationales by looking at a wide range of literature (research and professional) and an analysis of nearly ten years of open CTI data. Our findings from current data indicate two types of reasons. One, and dominant, is unhelpful perceptions (e.g., confidentiality), and another stems from market factors (e.g., “free-riding”) that need collective movement as no single player may be able to break the cycle. After looking at motivations and barriers, we review existing technologies, elicit requirements, and propose a high-level open CTI sharing architecture that could be used as a reference for practitioner

A systematic literature review on Virtual Reality and Augmented Reality in terms of privacy, authorization and data-leaks

In recent years, VR and AR has exploded into a multimillionaire market. As this emerging technology has spread to a variety of businesses and is rapidly increasing among users. It is critical to address potential privacy and security concerns that these technologies might pose. In this study, we discuss the current status of privacy and security in VR and AR. We analyse possible problems and risks. Besides, we will look in detail at a few of the major concerns issues and related security solutions for AR and VR. Additionally, as VR and AR authentication is the most thoroughly studied aspect of the problem, we concentrate on the research that has already been done in this area.Comment: 9 Pages, 4 figure

Learning representations for information mining from text corpora with applications to cyber threat intelligence

Doctor of PhilosophyDepartment of Computer ScienceWilliam H HsuThis research develops learning representations and architectures for natural language understanding, within an information mining framework for analysis of open-source cyber threat intelligence (CTI). Both contextual (sequential) and topological (graph-based) encodings of short text documents are modeled. To accomplish this goal, a series of machine learning tasks are defined, and learning representations are developed to detect crucial information in these documents: cyber threat entities, types, and events. Using hybrid transformer-based implementations of these learning models, CTI-relevant key phrases are identified, and specific cyber threats are classified using classification models based upon graph neural networks (GNNs). The central scientific goal here is to learn features from corpora consisting of short texts for multiple document categorization and information extraction sub-tasks to improve the accuracy, precision, recall, and F1 score of a multimodal framework. To address a performance gap (e.g., classification accuracy) for text classification, a novel multi-dimensional Feature Attended Parametric Kernel Graph Neural Network (APKGNN) layer is introduced to construct a GNN model in this dissertation where the text classification task is transformed into a graph node classification task. To extract key phrases, contextual semantic tagging with text sequences as input to transformers is used which improves a transformer's learning representation. By deriving a set of characteristics ranging from low-level (lexical) natural language features to summative extracts, this research focuses on reducing human effort by adopting a combination of semi-supervised approaches for learning syntactic, semantic, and topological feature representation. The following central research questions are addressed: can CTI-relevant key phrases be identified effectively with reduced human effort; whether threats be classified into different types; and can threat events be detected and ranked from social media like Twitter data and other benchmark data sets. Developing an integrated system to answer these research questions showed that user-specific information in shared social media content, and connections (followers and followees) are effective and crucial for algorithmically tracing active CTI user accounts from open-source social network data. All these components, used in combination, facilitate the understanding of key analytical tasks and objectives of open-source cyber-threat intelligence

Your Natural Gas is Not Cyber-Secure: A Two-Fold Case for Why Voluntary Natural Gas Pipeline Cybersecurity Guidelines Should Become Mandatory Regulations Overseen by the Department of Energy

In the past two decades, the United States has increased the production and use of natural gas to fuel every day American life. This increase has resulted in the construction of millions of miles of natural gas pipelines. While this development has produced a number of benefits, natural gas pipelines have introduced the threat of cyberattacks on natural gas infrastructure. This substantial threat is currently managed by voluntary guidelines promulgated by the Transportation Security Administration (“TSA”). While the private industry is satisfied to maintain the status quo and leave these threats essentially self-regulated, voluntary guidelines are not sufficient to defend against the cybersecurity threats posed to natural gas pipelines. This Recent Development proposes that cybersecurity standards should become mandatory and that the Department of Energy, not TSA, is the proper agency to promulgate mandatory cybersecurity regulations