SlideShare a Scribd company logo

2019 cou kolokotronis_nicholas - nicholas kolokotronis

Liza Charalambous
Liza Charalambous

This document discusses mining cyber threat intelligence (CTI) to improve cybersecurity risk mitigation. It describes how CTI can be extracted from unstructured data sources using machine learning techniques and converted into a structured format. It also outlines challenges including dealing with the large and heterogeneous volumes of CTI data, exploring the deep and dark web, and ensuring legal compliance and privacy. The overall goal is to develop an advanced CTI platform that can accurately model attack strategies and determine effective countermeasures.

Technology
1 of 22
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Mining for cyber-threat intelligence to improve cyber-security risk mitigation Panel on Cyber-security Intelligence 2019 Community of Users Workshop Nicholas Kolokotronis Department of Informatics and Telecommunications University of Peloponnese • nkolok@uop.gr
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Cyber-threat intelligence ▪ From unstructured (textual) high-volume data to o Vulnerabilities/exploits o Links to CVE/other VDB IDs o Threat actors TTPs o Specific products/platforms o Popularity, price, … o CVSS => measurable ▪ CTI needs to be compliant against legal requirements 2 CT
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Cyber-defense goals ▪ Accurate modelling of the attack strategies ▪ Determine the attackers’ capabilities o constraint resources (budget, tools, etc.) ▪ The attackers’ goals vary depending on the target o access level, degrade QoS, … ▪ Define the defender’s available actions o possible counter-measures o highlight parameters ▪ Cyber-defense needs to minimize the attack surface 3
Dynamic risk analysis 4 Security properties should be measurable
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Dynamic risk analysis: attack models 5
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Example: exploitation probability ▪ Need to be measurable o Estimated from CVSS metrics o 𝑃 𝑒𝑖 = 2 × 𝐴𝑉 × 𝐴𝐶 × 𝐴𝑢 ▪ Likewise for an attack’s attempt probability 6
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things ML – from CTI to structured TTPs ▪ Conversion of CTIs to a semi-structured format (JSON, XML) ▪ Filtering specific (TTP, exploits) information, has the benefits: o More easily processed in a automated way o Only condensed information will be available o Reports will be still readable ▪ Known formats for attack patterns is STIX v2.1 ▪ The conversion of CTIs into actionable information can be achieved using ML techniques 7
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Threat actions identification 8
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI generation process 9
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Classifier needed with a number of features, like: ▪ Word size (CTIs with elaborated TTPs tend to be larger) ▪ Security action word density (security correlated verbs) ▪ Security target word density (security correlated nouns) Data pre-processing 1. Need crawler that gathers all pages from the web o CTI vendors (e.g. Symantec) o Forums, blogs, etc. 2. Sanitize content and keep all textual information as articles o Remove HTML tags, images, etc. 3. Automated decision on the CTI value of each article o otherwise it is dropped 10
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI crawling and classification ▪ Crawling components used in Cyber-Trust 11
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI crawling and classification ▪ Clear/Deep/Forum web crawling in Cyber-Trust o Implement topic-specific crawling on publicly available web sites ▶︎ focus on Deep/Dark web sites that don’t require authentication o Model Builder is responsible for creating the classification model; needs a set of positive and negative URLs. o Seed Finder identifies the initial seed of URLs to crawl based on a user-defined query, e.g. on “IoT vulnerabilities” o The crawled websites go through the Article/Forum Parser, which extracts the useful text part of each one ▶︎ internally forums are structured in a different way compared to websites 12
Dynamic risk analysis (enhanced) 13 Security properties should be measurable
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Data pre-processing ▪ Security correlated verbs/nouns are extracted from CVEs, CAPEC, CWE repositories using NLP techniques o Used on each article to find all OVS (Object, Verb, Subject) triplets; these are candidate threat actions ▪ CTI contain strings that an NLP parser may not understand, such as IoCs o To remedy this, we temporally substitute these with RegEx, e.g.: 14
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things TTP specific ontology 15 ▪ An ontology created by TTPs provided by ATT&CK and CAPEC repositories (MITRE) Class name Class description Example Kill chain phase Phase information, e.g. name or order Control or 5 Tactic Description of how to achieve a phase Privilege escalation Technique Description of how to achieve a tactic DLL injection Threat action Verb associated with malicious action Overwrite, Terminate Object The action’s target File, Process Pre-condition Action prerequisites that have to hold User access Intent Goal/subgoal of an action Run malicious code
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Towards threat actions ▪ Find similarity of candidate actions with all records in ontology ▪ Information Retrieval (IR) scoring vs. threshold ▪ Vocabulary based on synonyms (e.g. by WordNet) or custom ▪ Best scoring class is assigned to the threat action 16
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI classification ▪ Topic vocabulary in Cyber- Trust o XML docs converted into text via XML Data Retriever o Normalizer drops symbols, converts to lowercase, etc. o Collected tags are multi-word terms given to Multi-Word Expression Tokenizer ▶︎“exploit kits” => “exploit-kits” o Word2Vec finds the similarity 17
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI classification ▪ Example top terms in Cyber-Trust collection for tag ddos
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI sharing: using STIX ▪ Structured language for any CTI o wide range use cases support o can focus on relevant aspects ▪ High level of recognition by CSIRTs and LEAs ▪ Combined with TAXII 2.0 o OSS implementations ▪ Supported by MISP Attack pattern SDO { “type” : “attack”, “id” : “attack-pattern-xyz…”, “created” : “2017-06-8T08:17:27.000Z”, “modified” : “2017-06-8T08:17:27.000Z”, “name” : “Input Capture”, “description” : “Adversary logs keystrokes to obtain credentials”, “kill_chain_phases” : “Maintain”, “external_references” : [ { “source_name” : “ATT&CK”, “id” : “T1056” } ] } 19
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI sources’ quality aspects ▪ Existence of conflicting data among sources ▪ Techniques can be used to assess the credibility of source o Using special-purpose ranking engines (e.g. SimilarWeb) ▶︎ A combination of metrics (page views, unique site users, web traffic, etc.) ▶︎ Include some Dark Web sites o Number of users (useful for Dark Web sites) o Number of posts per day o Number of CVEs per day ▶︎ More than 3/4 of vulnerabilities are publicly reported online ~7d before NVD ▶︎ Mainly concerns Dark Web, paste sites, and cyber-criminal forums 20
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Use of CTI in Cyber-Trust 21 CTI sharing dark web deep web clear web
Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Conclusions - challenges ▪ ML can be used for extracting CTIs to structured and actionable formats ▪ Technical challenges for coping with heterogeneity and volume of cyber-threat data o Need for (semi-)automated means of processing o Focused and topic-based crawling can improve performance o Deep/dark web exploration presents additional challenges o Big data management and NoSQL stores for efficiency ▪ Legal compliance and privacy-preserving data mining? 22

Recommended

SmartLock
SmartLockSmartLock
SmartLockmasa-pay
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...Dataconomy Media
 

Recommended

SmartLock
SmartLockSmartLock
SmartLockmasa-pay
 
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Big Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBig Data Security Intelligence and Analytics for Advanced Threat Protection
Big Data Security Intelligence and Analytics for Advanced Threat ProtectionBlue Coat
 
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th..."Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...
"Meet Me in the Middle: Threat Indications & Warning to enable Operational Th...PROIDEA
 
Firepower ngfw internet
Firepower ngfw internetFirepower ngfw internet
Firepower ngfw internetRony Melo
 
NTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNTXISSACSC3 - Security at the Point of Storage by Todd Barton
NTXISSACSC3 - Security at the Point of Storage by Todd BartonNorth Texas Chapter of the ISSA
 
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...
DN18 | Ocean Protocol – Empowering a Decentralized Marketplace for The New AI...Dataconomy Media
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storageLeMeniz Infotech
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storageLeMeniz Infotech
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGEPRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGEI3E Technologies
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your DataUlf Mattsson
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...Venkat Projects
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...LeMeniz Infotech
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
Research
ResearchResearch
ResearchLong Nguyen
 
M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishingLeMeniz Infotech
 
Ppt
PptPpt
PptNidhi Bansal
 
Russian technology in indian banking system 1
Russian technology in indian banking system 1Russian technology in indian banking system 1
Russian technology in indian banking system 1Rajkiran Mummadi
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentIJNSA Journal
 
Federated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applicationsFederated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applicationsPeter Waher
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slideHaruki0428
 
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...Nexgen Technology
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat intelligence notes
Threat intelligence notesThreat intelligence notes
Threat intelligence notesAmgad Magdy
 

More Related Content

What's hot

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storageLeMeniz Infotech
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storageLeMeniz Infotech
 
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGEPRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGEI3E Technologies
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your DataUlf Mattsson
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionEC-Council
 
identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...Venkat Projects
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyTony Martin-Vegue
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...LeMeniz Infotech
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity Blockchain Council
 
M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishingLeMeniz Infotech
 
Russian technology in indian banking system 1
Russian technology in indian banking system 1Russian technology in indian banking system 1
Russian technology in indian banking system 1Rajkiran Mummadi
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentIJNSA Journal
 
Federated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applicationsFederated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applicationsPeter Waher
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Peter Waher
 
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...Nexgen Technology
 

What's hot (20)

PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storage
 
Privacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storagePrivacy preserving ciphertext multi-sharing control for big data storage
Privacy preserving ciphertext multi-sharing control for big data storage
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGEPRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
PRIVACY-PRESERVING CIPHERTEXT MULTI-SHARING CONTROL FOR BIG DATA STORAGE
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
Threat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & AcquisitionThreat Intelligence Data Collection & Acquisition
Threat Intelligence Data Collection & Acquisition
 
identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...identity based encryption transformation for flexible sharing of encrypted da...
identity based encryption transformation for flexible sharing of encrypted da...
 
Cybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrencyCybersecurity aspects of blockchain and cryptocurrency
Cybersecurity aspects of blockchain and cryptocurrency
 
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...Enabling fine grained multi-keyword search supporting classified sub-dictiona...
Enabling fine grained multi-keyword search supporting classified sub-dictiona...
 
What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity What is the future of blockchain in cybersecurity
What is the future of blockchain in cybersecurity
 
Research
ResearchResearch
Research
 
M privacy for collaborative data publishing
M privacy for collaborative data publishingM privacy for collaborative data publishing
M privacy for collaborative data publishing
 
Ppt
PptPpt
Ppt
 
Russian technology in indian banking system 1
Russian technology in indian banking system 1Russian technology in indian banking system 1
Russian technology in indian banking system 1
 
Accessing secured data in cloud computing environment
Accessing secured data in cloud computing environmentAccessing secured data in cloud computing environment
Accessing secured data in cloud computing environment
 
Federated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applicationsFederated and legal identities in industrial and financial applications
Federated and legal identities in industrial and financial applications
 
Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99Globally Scalable Mobile Digital ID using IEEE P1451.99
Globally Scalable Mobile Digital ID using IEEE P1451.99
 
Week 12 slide
Week 12 slideWeek 12 slide
Week 12 slide
 
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
IDENTITY-BASED PROXY-ORIENTED DATA UPLOADING AND REMOTE DATA INTEGRITY CHECKI...
 

Similar to 2019 cou kolokotronis_nicholas - nicholas kolokotronis

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat intelligence notes
Threat intelligence notesThreat intelligence notes
Threat intelligence notesAmgad Magdy
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsDemetrio Milea
 
Platform for the Research and Analysis of Cybernetic Threats
Platform for the Research and Analysis of Cybernetic ThreatsPlatform for the Research and Analysis of Cybernetic Threats
Platform for the Research and Analysis of Cybernetic ThreatsDataWorks Summit
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceJacklynTsai
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics Robb Boyd
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZeditsRod Soto
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionPriyanka Aash
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting ServiceMarc St-Pierre
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...DefCamp
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceGlobal Knowledge Training
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsGSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsDavid Sweigert
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 

Similar to 2019 cou kolokotronis_nicholas - nicholas kolokotronis (20)

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Threat intelligence notes
Threat intelligence notesThreat intelligence notes
Threat intelligence notes
 
The Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security AnalyticsThe Golden Rules - Detecting more with RSA Security Analytics
The Golden Rules - Detecting more with RSA Security Analytics
 
Platform for the Research and Analysis of Cybernetic Threats
Platform for the Research and Analysis of Cybernetic ThreatsPlatform for the Research and Analysis of Cybernetic Threats
Platform for the Research and Analysis of Cybernetic Threats
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
 
TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics TechWiseTV Workshop: Encrypted Traffic Analytics
TechWiseTV Workshop: Encrypted Traffic Analytics
 
Coding Security: Code Mania 101
Coding Security: Code Mania 101Coding Security: Code Mania 101
Coding Security: Code Mania 101
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 
AktaionPPTv5_JZedits
AktaionPPTv5_JZeditsAktaionPPTv5_JZedits
AktaionPPTv5_JZedits
 
Threat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detectionThreat intel- -content-curation-organizing-the-path-to-successful-detection
Threat intel- -content-curation-organizing-the-path-to-successful-detection
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting Service
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
Why Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD WorkforceWhy Pentesting is Vital to the Modern DoD Workforce
Why Pentesting is Vital to the Modern DoD Workforce
 
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract OralsGSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
GSA calls out Cyber Hunt skills in final Cybersecurity Contract Orals
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 

Recently uploaded

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 

Recently uploaded (20)

Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 

2019 cou kolokotronis_nicholas - nicholas kolokotronis

  • 1. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Mining for cyber-threat intelligence to improve cyber-security risk mitigation Panel on Cyber-security Intelligence 2019 Community of Users Workshop Nicholas Kolokotronis Department of Informatics and Telecommunications University of Peloponnese • nkolok@uop.gr
  • 2. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Cyber-threat intelligence ▪ From unstructured (textual) high-volume data to o Vulnerabilities/exploits o Links to CVE/other VDB IDs o Threat actors TTPs o Specific products/platforms o Popularity, price, … o CVSS => measurable ▪ CTI needs to be compliant against legal requirements 2 CT
  • 3. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Cyber-defense goals ▪ Accurate modelling of the attack strategies ▪ Determine the attackers’ capabilities o constraint resources (budget, tools, etc.) ▪ The attackers’ goals vary depending on the target o access level, degrade QoS, … ▪ Define the defender’s available actions o possible counter-measures o highlight parameters ▪ Cyber-defense needs to minimize the attack surface 3
  • 5. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Dynamic risk analysis: attack models 5
  • 6. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Example: exploitation probability ▪ Need to be measurable o Estimated from CVSS metrics o 𝑃 𝑒𝑖 = 2 × 𝐴𝑉 × 𝐴𝐶 × 𝐴𝑢 ▪ Likewise for an attack’s attempt probability 6
  • 7. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things ML – from CTI to structured TTPs ▪ Conversion of CTIs to a semi-structured format (JSON, XML) ▪ Filtering specific (TTP, exploits) information, has the benefits: o More easily processed in a automated way o Only condensed information will be available o Reports will be still readable ▪ Known formats for attack patterns is STIX v2.1 ▪ The conversion of CTIs into actionable information can be achieved using ML techniques 7
  • 8. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Threat actions identification 8
  • 9. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI generation process 9
  • 10. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Classifier needed with a number of features, like: ▪ Word size (CTIs with elaborated TTPs tend to be larger) ▪ Security action word density (security correlated verbs) ▪ Security target word density (security correlated nouns) Data pre-processing 1. Need crawler that gathers all pages from the web o CTI vendors (e.g. Symantec) o Forums, blogs, etc. 2. Sanitize content and keep all textual information as articles o Remove HTML tags, images, etc. 3. Automated decision on the CTI value of each article o otherwise it is dropped 10
  • 11. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI crawling and classification ▪ Crawling components used in Cyber-Trust 11
  • 12. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI crawling and classification ▪ Clear/Deep/Forum web crawling in Cyber-Trust o Implement topic-specific crawling on publicly available web sites ▶︎ focus on Deep/Dark web sites that don’t require authentication o Model Builder is responsible for creating the classification model; needs a set of positive and negative URLs. o Seed Finder identifies the initial seed of URLs to crawl based on a user-defined query, e.g. on “IoT vulnerabilities” o The crawled websites go through the Article/Forum Parser, which extracts the useful text part of each one ▶︎ internally forums are structured in a different way compared to websites 12
  • 14. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Data pre-processing ▪ Security correlated verbs/nouns are extracted from CVEs, CAPEC, CWE repositories using NLP techniques o Used on each article to find all OVS (Object, Verb, Subject) triplets; these are candidate threat actions ▪ CTI contain strings that an NLP parser may not understand, such as IoCs o To remedy this, we temporally substitute these with RegEx, e.g.: 14
  • 15. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things TTP specific ontology 15 ▪ An ontology created by TTPs provided by ATT&CK and CAPEC repositories (MITRE) Class name Class description Example Kill chain phase Phase information, e.g. name or order Control or 5 Tactic Description of how to achieve a phase Privilege escalation Technique Description of how to achieve a tactic DLL injection Threat action Verb associated with malicious action Overwrite, Terminate Object The action’s target File, Process Pre-condition Action prerequisites that have to hold User access Intent Goal/subgoal of an action Run malicious code
  • 16. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Towards threat actions ▪ Find similarity of candidate actions with all records in ontology ▪ Information Retrieval (IR) scoring vs. threshold ▪ Vocabulary based on synonyms (e.g. by WordNet) or custom ▪ Best scoring class is assigned to the threat action 16
  • 17. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI classification ▪ Topic vocabulary in Cyber- Trust o XML docs converted into text via XML Data Retriever o Normalizer drops symbols, converts to lowercase, etc. o Collected tags are multi-word terms given to Multi-Word Expression Tokenizer ▶︎“exploit kits” => “exploit-kits” o Word2Vec finds the similarity 17
  • 18. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things [CT] CTI classification ▪ Example top terms in Cyber-Trust collection for tag ddos
  • 19. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI sharing: using STIX ▪ Structured language for any CTI o wide range use cases support o can focus on relevant aspects ▪ High level of recognition by CSIRTs and LEAs ▪ Combined with TAXII 2.0 o OSS implementations ▪ Supported by MISP Attack pattern SDO { “type” : “attack”, “id” : “attack-pattern-xyz…”, “created” : “2017-06-8T08:17:27.000Z”, “modified” : “2017-06-8T08:17:27.000Z”, “name” : “Input Capture”, “description” : “Adversary logs keystrokes to obtain credentials”, “kill_chain_phases” : “Maintain”, “external_references” : [ { “source_name” : “ATT&CK”, “id” : “T1056” } ] } 19
  • 20. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things CTI sources’ quality aspects ▪ Existence of conflicting data among sources ▪ Techniques can be used to assess the credibility of source o Using special-purpose ranking engines (e.g. SimilarWeb) ▶︎ A combination of metrics (page views, unique site users, web traffic, etc.) ▶︎ Include some Dark Web sites o Number of users (useful for Dark Web sites) o Number of posts per day o Number of CVEs per day ▶︎ More than 3/4 of vulnerabilities are publicly reported online ~7d before NVD ▶︎ Mainly concerns Dark Web, paste sites, and cyber-criminal forums 20
  • 21. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Use of CTI in Cyber-Trust 21 CTI sharing dark web deep web clear web
  • 22. Advanced Cyber-Threat Intelligence, Detection and Mitigation Platform for a Trusted Internet of Things Conclusions - challenges ▪ ML can be used for extracting CTIs to structured and actionable formats ▪ Technical challenges for coping with heterogeneity and volume of cyber-threat data o Need for (semi-)automated means of processing o Focused and topic-based crawling can improve performance o Deep/dark web exploration presents additional challenges o Big data management and NoSQL stores for efficiency ▪ Legal compliance and privacy-preserving data mining? 22