Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Towards augmented proactive cyberthreat intelligence
COMSATS Institute of Information Technology, Pakistan.
COMSATS Institute of Information Technology, Pakistan.
RISE - Research Institutes of Sweden, ICT, SICS. COMSATS Institute of Information Technology, Pakistan.ORCID iD: 0000-0001-8370-9290
Trillium Information Security, Pakistan.
Show others and affiliations
2019 (English)In: Journal of Parallel and Distributed Computing, ISSN 0743-7315, E-ISSN 1096-0848, Vol. 124, p. 47-59Article in journal (Refereed) Published
Abstract [en]

In cyber crimes, attackers are becoming more inventive with their exploits and use more sophisticated techniques to bypass the deployed security system. These attacks are targeted and are commonly referred as Advanced Persistent Threats (APTs). The currently available techniques to tackle these attacks are mostly reactive and signature based. Security Information and Event Management (SIEM), a proactive approach is the best solution. However, the major problem with SIEM is tackling huge amount of data in real time that makes it a time consuming and tedious task for security analyst. The use of threat intelligence caters to such issue by prioritizing the level of threat. In this paper, we assign risk score and confidence value to each feed generated at our product “T-Eye platform”. On the basis of these values, we assign a severity score to each feed type. Severity score assigns a level to the threat means prioritize the threat. The results, we achieved for prioritizing the threat is more apparent and accurate. In addition, we optimize the rules of IBM-Q-Radar by using threat feeds generated at T-Eye platform. Furthermore, a huge amount of false positive alarms generated at IBM Q-Radar is reduced to a certain extent.

Place, publisher, year, edition, pages
2019. Vol. 124, p. 47-59
Keywords [en]
Confidence, IBM Q-Radar, Risk score, Rules, Severity, T-Eye feeds, T-Eye platform, Artificial intelligence, Computer programming, Radar
National Category
Natural Sciences
Identifiers
URN: urn:nbn:se:ri:diva-36397DOI: 10.1016/j.jpdc.2018.10.006Scopus ID: 2-s2.0-85056154937OAI: oai:DiVA.org:ri-36397DiVA, id: diva2:1265183
Note

 Funding details: Deanship of Scientific Research, King Saud University, RG – 1439-58;

Available from: 2018-11-22 Created: 2018-11-22 Last updated: 2019-06-18Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Akhunzada, Adnan

Search in DiVA

By author/editor
Akhunzada, Adnan
By organisation
SICS
In the same journal
Journal of Parallel and Distributed Computing
Natural Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 78 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.7