Towards augmented proactive cyberthreat intelligenceVise andre og tillknytning
2019 (engelsk)Inngår i: Journal of Parallel and Distributed Computing, ISSN 0743-7315, E-ISSN 1096-0848, Vol. 124, s. 47-59Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]
In cyber crimes, attackers are becoming more inventive with their exploits and use more sophisticated techniques to bypass the deployed security system. These attacks are targeted and are commonly referred as Advanced Persistent Threats (APTs). The currently available techniques to tackle these attacks are mostly reactive and signature based. Security Information and Event Management (SIEM), a proactive approach is the best solution. However, the major problem with SIEM is tackling huge amount of data in real time that makes it a time consuming and tedious task for security analyst. The use of threat intelligence caters to such issue by prioritizing the level of threat. In this paper, we assign risk score and confidence value to each feed generated at our product “T-Eye platform”. On the basis of these values, we assign a severity score to each feed type. Severity score assigns a level to the threat means prioritize the threat. The results, we achieved for prioritizing the threat is more apparent and accurate. In addition, we optimize the rules of IBM-Q-Radar by using threat feeds generated at T-Eye platform. Furthermore, a huge amount of false positive alarms generated at IBM Q-Radar is reduced to a certain extent.
sted, utgiver, år, opplag, sider
2019. Vol. 124, s. 47-59
Emneord [en]
Confidence, IBM Q-Radar, Risk score, Rules, Severity, T-Eye feeds, T-Eye platform, Artificial intelligence, Computer programming, Radar
HSV kategori
Identifikatorer
URN: urn:nbn:se:ri:diva-36397DOI: 10.1016/j.jpdc.2018.10.006Scopus ID: 2-s2.0-85056154937OAI: oai:DiVA.org:ri-36397DiVA, id: diva2:1265183
Merknad
Funding details: Deanship of Scientific Research, King Saud University, RG – 1439-58;
2018-11-222018-11-222025-09-23bibliografisk kontrollert