Human-as-a-security-sensor for harvesting threat intelligence-Reference-Cited by-同舟云学术

Human-as-a-security-sensor for harvesting threat intelligence

Published:2019-10-22 Issue:1 Volume:2 Page:
ISSN:2523-3246
Container-title:Cybersecurity
language:en
Short-container-title:Cybersecur

Author:

Vielberth Manfred^ORCID,Menges Florian,Pernul Günther

Abstract

Abstract Humans are commonly seen as the weakest link in corporate information security. This led to a lot of effort being put into security training and awareness campaigns, which resulted in employees being less likely the target of successful attacks. Existing approaches, however, do not tap the full potential that can be gained through these campaigns. On the one hand, human perception offers an additional source of contextual information for detected incidents, on the other hand it serves as information source for incidents that may not be detectable by automated procedures. These approaches only allow a text-based reporting of basic incident information. A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing. In this work, we propose an approach, which allows humans to systematically report perceived anomalies or incidents in a structured way. Our approach furthermore supports the integration of such reports into analytics systems. Thereby, we identify connecting points to SIEM systems, develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans. A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.

Publisher

Springer Science and Business Media LLC

Subject

Artificial Intelligence,Computer Networks and Communications,Information Systems,Software

Link

http://link.springer.com/content/pdf/10.1186/s42400-019-0040-0.pdf

Reference35 articles.

1. Anti-Phishing Working Group, IReport Phishing. https://www.antiphishing.org/report-phishing/overview/ . Accessed 19.01.2019.

2. Appala, S, Cam-Winget N, McGrew D, Verma J (2015) An Actionable Threat Intelligence system using a Publish-Subscribe communications model. Proc 2nd ACM Workshop Inf Sharing Collab Secur - WISCS ’15:61–70.

3. Barnum, S (2014) Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). http://stixproject.github.io/getting-started/whitepaper/ . Accessed 2019-02-21.

4. Bhatt, S, Manadhata PK, Zomlot L (2014) The operational role of security information and event management systems. IEEE Secur Privacy 12(5):35–41.

5. Böhm, F, Menges F, Pernul G (2018) Graph-based visual analytics for cyber threat intelligence. Cybersecurity 1(1).

Cited by 15 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Symmetrical Analysis of Decision Making: Introducing the Gaussian Negative Binomial Mixture with a Latent Class Choice Model;Symmetry;2024-07-16

2. Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems;Security and Communication Networks;2023-06-19

3. Methodology to Improve the Quality of Cyber Threat Intelligence Production Through Open Source Platforms;CSEI: International Conference on Computer Science, Electronics and Industrial Engineering (CSEI);2023

4. BISCUIT - Blockchain Security Incident Reporting based on Human Observations;Proceedings of the 17th International Conference on Availability, Reliability and Security;2022-08-23

5. Reconstruction of Unfolding Sub-Events From Social Media Posts;Frontiers in Physics;2022-06-24