Conference proceeding
Towards Automated Threat Intelligence Fusion
2016 IEEE 2ND INTERNATIONAL CONFERENCE ON COLLABORATION AND INTERNET COMPUTING (IEEE CIC), pp 408-416
01 Jan 2016
Abstract
The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.
Metrics
27 Record Views
Details
- Title
- Towards Automated Threat Intelligence Fusion
- Creators
- Ajay Modi - Arizona State UniversityZhibo Sun - Arizona State UniversityAnupam Panwar - Arizona State UniversityTejas Khairnar - Arizona State UniversityZiming Zhao - Arizona State UniversityAdam Doupe - Arizona State UniversityGail-Joon Ahn - Arizona State UniversityPaul Black - Allstate
- Publication Details
- 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON COLLABORATION AND INTERNET COMPUTING (IEEE CIC), pp 408-416
- Conference
- 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON COLLABORATION AND INTERNET COMPUTING (IEEE CIC), 2nd
- Publisher
- IEEE
- Number of pages
- 9
- Grant note
- Center for Cybersecurity and Digital Forensics at Arizona State University U.S. Army Research Laboratory; United States Department of Defense; US Army Research Laboratory (ARL) AllState Corporation
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science (Computing)
- Web of Science ID
- WOS:000393501100046
- Other Identifier
- 991021871292904721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Web of Science research areas
- Computer Science, Interdisciplinary Applications