Strategic cyber threat intelligence sharing: A case study of IDS logs

Spike E. Dog; Alex Tweed; Leroy Rouse; Bill Chu; Duan Qi; Yueqi Hu; Jing Yang; Ehab Al-Shaer

doi:10.1109/ICCCN.2016.7568578

Strategic cyber threat intelligence sharing: A case study of IDS logs

Spike E. Dog, Alex Tweed, Leroy Rouse, Bill Chu, Duan Qi, Yueqi Hu, Jing Yang, Ehab Al-Shaer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

12 Scopus citations

Abstract

Cyber threat intelligence sharing is emerging as an important tool for network security as it can identify evolving threat patterns and prevent attackers from replicating their early success across the Internet. However the types of information sharing being practiced today are at the tactical level focusing on specific attacks, e.g. characteristics of a piece of malware, and black listed IP addresses and domains. In this paper we argue sharing cyber intelligence at a more strategic level is needed. By strategic information we mean information about salient common features of groups of attacks and attackers. Strategic information allows us to take actions that are much closer to the source of the attacks. For example instead of block an IP address as opposed to shutting down the botnet. We propose at set of strategic cyber threat indicators and show how they can be derived using an IDS log from a large commercial enterprise.

Original language	English
Title of host publication	2016 25th International Conference on Computer Communications and Networks, ICCCN 2016
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509022793
DOIs	https://doi.org/10.1109/ICCCN.2016.7568578
State	Published - 14 Sep 2016
Externally published	Yes
Event	25th International Conference on Computer Communications and Networks, ICCCN 2016 - Waikoloa, United States Duration: 1 Aug 2016 → 4 Aug 2016

Publication series

Name	2016 25th International Conference on Computer Communications and Networks, ICCCN 2016

Conference

Conference	25th International Conference on Computer Communications and Networks, ICCCN 2016
Country/Territory	United States
City	Waikoloa
Period	1/08/16 → 4/08/16

Bibliographical note

Publisher Copyright:
© 2016 IEEE.

Keywords

Cyber threat intelligence
Information visualization
Intrusion detection
Machine learning
Security analytics

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture

Access to Document

10.1109/ICCCN.2016.7568578

Cite this

Dog, S. E., Tweed, A., Rouse, L., Chu, B., Qi, D., Hu, Y., Yang, J., & Al-Shaer, E. (2016). Strategic cyber threat intelligence sharing: A case study of IDS logs. In 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016 Article 7568578 (2016 25th International Conference on Computer Communications and Networks, ICCCN 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCCN.2016.7568578

@inproceedings{265ac6fb963349eaae4b52f6bc105e0f,

title = "Strategic cyber threat intelligence sharing: A case study of IDS logs",

abstract = "Cyber threat intelligence sharing is emerging as an important tool for network security as it can identify evolving threat patterns and prevent attackers from replicating their early success across the Internet. However the types of information sharing being practiced today are at the tactical level focusing on specific attacks, e.g. characteristics of a piece of malware, and black listed IP addresses and domains. In this paper we argue sharing cyber intelligence at a more strategic level is needed. By strategic information we mean information about salient common features of groups of attacks and attackers. Strategic information allows us to take actions that are much closer to the source of the attacks. For example instead of block an IP address as opposed to shutting down the botnet. We propose at set of strategic cyber threat indicators and show how they can be derived using an IDS log from a large commercial enterprise.",

keywords = "Cyber threat intelligence, Information visualization, Intrusion detection, Machine learning, Security analytics",

author = "Dog, \{Spike E.\} and Alex Tweed and Leroy Rouse and Bill Chu and Duan Qi and Yueqi Hu and Jing Yang and Ehab Al-Shaer",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 25th International Conference on Computer Communications and Networks, ICCCN 2016 ; Conference date: 01-08-2016 Through 04-08-2016",

year = "2016",

month = sep,

day = "14",

doi = "10.1109/ICCCN.2016.7568578",

language = "English",

series = "2016 25th International Conference on Computer Communications and Networks, ICCCN 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2016 25th International Conference on Computer Communications and Networks, ICCCN 2016",

address = "United States",

}

Dog, SE, Tweed, A, Rouse, L, Chu, B, Qi, D, Hu, Y, Yang, J & Al-Shaer, E 2016, Strategic cyber threat intelligence sharing: A case study of IDS logs. in 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016., 7568578, 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016, Institute of Electrical and Electronics Engineers Inc., 25th International Conference on Computer Communications and Networks, ICCCN 2016, Waikoloa, United States, 1/08/16. https://doi.org/10.1109/ICCCN.2016.7568578

Strategic cyber threat intelligence sharing: A case study of IDS logs. / Dog, Spike E.; Tweed, Alex; Rouse, Leroy et al.
2016 25th International Conference on Computer Communications and Networks, ICCCN 2016. Institute of Electrical and Electronics Engineers Inc., 2016. 7568578 (2016 25th International Conference on Computer Communications and Networks, ICCCN 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Strategic cyber threat intelligence sharing

T2 - 25th International Conference on Computer Communications and Networks, ICCCN 2016

AU - Dog, Spike E.

AU - Tweed, Alex

AU - Rouse, Leroy

AU - Chu, Bill

AU - Qi, Duan

AU - Hu, Yueqi

AU - Yang, Jing

AU - Al-Shaer, Ehab

PY - 2016/9/14

Y1 - 2016/9/14

N2 - Cyber threat intelligence sharing is emerging as an important tool for network security as it can identify evolving threat patterns and prevent attackers from replicating their early success across the Internet. However the types of information sharing being practiced today are at the tactical level focusing on specific attacks, e.g. characteristics of a piece of malware, and black listed IP addresses and domains. In this paper we argue sharing cyber intelligence at a more strategic level is needed. By strategic information we mean information about salient common features of groups of attacks and attackers. Strategic information allows us to take actions that are much closer to the source of the attacks. For example instead of block an IP address as opposed to shutting down the botnet. We propose at set of strategic cyber threat indicators and show how they can be derived using an IDS log from a large commercial enterprise.

AB - Cyber threat intelligence sharing is emerging as an important tool for network security as it can identify evolving threat patterns and prevent attackers from replicating their early success across the Internet. However the types of information sharing being practiced today are at the tactical level focusing on specific attacks, e.g. characteristics of a piece of malware, and black listed IP addresses and domains. In this paper we argue sharing cyber intelligence at a more strategic level is needed. By strategic information we mean information about salient common features of groups of attacks and attackers. Strategic information allows us to take actions that are much closer to the source of the attacks. For example instead of block an IP address as opposed to shutting down the botnet. We propose at set of strategic cyber threat indicators and show how they can be derived using an IDS log from a large commercial enterprise.

KW - Cyber threat intelligence

KW - Information visualization

KW - Intrusion detection

KW - Machine learning

KW - Security analytics

UR - https://www.scopus.com/pages/publications/84991822110

U2 - 10.1109/ICCCN.2016.7568578

DO - 10.1109/ICCCN.2016.7568578

M3 - Conference contribution

AN - SCOPUS:84991822110

T3 - 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016

BT - 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 1 August 2016 through 4 August 2016

ER -

Dog SE, Tweed A, Rouse L, Chu B, Qi D, Hu Y et al. Strategic cyber threat intelligence sharing: A case study of IDS logs. In 2016 25th International Conference on Computer Communications and Networks, ICCCN 2016. Institute of Electrical and Electronics Engineers Inc. 2016. 7568578. (2016 25th International Conference on Computer Communications and Networks, ICCCN 2016). doi: 10.1109/ICCCN.2016.7568578

Strategic cyber threat intelligence sharing: A case study of IDS logs

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this