TY - GEN
T1 - Towards automated threat intelligence fusion
AU - Modi, Ajay
AU - Sun, Zhibo
AU - Panwar, Anupam
AU - Khairnar, Tejas
AU - Zhao, Ziming
AU - Doupe, Adam
AU - Ahn, Gail-Joon
AU - Black, Paul
N1 - Funding Information:
This work was supported in part by grants from the AllState Corporation, the U.S. Army Research Laboratory and the Center for Cybersecurity and Digital Forensics at Arizona State University. The information reported here does not reflect the position or the policy of the funding agency or project sponsor.
Publisher Copyright:
© 2016 IEEE.
PY - 2017/1/6
Y1 - 2017/1/6
N2 - The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.
AB - The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.
UR - http://www.scopus.com/inward/record.url?scp=85013213103&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85013213103&partnerID=8YFLogxK
U2 - 10.1109/CIC.2016.060
DO - 10.1109/CIC.2016.060
M3 - Conference contribution
AN - SCOPUS:85013213103
T3 - Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016
SP - 408
EP - 416
BT - Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2nd IEEE International Conference on Collaboration and Internet Computing, IEEE CIC 2016
Y2 - 1 November 2016 through 3 November 2016
ER -