Abstract

The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.

Original languageEnglish (US)
Title of host publicationProceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages408-416
Number of pages9
ISBN (Electronic)9781509046072
DOIs
StatePublished - Jan 6 2017
Event2nd IEEE International Conference on Collaboration and Internet Computing, IEEE CIC 2016 - Pittsburgh, United States
Duration: Nov 1 2016Nov 3 2016

Other

Other2nd IEEE International Conference on Collaboration and Internet Computing, IEEE CIC 2016
CountryUnited States
CityPittsburgh
Period11/1/1611/3/16

Fingerprint

intelligence
Fusion reactions
threat
event
workflow
systems analysis
Controllers
transaction
social network
Malware

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Sociology and Political Science

Cite this

Modi, A., Sun, Z., Panwar, A., Khairnar, T., Zhao, Z., Doupe, A., ... Black, P. (2017). Towards automated threat intelligence fusion. In Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016 (pp. 408-416). [7809731] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CIC.2016.060

Towards automated threat intelligence fusion. / Modi, Ajay; Sun, Zhibo; Panwar, Anupam; Khairnar, Tejas; Zhao, Ziming; Doupe, Adam; Ahn, Gail-Joon; Black, Paul.

Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016. Institute of Electrical and Electronics Engineers Inc., 2017. p. 408-416 7809731.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Modi, A, Sun, Z, Panwar, A, Khairnar, T, Zhao, Z, Doupe, A, Ahn, G-J & Black, P 2017, Towards automated threat intelligence fusion. in Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016., 7809731, Institute of Electrical and Electronics Engineers Inc., pp. 408-416, 2nd IEEE International Conference on Collaboration and Internet Computing, IEEE CIC 2016, Pittsburgh, United States, 11/1/16. https://doi.org/10.1109/CIC.2016.060
Modi A, Sun Z, Panwar A, Khairnar T, Zhao Z, Doupe A et al. Towards automated threat intelligence fusion. In Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016. Institute of Electrical and Electronics Engineers Inc. 2017. p. 408-416. 7809731 https://doi.org/10.1109/CIC.2016.060
Modi, Ajay ; Sun, Zhibo ; Panwar, Anupam ; Khairnar, Tejas ; Zhao, Ziming ; Doupe, Adam ; Ahn, Gail-Joon ; Black, Paul. / Towards automated threat intelligence fusion. Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 408-416
@inproceedings{7fadb727e4a64c5398cfb0e2c123a8bc,
title = "Towards automated threat intelligence fusion",
abstract = "The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.",
author = "Ajay Modi and Zhibo Sun and Anupam Panwar and Tejas Khairnar and Ziming Zhao and Adam Doupe and Gail-Joon Ahn and Paul Black",
year = "2017",
month = "1",
day = "6",
doi = "10.1109/CIC.2016.060",
language = "English (US)",
pages = "408--416",
booktitle = "Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Towards automated threat intelligence fusion

AU - Modi, Ajay

AU - Sun, Zhibo

AU - Panwar, Anupam

AU - Khairnar, Tejas

AU - Zhao, Ziming

AU - Doupe, Adam

AU - Ahn, Gail-Joon

AU - Black, Paul

PY - 2017/1/6

Y1 - 2017/1/6

N2 - The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.

AB - The volume and frequency of new cyber attacks have exploded in recent years. Such events have very complicated workflows and involve multiple criminal actors and organizations. However, current practices for threat analysis and intelligence discovery are still performed piecemeal in an ad-hoc manner. For example, a modern malware analysis system can dissect a piece of malicious code by itself. But, it cannot automatically identify the criminals who developed it or relate other cyber attack events with it. Consequently, it is imperative to automatically assemble the jigsaw puzzles of cybercrime events by performing threat intelligence fusion on data collected from heterogeneous sources, such as malware, underground social networks, cryptocurrency transaction records, etc. In this paper, we propose an Automated Threat Intelligence fuSion framework (ATIS) that is able to take all sorts of threat sources into account and discover new intelligence by connecting the dots of apparently isolated cyber events. To this end, ATIS consists of 5 planes, namely analysis, collection, controller, data and application planes. We discuss the design choices we made in the function of each plane and the interfaces between two adjacent planes. In addition, we develop two applications on top of ATIS to demonstrate its effectiveness.

UR - http://www.scopus.com/inward/record.url?scp=85013213103&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85013213103&partnerID=8YFLogxK

U2 - 10.1109/CIC.2016.060

DO - 10.1109/CIC.2016.060

M3 - Conference contribution

SP - 408

EP - 416

BT - Proceedings - 2016 IEEE 2nd International Conference on Collaboration and Internet Computing, IEEE CIC 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -