Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning Techniques

Ejaz, Sarwat; Noor, Umara; Rashid, Zahid

doi:10.2478/cait-2022-0019

Abstract

In an advanced and dynamic cyber threat environment, organizations need to yield more proactive methods to handle their cyber defenses. Cyber threat data known as Cyber Threat Intelligence (CTI) of previous incidents plays an important role by helping security analysts understand recent cyber threats and their mitigations. The mass of CTI is exponentially increasing, most of the content is textual which makes it difficult to analyze. The current CTI visualization tools do not provide effective visualizations. To address this issue, an exploratory data analysis of CTI reports is performed to dig-out and visualize interesting patterns of cyber threats which help security analysts to proactively mitigate vulnerabilities and timely predict cyber threats in their networks.

References

1. Hackmageddon: June 2021 Cyber Attack Statistics. https://www.hackmageddon.com/category/security/cyber-attacks-statistics/
Search in Google Scholar Back to article
2. Bartoli, A., A. de Lorenzo, E. Medvet, M. Faraguna, F. Tarl. A Security-Oriented Analysis of Web Inclusions in the Italian Public Administration. – Cybernetics and Information Technologies, Vol. 18, 2018, No 4, pp. 94-110.10.2478/cait-2018-0050
Search in Google Scholar Back to article
3. US-CERT: United States Computer Emergency Readiness Team. https://www.us-cert.gov/tlp
Search in Google Scholar Back to article
4. OpenIOC: An Open Framework for Sharing Threat Intelligence. http://www.openioc.org/
Search in Google Scholar Back to article
5. VERIS: The Vocabulary for Event Recording and Incident Sharing. http://veriscommunity.net/
Search in Google Scholar Back to article
6. IODEF Design principles and IODEF Data Model Overview. https://www.terena.org/activities/tf-csirt/meeting5/demchenko-iodef-design-datamodel.pdf
Search in Google Scholar Back to article
7. Cyber Observable eXpression: A Structured Language for Cyber Observables. https://cybox.mitre.org/
Search in Google Scholar Back to article
8. Structured Threat Information eXpression: A Structured Language for Cyber Threat Intelligence Information. http://stix.mitre.org/
Search in Google Scholar Back to article
9. Trusted Automated eXchange of Indicator Information: Enabling Cyber Threat Information Exchange. http://taxii.mitre.org/
Search in Google Scholar Back to article
10. Ten of the Best Threat Intelligence Feeds. https://d3security.com/blog/10-of-the-best-open-source-threat-intelligence-feeds/
Search in Google Scholar Back to article
11. Hail-a-Taxii. http://hailataxii.com/
Search in Google Scholar Back to article
12. ATT&CK MITRE. https://attack.mitre.org/
Search in Google Scholar Back to article
13. Venkatram, K., G. A. Mary. Review on Big Data & Analytics – Concepts, Philosophy, Process and Applications. – Cybernetics and Information Technologies, Vol. 17, 2017, No 2, pp. 3-27.10.1515/cait-2017-0013
Search in Google Scholar Back to article
14. Stixproject.github.io. (2019). About STIX | STIX Project Documentation. https://stixproject.github.io/about/
Search in Google Scholar Back to article
15. Strom, B. E., A. Applebaum, D. P. Miller, K. C. Nickels, A. G. Pennington, C. B. Thomas. Mitre att&ck: Design and Philosophy. Technical Report, 2018.
Search in Google Scholar Back to article
16. IBM X Force Exchange. https://exchange.xforce.ibmcloud.com/
Search in Google Scholar Back to article
17. Symantec Cyber Security. https://www.broadcom.com/products/cyber-security
Search in Google Scholar Back to article
18. Cyber Security Experts and Solution Provider. https://www.fireeye.com/
Search in Google Scholar Back to article
19. CrowdStrike: Leader in Endpoint Protection. https://www.crowdstrike.com/
Search in Google Scholar Back to article
20. Bromiley, M. Threat Intelligence: What It Is, And How to Use It Effectively. – SANS Institute InfoSec Reading Room, Vol. 15, 2016, 172.10.1515/9781400881147-004
Search in Google Scholar Back to article
21. Craig, M., A. Lakhotia, C. LeDoux, A. Newsom, V. Notani. VirusBattle: State-of-the-Art Malware Analysis for Better Cyber Threat Intelligence. – In: Proc. of 7th International Symposium on Resilient Control Systems (ISRCS’14), IEEE, 2014, pp. 1-6.10.1109/ISRCS.2014.6900103
Search in Google Scholar Back to article
22. STIXViz. (n.d.). Utilities & Developer Resources. http://stixproject.github.io/documentation/utilities/
Search in Google Scholar Back to article
23. Noel, S. Interactive Visualization and Text Mining for the Capec Cyber Attack Catalog. – In: Proc. of ACM Intelligent User Interfaces Workshop on Visual Text Analytics, 2015, pp. 1-8.
Search in Google Scholar Back to article
24. Zoomable Sunburst. https://bl.ocks.org/mbostock/4348373
Search in Google Scholar Back to article
25. Pebbles – Using Circular Treemaps to Visualize Disk Usage. http://lip.sourceforge.net/ctreemap.html.
Search in Google Scholar Back to article
26. FoamTree: Interactive Voronoi Treemap (n.d.). https://carrotsearch.com/foamtree
Search in Google Scholar Back to article
27. Zhao, H., L. Lu. Variational Circular Treemaps for Interactive Visualization of Hierarchical Data. – In: Proc. of IEEE Pacific Visualization Symposium (PacificVis’15), IEEE, 2015. pp. 81-85.10.1109/PACIFICVIS.2015.7156360
Search in Google Scholar Back to article
28. Daniel, B., M., A. Endert, D. Kidwell. 7 Key Challenges for Visualization in Cyber Network Defense. – In: Proc. of 11th Workshop on Visualization for Cyber Security, 2014, pp. 33-40.10.1145/2671491.2671497
Search in Google Scholar Back to article
29. Cawthon, N., A. V. Moere. The Effect of Aesthetic on the Usability of Data Visualization. – In: Proc. of 11th International Conference Information Visualization (IV’07), IEEE, 2007, pp. 637-648.10.1109/IV.2007.147
Search in Google Scholar Back to article
30. Bronwyn, W., S. J. Perl, B. Lindauer. Data Mining for Efficient Collaborative Information Discovery. – In: Proc. of 2nd ACM Workshop on Information Sharing and Collaborative Security, 2015, pp. 3-12.10.1145/2808128.2808130
Search in Google Scholar Back to article
31. Singh, N., S. S. Khurmi. Malware Analysis, Clustering and Classification: A Literature Review. – Int. J. Comput. Sci. Technol., Vol. 6, 2015, No 1, pp. 68-72.
Search in Google Scholar Back to article
32. Zahra, B., H. Hashemi, S. M. H. Fard, A. Hamzeh. A Survey on Heuristic Malware Detection Techniques. – In: Proc. of 5th Conference on Information and Knowledge Technology, IEEE, 2013, pp. 113-120.10.1109/IKT.2013.6620049
Search in Google Scholar Back to article
33. Kyle, O’M., D. Shick, J. Spring, E. Stoner. Malware Capability Development Patterns Respond to Defenses: Two Case Studies. White Paper, Software Engineering Institute, Carnegie Mellon University, 2016.
Search in Google Scholar Back to article
34. Saeed, I. A., A. Selamat, A. M. Abuagoub. A Survey on Malware and Malware Detection Systems. – International Journal of Computer Applications, Vol. 67, 2013, No 16.10.5120/11480-7108
Search in Google Scholar Back to article
35. Abedelaziz, M., O. Alrawi. Unveiling Zeus: Automated Classification of Malware Samples. – In: Proc. of 22nd International Conference on World Wide Web, 2013, pp. 829-832.
Search in Google Scholar Back to article
36. Han, J., M. Kamber. Data Mining. Concepts and Techniques. – In: Morgan Kaufmann. Vol. 340. 2012. 744 p.
Search in Google Scholar Back to article
37. Ikram, S. T., A. K. Cherukuri, B. Poorva, P. S. Ushasree, Y. Zhang, X. Liu, G. Li. Anomaly Detection Using XGBoost Ensemble of Deep Neural Network Models. – Cybernetics and Information Technologies, Vol. 21, 2021, No 3, pp. 175-188.10.2478/cait-2021-0037
Search in Google Scholar Back to article
38. ANOMAL STAXX. https://www.anomali.com/resources/staxx
Search in Google Scholar Back to article
39. Noor, U., Z. Anwar, A. W. Malik, S. Khan, S. Saleem. A Machine Learning Framework for Investigating Data Breaches Based on Semantic Analysis of Adversary’s Attack Patterns in Threat Intelligence Repositories. – Future Generation Computer Systems, Vol. 95, 2019, pp. 467-487.10.1016/j.future.2019.01.022
Search in Google Scholar Back to article
40. UmaraNoor/CTI-Visualizations-Using-R. https://github.com/UmaraNoor/CTI-Visualizations-Using-R-
Search in Google Scholar Back to article

Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning Techniques

Abstract

Paradigm

My account