Global ETD Search

1	Towards Secure and Trustworthy Cyberspace: Social Media Analytics on Hacker Communities Li, Weifeng, Li, Weifeng January 2017 (has links) Social media analytics is a critical research area spawned by the increasing availability of rich and abundant online user-generated content. So far, social media analytics has had a profound impact on organizational decision making in many aspects, including product and service design, market segmentation, customer relationship management, and more. However, the cybersecurity sector is behind other sectors in benefiting from the business intelligence offered by social media analytics. Given the role of hacker communities in cybercrimes and the prevalence of hacker communities, there is an urgent need for developing hacker social media analytics capable of gathering cyber threat intelligence from hacker communities for exchanging hacking knowledge and tools. My dissertation addressed two broad research questions: (1) How do we help organizations gain cyber threat intelligence through social media analytics on hacker communities? And (2) how do we advance social media analytics research by developing innovative algorithms and models for hacker communities? Using cyber threat intelligence as a guiding principle, emphasis is placed on the two major components in hacker communities: threat actors and their cybercriminal assets. To these ends, the dissertation is arranged in two parts. The first part of the dissertation focuses on gathering cyber threat intelligence on threat actors. In the first essay, I identify and profile two types of key sellers in hacker communities: malware sellers and stolen data sellers, both of which are responsible for data breach incidents. In the second essay, I develop a method for recovering social interaction networks, which can be further used for detecting major hacker groups, and identifying their specialties and key members. The second part of the dissertation seeks to develop cyber threat intelligence on cybercriminal assets. In the third essay, a novel supervised topic model is proposed to further address the language complexities in hacker communities. In the fourth essay, I propose the development of an innovative emerging topic detection model. Models, frameworks, and design principles developed in this dissertation not only advance social media analytics research, but also broadly contribute to IS security application and design science research. Business Intelligence Cyber Threat Intelligence Social Media Analytics Text Mining
2	The Challenges in Leveraging Cyber Threat Intelligence / Utmaningarna med att bemöta cyberhot motunderrättelseinformation Gupta, Shikha, Joseph, Shijo, Sasidharan, Deepu January 2021 (has links) Today cyber attacks, incidents, threats, and breaches continue to rise in scale and numbers, as sophisticated attackers continuously break through conventional safeguards each day. Whether strategic, operational, or tactical, threat intelligence can be defined as aggregated information and analytics that feed the different pillars of any given company’s cybersecurity infrastructure. It provides numerous benefits, enabling improved prediction and detection of threats, empowering and informing organizations to make better decisions during as well as following any cyber attack and aiding them to develop a proactive cyber security posture. It helps provide actionable intelligence, which equips senior management to make timely actions and decisions that might otherwise have an impact on the company’s ability to keep ahead and defend against this growing sea of threats. Driving momentum in this area also helps reduce their reaction times, enabling a shift for organizations to become more proactive than reactive. Perimeter defenses seem to no longer suffice as threats are becoming more complex and escalating with no best practices and guidelines available for companies to follow after, during, or before the time of the threat and risk due to the multiple components involved, including the various standards and platforms. Sharing and analyzing threat data effectively requires standard formats, protocols, shared understanding of the relevant terminology, purpose, and representation. Threat intelligence and its analysis are seen as a vital component of cyber security and a tool that many companies cannot leverage and utilize fully. Securing today's organizations and businesses, therefore, will require a new approach. In our study with security executives working across multiple industries, we have identified the various challenges that prevent the successful adoption of threat intelligence and with the rising adoption of the multiple platforms, including issues related to data quality, absence of universal standard format and protocol, challenge enforcing data sharing based on CTI data attribute, lack of authentication and confidentiality preventing data sharing, missing API integration capability in conjunction with multi-vendor tools, lack of identification of tacticalIOCs, failure to define TTL value(s), lack of deep automation, analytical and visualization capabilities. Ensuring the right expertise and capabilities in these identified areas will help leverage threat intelligence effectively, help to sharpen the focus, and provide the needed competitive edge. Threat Intelligence Cyber Threat Intelligence Computer Systems Datorsystem
3	Cyber Threat Intelligence from Honeypot Data using Elasticsearch Al-Mohannadi, Hamad, Awan, Irfan U., Al Hamar, J., Cullen, Andrea J., Disso, Jules P., Armitage, Lorna 18 May 2018 (has links) yes / Cyber attacks are increasing in every aspect of daily life. There are a number of different technologies around to tackle cyber-attacks, such as Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), firewalls, switches, routers etc., which are active round the clock. These systems generate alerts and prevent cyber attacks. This is not a straightforward solution however, as IDSs generate a huge volume of alerts that may or may not be accurate: potentially resulting in a large number of false positives. In most cases therefore, these alerts are too many in number to handle. In addition, it is impossible to prevent cyber-attacks simply by using tools. Instead, it requires greater intelligence in order to fully understand an adversary’s motive by analysing various types of Indicator of Compromise (IoC). Also, it is important for the IT employees to have enough knowledge to identify true positive attacks and act according to the incident response process. In this paper, we have proposed a new threat intelligence technique which is evaluated by analysing honeypot log data to identify behaviour of attackers to find attack patterns. To achieve this goal, we have deployed a honeypot on an AWS cloud to collect cyber incident log data. The log data is analysed by using elasticsearch technology namely an ELK (Elasticsearch, Logstash and Kibana) stack. Cyber attacks Cyber threats Honeypot data Elasticsearch Cyber threat intelligence technique
4	Reference Model to Identify the Maturity Level of Cyber Threat Intelligence on the Dark Web Santos, Ricardo Meléndez, Gallardo, Anthony Aguilar, Aguirre, Jimmy Armas 01 January 2021 (has links) El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado. / In this article, we propose a reference model to identify the maturity level of the cyber intelligence threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of three phases: (1) Identification of information assets using cyber threat intelligence tools. (2) Diagnosis of the exposure of information assets. (3) Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru, with data obtained by the institution. The measurement was made with artifacts that allowed to obtain an initial value of the current panorama of the company. Preliminary results showed 196 emails and passwords exposed on the dark web of which one corresponded to the technology manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls, the “Advanced” level was reached. / Revisión por pares Cyber threat intelligence Cybersecurity Dark web Maturity model Information assets Intelligence tool Maturity levels Reference modeling Technology managers
5	Исследование и разработка web-портала для отслеживания данных о киберугрозах : магистерская диссертация / Research and development web portal for data monitoring of cyber threat intelligence Зиновьев, А. Н., Zinovev, A. N. January 2023 (has links) В работе были в полном объёме рассмотрены теоретические аспекты разведки об угрозах (threat intelligence), разработаны метрики, проанализированы и проранжированы информационные источники и разработан веб-портал для взаимодействия с отобранными информационными источниками CTI. Был разработан веб портал для отслеживания данных об угрозах кибер-атак. Полученные результаты имеют теоретическую и практическую значимость так, как могут быть использованы при построении информационной безопасности предприятия. / In this work was described theoretical and practical aspects about cyber threat intelligence and information security. Information sources of cyber threat intelligence was group and ranged. Web portal for data monitoring of cyber threat intelligence was developed. The results are gained a theoretical and practical aspects for information security of enterprise. КИБЕРУГРОЗЫ WEB-ПОРТАЛ ОБНАРУЖЕНИЕ УГРОЗ MASTER'S THESIS CYBER THREAT INTELLIGENCE CTI WEB PORTAL INFORMATION SECURITY
6	Cyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysis Al-Mohannadi, Hamad January 2019 (has links) Cyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time. / Government of Qatar Cyber-attack Cyber-attack modelling Cyber threat intelligence Elasticsearch Honeypots Cloud services Attack awareness Object-based model
7	BRIDGING THE GAP IN VULNERABILITY MANAGEMENT : A tool for centralized cyber threat intelligence gathering and analysis Vlachos, Panagiotis January 2023 (has links) A large number of organizations these days are offering some kind of digital services, relyon digital technologies for processing, storing, and sharing of information, are harvesting moderntechnologies to offer remote working arrangements and may face direct cybersecurity risks. Theseare some of the properties of a modern organization. The cybersecurity vulnerability managementprograms of most organizations have been relying on one-dimensional information to prioritizeefforts of remedying security flaws for many years. When combined with the ever-growing attacksurface of modern organizations, the number of vulnerabilities disclosed yearly and the limitedresources available to cybersecurity teams, this renders the goal of securing an organization almostimpossible. This thesis aims at reviewing existing methodologies as observed in academicliterature and in the industry, highlighting their disadvantages, as well as the importance of adynamic, data-driven and informed approach and finally providing a tool that can assist thevulnerability prioritization efforts and increase resource utilization and efficiency. The thesis isinspired by Design Science Research, to design and develop a web-based cybersecurity tool thatcan be utilized towards a data-rich and rigorous approach of Vulnerability Management, by relyingon various cyber threat intelligence metrics. Vulnerability management Cyber threat intelligence Common vulnerability scoring system Exploit prediction scoring system Övrig annan teknik
8	Integration of CTI into security management Takacs, Gergely January 2019 (has links) Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers. Cyber Threat Intelligence CTI security management information security InfoSec operational CTI technical CTI threat intelligence TIP threat information portal cybersecurity threat management risk management InfoSec management Computer Systems Datorsystem
9	Modelo de referencia para identificar el nivel de madurez de ciberinteligencia de amenazas en la dark web Aguilar Gallardo, Anthony Josue, Meléndez Santos, Ricardo Alfonso 31 October 2020 (has links) La web oscura es una zona propicia para actividades ilegales de todo tipo. En los últimos tiempos los cibercriminales están cambiando su enfoque hacia el tráfico de informacion (personal o corporativa) porque los riesgos son mucho más bajos en comparación con otros tipos de delito. Hay una gran cantidad de información alojada aquí, pero pocas compañías saben cómo acceder a estos datos, evaluarlos y minimizar el daño que puedan causar. El presente trabajo propone un modelo de referencia para identificar el nivel de madurez del proceso de Ciber Inteligencia de Amenazas. Esta propuesta considera la información comprometida en la web oscura, originando un riesgo latente que las organizaciones no consideran en sus estrategias de ciberseguridad. El modelo propuesto tiene como objetivo aumentar el nivel de madurez del proceso mediante un conjunto de controles propuestos de acuerdo a los hallazgos encontrados en la web oscura. El modelo consta de 3 fases:1. Identificación de los activos de información mediante herramientas de Ciber inteligencia de amenazas. 2. Diagnóstico de la exposición de los activos de información. 3. Propuesta de controles según las categorías y criterios propuestos. La validación de la propuesta se realizó en una institución de seguros en Lima, Perú con datos obtenidos por la institución. Los resultados preliminares mostraron 196 correos electrónicos y contraseñas expuestos en la web oscura de los cuales 1 correspondía al Gerente de Tecnología. Con esta identificación, se diagnosticó que la institución se encontraba en un nivel de madurez “Normal”, y a partir de la implementación de los controles propuestos se llegó al nivel “Avanzado”. / The dark web is an area conducive to illegal activities of all kinds. In recent times, cybercriminals are changing their approach towards information trafficking (personal or corporate) because the risks are much lower compared to other types of crime. There is a wealth of information hosted here, but few companies know how to access this data, evaluate it, and minimize the damage it can cause. In this work, we propose a reference model to identify the maturity level of the Cyber Intelligence Threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of 3 phases: 1. Identification of information assets using cyber threat intelligence tools. 2. Diagnosis of the exposure of information assets. 3. Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru with data obtained by the institution. Preliminary results showed 196 emails and passwords exposed on the dark web of which 1 corresponded to the Technology Manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls the “Advanced” level was reached. / Tesis Ciberseguridad Ciber inteligencia de amenazas Modelo de madurez Web oscura Cybersecurity Cyber threat intelligence Maturity model Dark Web
10	Cybersäkerhet : Distansarbetets påverkan på cybersäkerhet inom företag Håman, Philip, Kasum, Edin, Klingberg, Olof January 2022 (has links) Digitaliseringen och den konstanta utvecklingen av teknologi i vårt samhälle har medfört många förändringar de senaste åren. I olika områden inom yrkeslivet har rutiner och system behövt uppdaterats för att hålla jämna steg med digitaliseringen. Idag är det inte ovanligt för anställda att arbeta på distans, vanligtvis från sina egna hem. Utöver detta, har Covid-19-pandemin som drabbade världen under 2020, endast utökat och påskyndat processen där företag behöver anpassa sig till denna typ av arbete. Trots att möjligheten att kunna jobba hemifrån reflekterar en modern arbetsplats såväl som ett modernt samhälle, öppnar det även upp frågan om potentiella cyberhot. På grund av detta undersöker nuvarande studie forskningsfrågan: Hur har cybersäkerhet inom företag påverkats av utökat distansarbete? Som avgränsning fokuserar studien specifikt på den finansiella sektorn. Forskningsmetoden som valts ut för studien har varit kvalitativ, i form av primär datainsamling genom semistrukturerade intervjuer som sedan analyserats med hjälp av tematisk analys. Samtliga respondenter arbetar med och har erfarenhet av cybersäkerhet samt har en koppling till finanssektorn. Vidare fokuserar dessa intervjuer på olika aspekter av hur säkerheten inom företag har påverkats av det ökade distansarbetet hemifrån. För att kunna besvara detta, ställdes en rad specifika frågor angående förändringar, kommunikation, cyberhot och utmaningar på grund av distansarbete till respondenterna. Det insamlade och analyserade resultatet visar på att majoriteten av respondenterna anser att jobba hemifrån betyder en ökad mängd förändringar i form av hantering av information, inloggningsrutiner, behörigheter, utrustning och ibland även förändring av IT-infrastrukturen i företagen. Resultaten visar även på hot och utmaningar som kan uppstå vid distansarbete. En slutsats som därmed kan dras från studien är att företagens cybersäkerhet påverkas och hanteras på olika sätt när det kommer till det ökade distansarbetet. Dessa bemöts enligt respondenterna med olika strategier, rutiner och riskminimering. För att vidare minimera cyberhoten vid arbete hemifrån i framtiden, är den generella uppfattningen i studien att företag behöver arbeta förebyggande och utbilda personal i frågan om cybersäkerhet när man inte befinner sig på ordinarie arbetsplats. Trots att respondenterna tillsammans med föregående studier anser att cyberhoten har ökat de senaste åren, håller de med varandra om svårigheten att fastställa om det är ett faktum att de har ökat på grund av just ökat distansarbete. Eftersom det inte alltid rapporteras om hoten som finns mot finanssektorn på grund av anseende- och trovärdighetsskäl, har det varit en utmaning att få tillräckliga svar i de i utförda intervjuerna. / The digitalization and constant development of technology in our society has brought many changes over the last few years. In various areas of the work field, routines and systems have been updated to keep up with the digitalization. Nowadays it is not unusual for employees to be teleworking, most commonly to work from their own homes. On top of that, the global Covid-19-pandemic that hit the world in 2020, has only increased and speeded up the process for companies to adjust to this type of work. Even though being able to work from home reflects a modern workplace as well as society, it does open the question about possible online threats. Therefore, this current study examines the question: How does the increasing teleworking trend affect cybersecurity in organizations? As a demarcation, the study specifically focuses on the financial sector. The research method selected for the study has been of qualitative nature, during which primary data was collected through semi-structured interviews which further were analyzed using thematic analysis. The respondents are all employees and have experience within cybersecurity, related to the financial sector. Furthermore, these interviews focus on different aspects of how the cybersecurity of companies has been affected by the recent increase in teleworking from home. To shed light on the matter, the respondents were asked a specific set of questions regarding changes in; communication, cyber threats and challenges all due to telework. The results gathered and analyzed do show that the majority of the respondents believe that working from home does mean an increased amount of changes in ways of handling information, login-routines, competence, equipment and sometimes even the infrastructure of their IT-systems. Additionally, the results also show threats and challenges that may occur due to increased teleworking, such as larger attack surfaces. Therefore, a conclusion that can be drawn from the study is that there are different ways in which the cybersecurity of companies can be affected by the increasing teleworking trend. According to the respondents, these challenges are met with different strategies, routines and risk minimization. To further minimize future cyberthreats when working from home, the general perception drawn from the study is that companies have to work preventively and as well as educate staff on threats and risks associated with increased teleworking. However, while the respondents and previous studies believe that threats have increased over the last couple of years, they do agree on the difficulty of determining whether it is in fact due to the increased amount of telework. Since the cyberthreats against the financial sector are not always spoken about or reported for reasons of reputation and credibility, there were also respondents who have been hersistant in providing full answers to the interviews. Cybersecurity telework information security cyber threats cyber threat intelligence human factors Covid-19 safety risks Cybersäkerhet distansarbete informationssäkerhet dataintrång underrättelser om cyberhot mänskliga faktorer Covid-19 säkerhetsrisker Computer and Information Sciences Data- och informationsvetenskap Computer Engineering Datorteknik

Search results