An architecture for processing a dynamic heterogeneous information network of security intelligence

Autor:	Anagnostopoulos, Marios, Kidmose, Egon, Laghaout, Amine, Olsen, Rasmus L., Homayoun, Sajad, Jensen, Christian D., Pedersen, Jens Myrup
Jazyk:	angličtina
Rok vydání:	2022
Předmět:	System architecture · Security intelligence Belief propagation Design matrices Graph network
Zdroj:	Anagnostopoulos, M, Kidmose, E, Laghaout, A, Olsen, R L, Homayoun, S, Jensen, C D & Pedersen, J M 2022, An architecture for processing a dynamic heterogeneous information network of security intelligence . in Proceedings of 15 th International Conference on Network and System Security . IEEE, pp. 185–201, 15 th International Conference on Network and System Security, Tianjin, China, 23/10/2021 . https://doi.org/10.1007/978-3-030-92708-0_11
DOI:	10.1007/978-3-030-92708-0_11
Popis:	Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=od______1202::9f2101d99b0d841226161903e54e6895 https://orbit.dtu.dk/en/publications/6e81674f-8353-4f00-98d4-595bb69adc8f Zobrazit plný text záznamu