Human-as-a-security-sensor for harvesting threat intelligence

Cybersecurity - Tập 2 Số 1 - 2019
Manfred Vielberth1, Florian Menges1, Günther Pernul1
1Universität Regensburg, Regensburg, Germany

Tóm tắt

Abstract Humans are commonly seen as the weakest link in corporate information security. This led to a lot of effort being put into security training and awareness campaigns, which resulted in employees being less likely the target of successful attacks. Existing approaches, however, do not tap the full potential that can be gained through these campaigns. On the one hand, human perception offers an additional source of contextual information for detected incidents, on the other hand it serves as information source for incidents that may not be detectable by automated procedures. These approaches only allow a text-based reporting of basic incident information. A structured recording of human delivered information that also provides compatibility with existing SIEM systems is still missing. In this work, we propose an approach, which allows humans to systematically report perceived anomalies or incidents in a structured way. Our approach furthermore supports the integration of such reports into analytics systems. Thereby, we identify connecting points to SIEM systems, develop a taxonomy for structuring elements reportable by humans acting as a security sensor and develop a structured data format to record data delivered by humans. A prototypical human-as-a-security-sensor wizard applied to a real-world use-case shows our proof of concept.

Từ khóa


Tài liệu tham khảo

Anti-Phishing Working Group, IReport Phishing. https://www.antiphishing.org/report-phishing/overview/ . Accessed 19.01.2019.

Appala, S, Cam-Winget N, McGrew D, Verma J (2015) An Actionable Threat Intelligence system using a Publish-Subscribe communications model. Proc 2nd ACM Workshop Inf Sharing Collab Secur - WISCS ’15:61–70.

Barnum, S (2014) Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). http://stixproject.github.io/getting-started/whitepaper/ . Accessed 2019-02-21.

Bhatt, S, Manadhata PK, Zomlot L (2014) The operational role of security information and event management systems. IEEE Secur Privacy 12(5):35–41.

Böhm, F, Menges F, Pernul G (2018) Graph-based visual analytics for cyber threat intelligence. Cybersecurity 1(1).

Burger, EW, Goodman MD, Kampanakis P, Zhu KA (2014) Taxonomy model for cyber threat intelligence information exchange technologies In: WISCS ’14 Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, 51–60.

Crowley, C, Pescatore J (2018) Sans 2018 security operations center survey.

Dandurand, L, Kaplan A, Kácha P, Kadobayashi Y, Kompanek A, Lima T, Millar T, Nazario J, Perlotto R, Young W (2015) Standards and Tools for Exchange and Processing of Actionable Information.

Fenz, S, Heurix J, Neubauer T, Pechstein F (2014) Current challenges in information security risk management. Inf Manag & Comput Secur 22(5):410–430.

Fransen, F, Smulders A, Kerkdijk R (2015) Cyber security information exchange to gain insight into the effects of cyber threats and incidents. Elektrotechnik & Informationstechnik 18:106–112.

Google LLC. Gmail. https://mail.google.com/ . Accessed 19.01.2019.

Heartfield, R, Loukas G, Gan D (2016) You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks. IEEE Access 4:6910–6928.

Heartfield, R, Loukas G (2018) Detecting semantic social engineering attacks with the weakest link: Implementation and empirical evaluation of a human-as-a-security-sensor framework. Comput Secur 76:101–127.

Hintzbergen, J, Hintzbergen K, Smulders A, Baars H (2015) Foundations of Information Security: Based on ISO 27001 and ISO 27002. 3rd. Van Haren Publishing, Zaltbommel.

Holik, F, Horalek J, Neradova S, Zitta S, Marik O (2015) The deployment of security information and event management in cloud infrastructure In: 2015 25th International Conference Radioelektronika (RADIOELEKTRONIKA), 399–404.

ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements (2013) Technical report. Int Org Standard.

Joint Task Force Transformation Initiative (2012) Guide for Conducting Risk Assessments. National Institute of Standards and Technology, Gaithersburg, MD.

Juliadotter, NV, Choo K-KR (2015) Cloud attack and risk assessment taxonomy. IEEE Cloud Comput 2(1):14–20.

Klingner, S, Becker M (2012) Formal modelling of components and dependencies for configuring product-service-systems. Enterp Model Inf Syst Architectures 7(1).

Kostakos, V, Rogstadius J, Ferreira D, Hosio S, Goncalves J (2017) Human sensors In: Participatory Sensing, Opinions and Collective Awareness, 69–92.. Springer, Cham.

Lineberry, S (2007) The human element: The weakest link in information security. J Account 204(5):44.

Marinos, L (2016) ENISA Threat Taxonomy: A Tool for Structuring Threat Information.

Mello, J (2017) Security Awareness Training Explosion. https://cybersecurityventures.com/security-awareness-training-report/ . Accessed 28.02.2019.

Menges, F, Pernul G (2018) A comparative analysis of incident reporting formats. Comput Secur 73:87–101.

Microsoft CorporationDeal with abuse, phishing, or spoofing in Outlook.com. https://support.office.com/en-us/article/deal-with-abuse-phishing-or-spoofing-in-outlook-com-0d882ea5-eedc-4bed-aebc-079ffa1105a3 .

Nickerson, RC, Varshney U, Muntermann J (2013) A method for taxonomy development and its application in information systems. Eur J Inf Syst 22(3):336–359.

Peffers, K, Tuunanen T, Rothenberger MA, Chatterjee S (2007) A design science research methodology for information systems research. J Manag Inf Syst 24(3):45–77.

Rahman, SS, Heartfield R, Oliff W, Loukas G, Filippoupolitis A (2017) Assessing the cyber-trustworthiness of human-as-a-sensor reports from mobile devices In: 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), 387–394.

Shackleford, D, SANS Institute (2015) Who’s Using Cyberthreat Intelligence and How? https://www.alienvault.com/docs/SANS-Cyber-Threat-Intelligence-Survey-2015.pdf . Accessed 2019-02-21.

Sauerwein, C, Sillaber CN, Mussmann A, Breu R (2017) Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives In: 13. Internationale Tagung Wirtschaftsinformatik, WI 2017, St. Gallen.

Golovanov, S (2018) DarkVishnya: Banks attacked through direct connection to local network. https://securelist.com/darkvishnya/89169/ .

Turnbull, J (2019) The Art of Monitoring. Version 1.0.4.

Venable, J, Pries-Heje J, Baskerville R (2012) A comprehensive framework for evaluation in design science research In: International Conference on Design Science Research in Information Systems, 423–438.

Vielberth, M, Pernul G (2018) A security information and event management pattern In: 12th Latin American Conference on Pattern Languages of Programs (SugarLoafPLoP 2018).

Wang, D, Amin MT, Li S, Abdelzaher T, Kaplan L, Gu S, Pan C, Liu H, Aggarwal CC, Ganti R, Wang X, Mohapatra P, Szymanski B, Le H (2014) Using humans as sensors: An estimation-theoretic perspective In: IPSN-14 Proceedings of the 13th International Symposium on Information Processing in Sensor Networks, 35–46.. IEEE, Piscataway.

Thông tin
Thông tin xuất bản

Cybersecurity

Tập 2 Số 1

Thông tin tác giả