张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

Kaige Wang,Qingyu Xiong,Chao Wu,Min Gao,Yang Yu

DOI: https://doi.org/10.1109/ijcnn48605.2020.9206663

2020-01-01

Abstract:Because social networks have become a vital part of people's lives, cyberbullying becomes the most common risk encountered by young people on social networking platforms and raised serious concerns in society. Over the past few decades, most existing work on cyberbullying has focused on text analysis. Yet, the cyberbullying develops into multi-objective, multi-channel, and multi-form. Traditional text analysis methods cannot satisfy the diversity of bullying data in social networks. To deal with the new type of cyberbullying, we propose a multi-modal detection framework that takes into multi-modal information(e.g., image, video, comments, time) on social networks. Specifically, we not only extract textual features but also use the hierarchical attention networks to capture the session feature in social networks and encode several media information(e.g., video, image). Based on these features, we model the multi-modal cyberbullying detection framework to solve the new form of cyberbullying. Experimental analysis on two real-world datasets shows that our framework outperforms several existing state-of-the-art models.

Yaguan Qian,Yankai Guo,Qiqi Shao,Jiamin Wang,Bin Wang,Zhaoquan Gu,Xiang Ling,Chunming Wu

DOI: https://doi.org/10.1145/3517806

2021-01-01

Abstract:Edge intelligence has played an important role in constructing smart cities, but the vulnerability of edge nodes to adversarial attacks becomes an urgent problem. A so-called adversarial example can fool a deep learning model on an edge node for misclassification. Due to the transferability property of adversarial examples, an adversary can easily fool a black-box model by a local substitute model. Edge nodes in general have limited resources, which cannot afford a complicated defense mechanism like that on a cloud data center. To address the challenge, we propose a dynamic defense mechanism, namely EI-MTD. The mechanism first obtains robust member models of small size through differential knowledge distillation from a complicated teacher model on a cloud data center. Then, a dynamic scheduling policy, which builds on a Bayesian Stackelberg game, is applied to the choice of a target model for service. This dynamic defense mechanism can prohibit the adversary from selecting an optimal substitute model for black-box attacks. We also conduct extensive experiments to evaluate the proposed mechanism, and results show that EI-MTD could protect edge intelligence effectively against adversarial attacks in black-box settings.

Xingbang Ma,Dongsheng Yu,Yanhui Du,Lanting Li,Wenkai Ni,Haibin Lv

DOI: https://doi.org/10.3390/electronics12112454

IF: 2.9

2023-05-30

Electronics

Abstract:With the development of the Internet, cyberattacks are becoming increasingly complex, sustained, and organized. Cyber threat intelligence sharing is one of the effective ways to alleviate the pressure on organizational or individual cyber security defense. However, the current cyber threat intelligence sharing lacks effective incentive mechanisms, resulting in mutual distrust and a lack of motivation to share among sharing members, making the security of sharing questionable. In this paper, we propose a blockchain-based cyber threat intelligence sharing mechanism (B-CTISM) to address the problems of free riding and lack of trust among sharing members faced in cyber threat intelligence sharing. We use evolutionary game theory to analyze the incentive strategy; the resulting evolutionarily stable strategy achieves the effect of promoting sharing and effectively curbing free-riding behavior. Then, the incentive strategy is deployed to smart contracts running in the trusted environment of blockchain, whose decentralization and tamper-evident properties can provide a trusted environment for participating members and establish trust without a third-party central institution to achieve secure and efficient cyber threat intelligence sharing. Finally, the effectiveness of the B-CTISM in facilitating and regulating threat intelligence sharing is verified through experimental simulation and comparative analysis.

engineering, electrical & electronic,computer science, information systems,physics, applied

Cong-fu XU,Wei-dong GENG,Yun-he PAN

DOI: https://doi.org/10.3321/j.issn:0372-2112.2001.03.020

2001-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:In this paper,a hierarchical blackboard model for intelligent fusion system of communication intercept information is brought forward.The architecture of this blackboard model and its implementation method are discussed,and some key algorithms and an application example are presented.The universality of this model in such kind of problem,in which the relation among all sub-blackboards tends to be hierarchical,is pointed out finally.

Chuyen Nguyen,Caleb Morgan,Sudip Mittal

DOI: https://doi.org/10.48550/arXiv.2208.07476

2022-08-16

Abstract:As the practicality of Artificial Intelligence (AI) and Machine Learning (ML) based techniques grow, there is an ever increasing threat of adversarial attacks. There is a need to red team this ecosystem to identify system vulnerabilities, potential threats, characterize properties that will enhance system robustness, and encourage the creation of effective defenses. A secondary need is to share this AI security threat intelligence between different stakeholders like, model developers, users, and AI/ML security professionals. In this paper, we create and describe a prototype system CTI4AI, to overcome the need to methodically identify and share AI/ML specific vulnerabilities and threat intelligence.

Cryptography and Security,Artificial Intelligence,Machine Learning

Chen Junhua

DOI: https://doi.org/10.1109/IMCCC.2013.79

2013-09-21

Abstract:To solve the lack of collaborative control and whole effect of security modules in the traditional early-warning systems, a novel network security collaborative early-warning technology is studied and a collaborative control framework and early-alert info quick-publish mechanism is proposed. This framework was based on multi-agent, which can make secure modules in the framework be associated with each other to accomplish to communication and work together. Furthermore, two corresponding multicast trees of early-alert information publish are established based on two multi-agent network typology structures: the bottom random overlay network and top hypercube structured overlay network. Simulation results show that this network security collaborative early-warning can make all module functions work normally and reduce this info load and publish time, furthermore, improve the network security system's collaborative defense capability well.

Computer Science

Zong-Xun Li,Yu-Jun Li,Yi-Wei Liu,Cheng Liu,Nan-Xin Zhou

DOI: https://doi.org/10.3390/sym15020337

2023-01-26

Symmetry

Abstract:Cyber threat intelligence (CTI) sharing has gradually become an important means of dealing with security threats. Considering the growth of cyber threat intelligence, the quick analysis of threats has become a hot topic at present. Researchers have proposed some machine learning and deep learning models to automatically analyze these immense amounts of cyber threat intelligence. However, due to a large amount of network security terminology in CTI, these models based on open-domain corpus perform poorly in the CTI automatic analysis task. To address this problem, we propose an automatic CTI analysis method named K-CTIAA, which can extract threat actions from unstructured CTI by pre-trained models and knowledge graphs. First, the related knowledge in knowledge graphs will be supplemented to the corresponding position in CTI through knowledge query and knowledge insertion, which help the pre-trained model understand the semantics of network security terms and extract threat actions. Second, K-CTIAA reduces the adverse effects of knowledge insertion, usually called the knowledge noise problem, by introducing a visibility matrix and modifying the calculation formula of the self-attention. Third, K-CTIAA maps corresponding countermeasures by using digital artifacts, which can provide some feasible suggestions to prevent attacks. In the test data set, the F1 score of K-CTIAA reaches 0.941. The experimental results show that K-CTIAA can improve the performance of automatic threat intelligence analysis and it has certain significance for dealing with security threats.

multidisciplinary sciences

Jianping Zhang,Tianyun Chen

2005-01-01

Journal of Computational Information Systems

Abstract:During the past over 30 years, intelligent tutoring systems (ITS) has been attracted a special attention in artificial intelligence (AI) area. However, the intelligence and collaboration of ITS will not always be very perfect. With the emergency of agent technology, many researchers have rebuilt the confidence in ITS research. And many achievements have been made in recent years. This paper designs a collaborative ITS model using agent technology called ACITS (Note: here we will use ACITS as the abbreviation of the model name). Then it introduces this model in detail, including architecture, working process of ACITS, as well as the collaboration of student agents in ACITS. It might benefit for improving the collaboration and intelligence of ITS.

Jun Zhao,Qiben Yan,Jianxin Li,Minglai Shao,Zuti He,Bo Li

DOI: https://doi.org/10.1016/j.cose.2020.101867

2020-08-01

Abstract:<p>Security organizations increasingly rely on Cyber Threat Intelligence (CTI) sharing to enhance resilience against cyber threats. However, its effectiveness remains dubious due to two major limitations: first, the existing approaches fail to identify the unseen types of <em>Indicator of compromise</em> (IOC); second, they are incapable of automatically generating categorized CTIs with domain tags (e.g., finance, government), which makes CTI sharing ineffective. To combat the challenges, this paper proposes TIMiner, a novel automated framework for CTI extraction and sharing based on social media data. Particularly, an efficient domain recognizer based on convolutional neural network is first implemented to identify CTIs' targeted domain. Then, an indicator of compromise (IOC) extraction approach based on word embedding and syntactic dependence is proposed, which provides the ability to identify unseen types of IOCs. Finally, the extracted IOC and its domain tag are integrated to generate a categorized CTI with specific-domain. TIMiner is capable of generating CTIs with domain tags automatically. With the categorized CTIs, <em>Threat-Index</em> is presented to quantify the severity of the threats toward different domains. Experimental results confirm that the proposed CTI domain recognizer and IOC extraction achieve superior performance with the accuracy exceeding 84% and 94%, respectively. Moreover, TIMiner stimulates new insights on the evolution of cyber attacks across multiple domains.</p>

computer science, information systems

Jeonghun Cha,Sushil Kumar Singh,Yi Pan,Jong Hyuk Park

DOI: https://doi.org/10.3390/su12166401

IF: 3.9

2020-01-01

Sustainability

Abstract:Nowadays, the designing of cyber-physical systems has a significant role and plays a substantial part in developing a sustainable computing ecosystem for secure and scalable network architecture. The introduction of Cyber Threat Intelligence (CTI) has emerged as a new security system to mitigate existing cyber terrorism for advanced applications. CTI demands a lot of requirements at every step. In particular, data collection is a critical source of information for analysis and sharing; it is highly dependent on the reliability of the data. Although many feeds provide information on threats recently, it is essential to collect reliable data, as the data may be of unknown origin and provide information on unverified threats. Additionally, effective resource management needs to be put in place due to the large volume and diversity of the data. In this paper, we propose a blockchain-based cyber threat intelligence system architecture for sustainable computing in order to address issues such as reliability, privacy, scalability, and sustainability. The proposed system model can cooperate with multiple feeds that collect CTI data, create a reliable dataset, reduce network load, and measure organizations' contributions to motivate participation. To assess the proposed model's effectiveness, we perform the experimental analysis, taking into account various measures, including reliability, privacy, scalability, and sustainability. Experimental results of evaluation using the IP of 10 open source intelligence (OSINT) CTI feeds show that the proposed model saves about 15% of storage space compared to total network resources in a limited test environment.

Kathy Nguyen,Shantanu Pal,Zahra Jadidi,Ali Dorri,Raja Jurdak

DOI: https://doi.org/10.48550/arXiv.2112.00262

2021-12-01

Abstract:In recent years Industrial Control Systems (ICS) have been targeted increasingly by sophisticated cyberattacks. Improving ICS security has drawn significant attention in the literature that emphasises the importance of Cyber Threat Intelligence (CTI) sharing in accelerating detection, mitigation, and prevention of cyberattacks. However, organisations are reluctant to exchange CTI due to fear of exposure, reputational damage, and lack of incentives. Furthermore, there has been limited discussion about the factors influencing participation in sharing CTI about ICS. The existing CTI-sharing platforms rely on centralised trusted architectures that suffer from a single point of failure and risk companies' privacy as the central node maintains CTI details. In this paper, we address the needs of organisations involved in the management and protection of ICS and present a novel framework that facilitates secure, private, and incentivised exchange of CTI related to ICS using blockchain. We propose a new blockchain-enabled framework that facilitates the secure dissemination of CTI data among multiple stakeholders in ICS. We provide the framework design, technical development and evaluate the framework's feasibility in a real-world application environment using practical use-case scenarios. Our proposed design shows a more practical and efficient framework for a CTI sharing network for ICS, including the bestowal and acknowledgment of data privacy, trust barriers, and security issues ingrained in this domain.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yinghui Wang,Yilong Ren,Zhiyong Cui,Haiyang Yu

2024-10-21

Abstract:Cybersecurity has become a crucial concern in the field of connected autonomous vehicles. Cyber threat intelligence (CTI), as the collection of cyber threat information, offers an ideal way for responding to emerging cyber threats and realizing proactive security defense. However, instant analysis and modeling of vehicle cybersecurity data is a fundamental challenge since its complex and professional context. In this paper, we suggest an automotive CTI modeling framework, Actim, to extract and analyse the interrelated relationships among cyber threat elements. Specifically, we first design a vehicle security-safety conceptual ontology model to depict various threat entity classes and their relations. Then, we manually annotate the first automobile CTI corpus by using real cybersecurity data, which comprises 908 threat intelligence texts, including 8195 entities and 4852 relationships. To effectively extract cyber threat entities and their relations, we propose an automotive CTI mining model based on cross-sentence context. Experiment results show that the proposed BERT-DocHiatt-BiLSTM-LSTM model exceeds the performance of existing methods. Finally, we define entity-relation matching rules and create a CTI knowledge graph that structurally fuses various elements of cyber threats. The Actim framework enables mining the intrinsic connections among threat entities, providing valuable insight on the evolving cyber threat landscape.

Cryptography and Security

Laura Rafferty,Farkhund Iqbal,Saiqa Aleem,Zhihui Lu,Shih-Chia Huang,Patrick C. K. Hung

DOI: https://doi.org/10.1109/iciot.2018.00016

2018-01-01

Abstract:While the Internet of Things (IoT) continue to extend deeper into the daily lives of people, the domain of the smart home offers a unique need for security. Traditional firewalls and antivirus are not sufficient to protect the connected home from security threats, and to date, there have been limited solutions provided for this problem. This paper explores the recent works in this area and presents a new approach towards securing smart home networks through multi-agent collaboration. The model uses Beliefs, Desires, and Intentions (BDI) architecture for intelligent agent decision making, as well as a multi-agent collaboration model for achieving mutual security goals within the smart home network. For initial proof of concept, we provide a use case demonstrating the coordination of the threat response decision between operational availability and security risk agents as a qualitative coalitional game. This model can also be extended to other areas such as threat modeling, vulnerability scanning, and patching, as well as more advanced threat engagement and distraction. Throughout, we also consider operational goals of convenience and availability as required for a usability perspective within the smart home environment.

Dincy R. Arikkat,Mert Cihangiroglu,Mauro Conti,Rafidha Rehiman K. A.,Serena Nicolazzo,Antonino Nocera,Vinod P

2024-06-20

Abstract:The rise of IT-dependent operations in modern organizations has heightened their vulnerability to cyberattacks. As a growing number of organizations include smart, interconnected devices in their systems to automate their processes, the attack surface becomes much bigger, and the complexity and frequency of attacks pose a significant threat. Consequently, organizations have been compelled to seek innovative approaches to mitigate the menaces inherent in their infrastructure. In response, considerable research efforts have been directed towards creating effective solutions for sharing Cyber Threat Intelligence (CTI). Current information-sharing methods lack privacy safeguards, leaving organizations vulnerable to leaks of both proprietary and confidential data. To tackle this problem, we designed a novel framework called SeCTIS (Secure Cyber Threat Intelligence Sharing), integrating Swarm Learning and Blockchain technologies to enable businesses to collaborate, preserving the privacy of their CTI data. Moreover, our approach provides a way to assess the data and model quality, and the trustworthiness of all the participants leveraging some validators through Zero Knowledge Proofs. An extensive experimental campaign demonstrates our framework's correctness and performance, and the detailed attack model discusses its robustness against attacks in the context of data and model quality.

Cryptography and Security

Muhammad Tahir,Mingchu Li,Naeem Ayoub,Muhammad Aamir

DOI: https://doi.org/10.3390/app9030364

2019-01-22

Applied Sciences

Abstract:Computer networks are facing threats of ever-increasing frequency and sophistication. Encryption is becoming the norm in both legitimate and malicious network traffic. Therefore, intrusion detection systems (IDSs) are now required to work efficiently regardless of the encryption. In this study, we propose two new methods to improve the efficacy of the Cisco Cognitive Threat Analytics (CTA) system. In the first method, the efficacy of CTA is improved by sharing of intelligence information across a large number of enterprise networks. In the second method, a four variant-based global reputation model (GRM) is designed by employing an outlier ensemble normalization algorithm in the presence of missing data. Intelligence sharing provides additional information in the intrusion detection process, which is much needed, particularly for analysis of encrypted traffic with inherently low information content. Robustness of the novel outlier ensemble normalization algorithm is also demonstrated. These improvements are measured using both encrypted and non-encrypted network traffic. Results show that the proposed information sharing methods greatly improve the anomaly detection efficacy of malicious network behavior with bad base-line detection efficacy and slightly improve upon the average case.

Peng Gao,Xiaoyuan Liu,Edward Choi,Bhavna Soman,Chinmaya Mishra,Kate Farris,Dawn Song

DOI: https://doi.org/10.48550/arXiv.2101.07769

2021-02-27

Abstract:To remain aware of the fast-evolving cyber threat landscape, open-source Cyber Threat Intelligence (OSCTI) has received growing attention from the community. Commonly, knowledge about threats is presented in a vast number of OSCTI reports. Despite the pressing need for high-quality OSCTI, existing OSCTI gathering and management platforms, however, have primarily focused on isolated, low-level Indicators of Compromise. On the other hand, higher-level concepts (e.g., adversary tactics, techniques, and procedures) and their relationships have been overlooked, which contain essential knowledge about threat behaviors that is critical to uncovering the complete threat scenario. To bridge the gap, we propose SecurityKG, a system for automated OSCTI gathering and management. SecurityKG collects OSCTI reports from various sources, uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors, and constructs a security knowledge graph. SecurityKG also provides a UI that supports various types of interactivity to facilitate knowledge graph exploration.

Cryptography and Security,Artificial Intelligence,Computation and Language,Databases

Alexandros Papanikolaou,Aggelos Alevizopoulos,Christos Ilioudis,Konstantinos Demertzis,Konstantinos Rantos

DOI: https://doi.org/10.48550/arXiv.2301.03445

2023-01-09

Abstract:Developing intelligent, interoperable Cyber Threat Information (CTI) sharing technologies can help build strong defences against modern cyber threats. CTIs allow the community to share information about cybercriminals' threats and vulnerabilities and countermeasures to defend themselves or detect malicious activity. A crucial need for success is that the data connected to cyber risks be understandable, organized, and of good quality. The receiving parties may grasp its content and utilize it effectively. This article describes an innovative cyber threat intelligence management platform (CTIMP) for industrial environments, one of the Cyber-pi project's significant elements. The suggested architecture, in particular, uses cyber knowledge from trusted public sources and integrates it with relevant information from the organization's supervised infrastructure in an entirely interoperable and intelligent way. When combined with an advanced visualization mechanism and user interface, the services mentioned above provide administrators with the situational awareness they require while also allowing for extended cooperation, intelligent selection of advanced coping strategies, and a set of automated self-healing rules for dealing with threats.

Cryptography and Security