|
|
Amplifying Cyber Threat Intelligence Analysis with Honeypots
Janout, Vladimír ; Gerlich, Tomáš (oponent) ; Ricci, Sara (vedoucí práce)
This thesis aims to research honeypots as a source of data for cyber threat intelligence analysis. To conduct this, a honeypot instance is configured and exposed to the internet in the cloud for a specified period. In the next part, a Python tool for querying three threat intelligence feeds is proposed. This tool serves for indicator enrichment. The utility of the tool is demonstrated in practice by enabling the analysis of indicators observed on the honeypot infrastructure. The last part of the work discusses the results and trends in the attacker’s behaviour based on the collected and processed data. In a case study, the focus is given to a single SSH session of interest and the acquired knowledge from it is mapped to the MITRE ATT&CK framework revealing attackers tactics, techniques and procedures.
|
|
|
Cyber Threat Intelligence: A Proposal of a Threat Intelligence Cycle from an Enterprise Perspective
Meli Tsofou, Cedric ; Butler, Eamonn (vedoucí práce) ; Střítecký, Vít (oponent) ; Fitzgerald, James (oponent)
The number of cyber attacks over the last decade has been increasing sharply while being more and more targeted and sophisticated at the same time. These types of targeted and sophisticated attacks are called advanced persistent threats (APTs) and cause lots of damages to companies through data losses, injecting viruses, amongst others. While cyber threat intelligence has been recognized by experts as an efficient tool to combat APTs, its implementation has been rather slow mainly due to a lack in clarity, consensus, and little academic research as to what exactly is cyber threat intelligence from the perspective of enterprise cyber security. Therefore, there is need to provide a unifying definition of cyber threat intelligence and its creation process from enterprise perspective. Through the lens of comparative analysis, this paper aims to challenge the stability of currently existing cyber threat intelligence cycles and definitions by a thematic analysis of various cyber security white papers and academic literature. Qualitative analysis will equally permit to have an insider view of the field and forge subjective opinions and allow for ambiguity, contradiction, and the generation of new ideas.
|
|
|
Beyond the Hype: A Comparative Case Study of the Impact of Artificial Intelligence and Machine Learning on Cybersecurity
De Blasi, Stefano ; Kilroy, Walt (vedoucí práce) ; Kaczmarski, Marcin (oponent) ; Špelda, Petr (oponent)
Artificial intelligence (AI) and machine learning (ML) are largely touted as the silver bullet for the shortcomings of cybersecurity. Driven by the latest achievements of machine learning in fields such as finance, healthcare, and commerce, security researchers and marketing strategists have ubiquitously employed AI and ML as buzzwords to rise the competitiveness of their products. This study aims at verifying the substance of such claims by assessing the extent of the impact of AI and ML products in the cybersecurity practice. To provide a reliable and valid assessment of this phenomenon, the researcher developed an original framework based on the comparison of three security disciplines: cyber threat intelligence, endpoint protection, and incident response. Each discipline is further analysed in terms of the improvements brought by artificial intelligence and machine learning products to the speed, accuracy, and innovation of their security operations. These results indicate that the impact of AI and ML products in cybersecurity is limited to environments characterised by vast amounts of healthy datasets and a partially limited range of options. On the other hand, the cyberspace is extremely variable and volatile and, thus, makes artificial intelligence and machine learning products severely...
|
|
|
Amplifying Cyber Threat Intelligence Analysis with Honeypots
Janout, Vladimír ; Gerlich, Tomáš (oponent) ; Ricci, Sara (vedoucí práce)
This thesis aims to research honeypots as a source of data for cyber threat intelligence analysis. To conduct this, a honeypot instance is configured and exposed to the internet in the cloud for a specified period. In the next part, a Python tool for querying three threat intelligence feeds is proposed. This tool serves for indicator enrichment. The utility of the tool is demonstrated in practice by enabling the analysis of indicators observed on the honeypot infrastructure. The last part of the work discusses the results and trends in the attacker’s behaviour based on the collected and processed data. In a case study, the focus is given to a single SSH session of interest and the acquired knowledge from it is mapped to the MITRE ATT&CK framework revealing attackers tactics, techniques and procedures.
|
host ::
RSS.