Sökning: id:"swepub:oai:DiVA.org:ri-36397" >
Towards augmented p...
Towards augmented proactive cyberthreat intelligence
-
- Khan, Tanveer (författare)
- COMSATS Institute of Information Technology, Pakistan
-
- Alam, Masoom (författare)
- COMSATS Institute of Information Technology, Pakistan
-
- Akhunzada, Adnan (författare)
- RISE,SICS,COMSATS Institute of Information Technology, Pakistan
-
visa fler...
-
- Hur, Ali (författare)
- Trillium Information Security, Pakistan
-
- Asif, Muhammad (författare)
- COMSATS Institute of Information Technology, Pakistan ; Trillium Information Security, Pakistan
-
- Khan, Muhammad (författare)
- King Saud University, Saudi Arabia
-
visa färre...
-
(creator_code:org_t)
- Elsevier BV, 2019
- 2019
- Engelska.
-
Ingår i: Journal of Parallel and Distributed Computing. - : Elsevier BV. - 0743-7315 .- 1096-0848. ; 124, s. 47-59
- Relaterad länk:
-
https://urn.kb.se/re...
-
visa fler...
-
https://doi.org/10.1...
-
visa färre...
Abstract
Ämnesord
Stäng
- In cyber crimes, attackers are becoming more inventive with their exploits and use more sophisticated techniques to bypass the deployed security system. These attacks are targeted and are commonly referred as Advanced Persistent Threats (APTs). The currently available techniques to tackle these attacks are mostly reactive and signature based. Security Information and Event Management (SIEM), a proactive approach is the best solution. However, the major problem with SIEM is tackling huge amount of data in real time that makes it a time consuming and tedious task for security analyst. The use of threat intelligence caters to such issue by prioritizing the level of threat. In this paper, we assign risk score and confidence value to each feed generated at our product “T-Eye platform”. On the basis of these values, we assign a severity score to each feed type. Severity score assigns a level to the threat means prioritize the threat. The results, we achieved for prioritizing the threat is more apparent and accurate. In addition, we optimize the rules of IBM-Q-Radar by using threat feeds generated at T-Eye platform. Furthermore, a huge amount of false positive alarms generated at IBM Q-Radar is reduced to a certain extent.
Nyckelord
- Confidence
- IBM Q-Radar
- Risk score
- Rules
- Severity
- T-Eye feeds
- T-Eye platform
- Artificial intelligence
- Computer programming
- Radar
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas