Abstract
Cyber-physical security of financial institutions is a critical and sensitive topic. In this context, the FINSEC project aims to design and build a reference architecture for the integrated physical and cyber security of financial institutions. To make feasible, the interactions among the different services of the FINSEC platform, a proper data model defining the exchanged information semantic is fundamental. One of the objectives of the FINSEC project is to integrate cyber and physical security measures in the financial services industry. To do so, the data model must consider both cyber and physical systems. In this paper, the authors present FINSTIX, namely the data model adopted in the FINSEC platform. In particular, they extended the Structured Threat Information eXpression (STIX) standard creating custom objects to describe the financial organization’s infrastructure and then to integrate cyber and physical security measures. The paper also reports an example of the use of FINSTIX in a relevant use case scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The report is available at the following link: https://clusit.it/pubblicazioni/.
- 2.
- 3.
- 4.
STIX Use Cases web page, http://stixproject.github.io/usecases/.
- 5.
STIX web page, https://oasis-open.github.io/cti-documentation/stix/intro.
- 6.
STIXTM Version 2.0. Part 2: STIX Objects, http://docs.oasis-open.org/cti/stix/v2.0/stix-v2.0-part2-stix-objects.html.
- 7.
STIXTM Version 2.0. Part 1: STIX Core Concepts, http://docs.oasis-open.org/cti/stix/v2.0/cs01/part1-stix-core/stix-v2.0-cs01-part1-stix-core.html.
- 8.
References
Abe, S., Uchida, Y., Hori, M., Hiraoka, Y., Horata, S.: Cyber threat information sharing system for industrial control system (ICS). In: 2018 57th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE), pp. 374–379. IEEE (2018)
Ackerman, P.: Industrial Cybersecurity: Efficiently Secure Critical Infrastructure Systems. Packt Publishing Ltd., Birmingham (2017)
Aviad, A., Wecel, K.: Cyber treat intelligence modeling. In: Abramowicz, W., Corchuelo, R. (eds.) BIS 2019. LNBIP, vol. 353, pp. 361–370. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-20485-3
Barnum, S.: Standardizing cyber threat intelligence information with the structured threat information expression (STIX). MITRE Corporation
Burger, E.W., Goodman, M.D., Kampanakis, P., Zhu, K.A.: Taxonomy model for cyber threat intelligence information exchange technologies. In: Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, pp. 51–60. ACM (2014)
Chia, V., et al.: Rethinking blockchain security: position paper. In: 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), pp. 1273–1280. IEEE (2018)
Fransen, F., Smulders, A., Kerkdijk, R.: Cyber security information exchange to gain insight into the effects of cyber threats and incidents. e & i Elektrotechnik und Informationstechnik 132(2), 106–112 (2015)
Gascon, H., Grobauer, B., Schreck, T., Rist, L., Arp, D., Rieck, K.: Mining attributed graphs for threat intelligence. In: Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy, pp. 15–22. ACM (2017)
Ginn, R.J., Ionescu, I.: Cyber threat analysis (2017)
Gong, N.: Barriers to adopting interoperability standards for cyber threat intelligence sharing: an exploratory study. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) SAI 2018. AISC, vol. 857, pp. 666–684. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-01177-2_49
Gore, R., Padilla, J., Diallo, S.: Markov chain modeling of cyber threats. J. Defense Model. Simul. 14(3), 233–244 (2017)
Guerar, M., Merlo, A., Migliardi, M., Palmieri, F., Verderame, L.: A fraud-resilient blockchain-based solution for invoice financing. IEEE Trans. Eng. Manage. 67, 1086–1098 (2020)
Hazeyama, H., Kadobayashi, Y., Miyamoto, D., Oe, M.: An autonomous architecture for inter-domain traceback across the borders of network operation. In: 11th IEEE Symposium on Computers and Communications (ISCC 2006), pp. 378–385. IEEE (2006)
Iqbal, Z., Anwar, Z., Mumtaz, R.: STIXGEN-a novel framework for automatic generation of structured cyber threat information. In: 2018 International Conference on Frontiers of Information Technology (FIT), pp. 241–246. IEEE (2018)
Jaeger, D., Ussath, M., Cheng, F., Meinel, C.: Multi-step attack pattern detection on normalized event logs. In: 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, pp. 390–398. IEEE (2015)
Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42–51 (2014)
Kim, E., Kim, K., Shin, D., Jin, B., Kim, H.: CyTIME: cyber threat intelligence management framework for automatically generating security rules. In: Proceedings of the 13th International Conference on Future Internet Technologies, p. 7. ACM (2018)
Kim, K., An, J.H., Yoo, J.: A design of IL-CyTIS for automated cyber threat detection. In: 2018 International Conference on Information Networking (ICOIN), pp. 689–693. IEEE (2018)
Ko, E., Kim, T., Kim, H.: Management platform of threats information in IoT environment. J. Ambient Intell. Humaniz. Comput. 9(4), 1167–1176 (2018)
Leichtnam, L., Totel, E., Prigent, N., Mé, L.: STARLORD: linked security data exploration in a 3D graph. In: 2017 IEEE Symposium on Visualization for Cyber Security (VizSec), pp. 1–4. IEEE (2017)
Lewis, T.G.: Critical Infrastructure Protection in Homeland Security: Defending a Networked Nation. Wiley, Hoboken (2019)
Li, J., Xue, Z.: Distributed threat intelligence sharing system: a new sight of P2P botnet detection. In: 2019 2nd International Conference on Computer Applications & Information Security (ICCAIS), pp. 1–6. IEEE (2019)
Liu, M., Xue, Z., He, X., Chen, J.: Cyberthreat-intelligence information sharing: enhancing collaborative security. IEEE Consum. Electron. Mag. 8(3), 17–22 (2019)
Lutf, M.: Threat intelligence sharing: a survey. J. Appl. Sci. Comput. 8(11), 1811–1815 (2018)
Martinelli, F., Osliak, O., Saracino, A.: Towards general scheme for data sharing agreements empowering privacy-preserving data analysis of structured CTI. In: Katsikas, S.K. (ed.) SECPRE/CyberICPS -2018. LNCS, vol. 11387, pp. 192–212. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12786-2_12
Narayanan, S.N., Ganesan, A., Joshi, K., Oates, T., Joshi, A., Finin, T.: Early detection of cybersecurity threats using collaborative cognition. In: 2018 IEEE 4th International Conference on Collaboration and Internet Computing (CIC), pp. 354–363. IEEE (2018)
Rattan, A., Kaur, N., Chamotra, S., Bhushan, S.: Attack data usability and challenges in its capturing and sharing
Sadique, F., Cheung, S., Vakilinia, I., Badsha, S., Sengupta, S.: Automated structured threat information expression (STIX) document generation with privacy preservation. In: 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) (IEEE UEMCON 2018) (2018)
Shackleford, D.: Who’s using cyberthreat intelligence and how? SANS Institute (2015)
Steinke, M., Hommel, W.: A data model for federated network and security management information exchange in inter-organizational IT service infrastructures. In: NOMS 2018–2018 IEEE/IFIP Network Operations and Management Symposium, pp. 1–2. IEEE (2018)
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence (2016)
Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212–233 (2018)
Ussath, M., Jaeger, D., Cheng, F., Meinel, C.: Pushing the limits of cyber threat intelligence: extending STIX to support complex patterns. Information Technology: New Generations. AISC, vol. 448, pp. 213–225. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-32467-8_20
Wagner, T.D., Palomar, E., Mahbub, K., Abdallah, A.E.: Towards an anonymity supported platform for shared cyber threat intelligence. In: Cuppens, N., Cuppens, F., Lanet, J.-L., Legay, A., Garcia-Alfaro, J. (eds.) CRiSIS 2017. LNCS, vol. 10694, pp. 175–183. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76687-4_12
Zarca, A.M., et al.: Security management architecture for NFV/SDN-aware IoT systems. IEEE Internet Things J. 6, 8005–8020 (2019)
Zhu, Z., Dumitras, T.: ChainSmith: automatically learning the semantics of malicious campaigns by mining threat intelligence reports. In: 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 458–472. IEEE (2018)
Acknowledgements
This work has been supported by the following research project: Integrated Framework for Predictive and Collaborative Security of Financial Infrastructures (FINSEC) project has received funding from the European Union’s Horizon 2020 Research and Innovation Programme under Grant agreement no. 786727.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Gazzarata, G. et al. (2021). FINSTIX: A Cyber-Physical Data Model for Financial Critical Infrastructures. In: Abie, H., et al. Cyber-Physical Security for Critical Infrastructures Protection. CPS4CIP 2020. Lecture Notes in Computer Science(), vol 12618. Springer, Cham. https://doi.org/10.1007/978-3-030-69781-5_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-69781-5_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69780-8
Online ISBN: 978-3-030-69781-5
eBook Packages: Computer ScienceComputer Science (R0)