Abstract
With the gradually sharing of threat intelligences, users concern more about their trustworthiness, which is difficult to be judged. Some threat intelligence sharing platforms choose to show the risk or credibility, and inform users the trustworthiness of the threat intelligence. Several researchers have proposed the requirements and techniques for threat intelligence trust assessment. However, they do not present any tool-based or model solutions. In this paper, we present a Trustworthiness Determination Approach for Threat Intelligence (MTIV) to make up these shortcomings. First, we propose a framework to excavate threat intelligence via multiple sharing platforms, and extract multidimensional trustful features of the threat intelligence. Based on these, contributions of dimensional trustful features to the trustworthiness determination can be derived. Then we introduce Deep Belief Network (DBN) to determine the trustworthiness of the threat intelligence. The experimental results verify that MTIV is more effective than traditional methods. Our work will be of benefit to build a more credible threat intelligence sharing platform, and enhance the capability of real-time detection and resisting the cyberspace attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hinton, G.E.: Training products of experts by minimizing contrastive divergence. Neural Comput. 14, 1771–1800 (2002)
Hinton, G.E., Salakhutdinov, R.R.: Reducing the dimensionality of data with neural networks. Science 313(5786), 504–507 (2006)
Su, X., Khoshgoftaar, T.M.: A survey of collaborative filtering techniques. Adv. Artif. Intell. Article ID 421425, p. 19 (2009)
Lucassen, T., Muilwijk, R.: Topic familiarity and information skills in online credibility evaluation. J. Assoc. Inf. Sci. Technol. 64(2), 254–264 (2013)
Ginsca, A.L., Popescu, A., Lupu, M.: Credibility in information retrieval. Found. Trends® Inf. Retr. 9(5), 355–475 (2015)
Skopik, F., Settanni, G., Fiedler, R.: A problem shared is a problem halved: a survey on the dimensions of collective cyber defense through security information sharing. Comput. Secur. 60, 154–176 (2016)
Gabrilovich, E., Markovitch, S.: Computing semantic relatedness using Wikipedia-based explicit semantic analysis. Morgan Kaufmann, San Francisco (2007)
Liu, J., Wang, C., Gao, J., Han, J.: Multi-view clustering via joint nonnegative matrix factorization. In: Proceedings of The 2013 SIAM International Conference on Data Mining. Society for Industrial and Applied Mathematics, pp. 252–260 (2013)
Ge, L., Gao, J., Li, X., Zhang, A.: Multi-source deep learning for information trustworthiness estimation. In: Proceedings of The 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD 2013), pp. 766–774. ACM, New York (2013)
Dandurand, L., Serrano, O.S.: Towards improved cyber security information sharing. In: Proceedings of The 5th International Conference on Cyber Conflict, pp. 1–16, Tallinn (2013)
Umbrich, J., Neumaier, S., Polleres, A.: Quality assessment and evolution of open data portals. In: Proceedings of The 3rd International Conference on Future Internet of Things and Cloud, pp. 404–411 (2015)
Brown, S., Gommers, J., Serrano, O.: From cyber security information sharing to threat management. In: Proceedings of The 2nd ACM Work-shop on WISCS 2015, pp. 43–49. ACM, New York (2015)
Sillaber, C., Sauerwein, C., Mussmann, A., Breu, R.: Data quality challenges and future research directions in threat intelligence sharing practice. In: The ACM Proceedings on Workshop on Information Sharing and Collaborative Security, pp. 65–70. ACM, New York (2016)
Bianco, D.: The Pyramid of Pain. http://detect-respond.blogspot.jp/2013/03/the-pyramid-of-pain.html
Poision Ivy: Assessing Dam age and Extracting Intelligence. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-poison-ivy.pdf
Definition: Threat Intelligence. https://www.gartner.com/doc/2487216/definition-threat-intelligence
Acknowledgements
This work is supported by the National Key Research and Development Program of China (No. 2016QY03D0605), the National Nature Science Foundation of China (Nos. 61672111, 61370069), and Beijing Natural Science Foundation (No. 4162043).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Li, L., Li, X., Gao, Y. (2017). MTIV: A Trustworthiness Determination Approach for Threat Intelligence. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-72395-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)