Skip to main content
Springer Nature Link
Log in

Swarm-intelligence for the modern ICT ecosystems

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Digitalization is continuing facilitating our daily lives. The world is interconnected as never before, bringing close people, businesses, or other organizations. However, hackers are also coming close. New business and operational models require the collection and processing of massive amounts of data in real-time, involving utilization of complex information systems, large supply-chains, personal devices, etc. These impose several advantages for adversaries on the one hand (e.g., poorly protected or monitored elements, slow fashion of security updates/upgrades in components that gain little attention, etc.), and many difficulties for defenders on the other hand (e.g., administrate large and complex systems with high dynamicity) in this cyber-security interplay. Impactful attacks on ICT systems, critical infrastructures, and supply networks, as well as cyber-warfare are deriving the necessity for more effective defensives. This paper presents a swarm-intelligence solution for incident handling and response. Cyber Threat Intelligence (CTI) is continuously integrated in the system (i.e., MISP, CVEs, STIX, etc.), and Artificial Intelligence (AI)/Machine Learning (ML) are incorporated in the risk assessment and event evaluation processes. Several incident handling and response sub-procedures are automated, improving effectiveness and decreasing response time. Information concerning identified malicious activity is circulated back to the community (i.e., via the MISP information sharing platform) in an open loop. The proposal is applied in the supply-chain of healthcare organizations in Europe (considering also EU data protection regulations). Nevertheless, it is a generic solution that can be applied in any domain.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Data availability

The datasets generated during and/or analyzed during the current study are not publicly available due to confidentiality terms of the funding projects Grand Agreements but are available from the corresponding author on reasonable request.

Abbreviations

AI:

Artificial Intelligence

C&C:

Command and Control

CAPEC:

Common Attack Pattern Enumeration and Classification

CIL:

Cumulative Impact Level

CIS:

Center for Internet Security

CPE:

Common Platform Enumeration

CSC:

Critical Security Controls

CSIRT:

Computer Security Incident Response Team

CTI:

Cyber Threat Intelligence

CVD:

Coordinated Vulnerability Disclosure

CVE:

Common Vulnerabilities and Exposures

CVL:

Cumulative Vulnerability Level

CVSS:

Common Vulnerability Scoring System

DoS:

Denial of Service

DNS:

Domain Name System

EC:

Event Calculus

ECVL:

Entry’s Chain Vulnerability Level

EHR:

Electronic Health Record

ELK:

Elasticsearch, Logstash, and Kibana

ENISA:

European Union Agency for Cybersecurity

FVT:

Forensics Visualization Toolkit

ICT:

Information and Communications Technology

ICVL:

Individual Chain Vulnerability Level

IDS:

Intrusion Detection System

IDPS:

Intrusion Detection and Prevention System

IOA:

Indicator Of Attack

IOC:

Indicator of Compromise

IPCI:

Individual Propagated Chain Impact

IPVL:

Individual Propagated Vulnerability Level

ISAC:

Information Sharing and Analysis Center

IVL:

Individual Vulnerability Level

MISP:

Malware Information Sharing Platform

MitM:

Man in the Middle

ML:

Machine Learning

MTTResp:

Mean Time To Response

MTTRest:

Mean Time To Restore

NISTCSF:

NIST cyber-security framework

NLP:

Natural Language Processing

PA:

Primary Agent

PIL:

Propagated Impact Level

PVL:

Propagated Vulnerability Level

R2L:

Remote to Local

SA:

Supervisory Agent

SEM:

Security Event Management

SIM:

Security Information Management

SIS:

Smart Information Systems

SLA:

Service Level Agreement

STIX:

Structured Threat Information eXpression

TAXII:

Trusted Automated eXchange of Indicator Information

TLS:

Transport Layer Security

U2R:

User to Root

UEBA:

User and Entity Behavior Analytics

References

  1. Nankervis, A., Connell, J., Montague, A., Burgess, J.: The Fourth Industrial Revolution. Springer, Singapore, pp. 1–239.

  2. Corallo, A., Lazoi, M., Lezzi, M.: Cybersecurity in the context of Industry 4.o: A structured classification of critical assets and business impacts. Computer in Industry, Elsevier, 114, 1–15 (2020)

  3. Mukhopadhyay, I.: Cyber threats landscape overview under the new normal, ICT analysis and applications. pp. 729–736 Springer, (2022)

  4. Ding, J. et al., Cyber threats to smart grids: review, taxonomy, potential solutions, and future directions. Energies, MDPI, 15, 1–37.

  5. Ramakrishna, K.: The global threat landscape in 2020. Counter Terrorist Trends Anal, RSIS 13(1), 1–13 (2021)

    Google Scholar 

  6. Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput Secur Elsevier 72, 212–233 (2018)

    Article  Google Scholar 

  7. Morrison, A.: Cyber security landscape 2022. Deloitte, February, pp. 1–15 (2022)

  8. Sclette, D., Caselli, M., Pernul, G.: A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Commun Surv Tutor IEEE 23(4), 2525–2556 (2021)

    Article  Google Scholar 

  9. Fortune Business Insights, Cyber security market size, share & COVID-19 impact analysis, fortune business insights 2022. Available on-line at: https://www.fortunebusinessinsights.com/industry-reports/cyber-security-market-101165 (Access on 16/10/2022).

  10. Lella, I. et al., ENISA Threat Landscape 2023. ENISA, October, pp 1–161 (2023)

  11. Ertan, A. et al., Cyber threats and NATO 2030: horizon scanning and analysis. NATO CCDCOE Publications, pp 1–267 (2020)

  12. Singleton, C. et al., X-force threat intelligence index 2022. IBM, February, pp 1–59 (2022)

  13. Raj Samani, et al., McAfee Labs Threat Report 04.21. McAfee Corporation, April, 2021, pp 1–24.

  14. ESET, Cybersecurity trends 2021: Staying secure in uncertain times. ESET, March, pp 1–19 (2021)

  15. Sharwood, S.: US Doj reveals Russian supply chain attack targeting energy sector. The Register, March, (2022)

  16. Wang, P., Johnson, C.: Cybersecurity incident handling: a case Study of the Equifax data breach. Issues Inform Syst IACIS 19(3), 150–159 (2018)

    Google Scholar 

  17. Shafqat, N., Masood, A.: Comparative analysis of various national cyber security strategies. Int J Comput Sci Inform Secur 14(1), 129–136 (2016)

    Google Scholar 

  18. Carr, M.: Public-private partnerships in national cyber-security strategies. Int Affairs Wily 92(1), 43–62 (2016)

    Article  Google Scholar 

  19. A. Unwala, S. Ghori, “Brandishing the Cybered Bear: Informaiton war and the Russia-Ukraine conflict,” Military Cyber Affairs, vol. 1, issue 1, article 7, 2015, pp. 1–11.

  20. Willett, M.: The cyber dimension of the Russia-Ukraine war. Global Politics Strateg, Taylor, Francis 64(5), 7–26 (2022)

    Google Scholar 

  21. Stitilis, D., Pakutinskas, P., Malinauskaite, I.: EU and NATO cybersecurity strategies and national cyber security strategies: a comparative analysis. Secur J Springer 30, 1151–1168 (2017)

    Article  Google Scholar 

  22. Eggers, S.: A novel approach for analyzing the nuclear supply chain cyber-attack surface. Nuclear Eng Technol Elsevier 53(3), 879–887 (2021)

    Article  Google Scholar 

  23. Urciuoli, L., Mohanty, S., Hintsa, J., Bockesteijn, E.G.: The resilience of energy supply chains: a multiple case study approach on oil and gas supply chain to Europe. Supply Chain Manage: An Int J 19(1), 46–63 (2014)

    Article  Google Scholar 

  24. Ramsdale, A., Shiaeles, S., Kolokotronis, N.: A comparative analysis of cyber-threat intelligence sources, formats and languages. Electron, MDPI 9, 1–22 (2020)

    Google Scholar 

  25. Schlette, D., et al.: Measuring and visualizing cyber threat intelligence quality. Int. J. Inf. Secur. 20, 21–38 (2021)

    Article  Google Scholar 

  26. Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. Eur Intell Secur Inform Conf (EISIC) (2017). https://doi.org/10.1109/EISIC.2017.20

    Article  Google Scholar 

  27. Bahrami, P.N., et al.: Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J Inform Process Syst KIPS 15(4), 865–889 (2019)

    Google Scholar 

  28. Dargahi, T., et al.: A cyber-kill-chain based taxonomy of crypto-ransomware features. J Comput Virol Hacking Tech Springer 15, 277–305 (2019)

    Article  Google Scholar 

  29. Wagner, T.D., Mahbub, K., Palomar, E., Abdallah, A.E.: Cyber threat intelligence sharing: survey and research directions. Comput Secur Elsevier 87, 1–27 (2019)

    Google Scholar 

  30. Barnum, S. (2014) Structured threat information expression (STIXTM). MITRE Corporation 1–22

  31. Yeng, P.K., et al.: Data-driven and artificial intelligence (AI) approach for modelling and analyzing healthcare security practice: a systematic review. Intell Syst Appl Springer AISC 1250, 1–18 (2020)

    Google Scholar 

  32. Yeng, P. K. et al., (2019) Framework for healthcare security practice analysis, modeling and incentivization. Int Conf on Big Data (Big Data) IEEE 3242–3251

  33. Health-ISAC, Collaborating for resilience in healthcare—annual report 2022. Health-ISAC, 2022, pp. 1–28. Available on-line at: https://h-isac.org/wp-content/uploads/2023/04/2022_Health-ISAC-Annual-Report-sm.pdf (Access on 23/10/2023).

  34. Basheer, R., Alkhatib, B.: Threats from the dark: a review over dark web investigation research for cyber threat intelligence. J Comput Networks Commun Hindawi 2021, 1–21 (2021)

    Article  Google Scholar 

  35. Silvestri, S., et al.: A machine learning approach for the NLP-based analysis of cyber threats and vulnerabilities of the healthcare ecosystem. Sensors MDPI 23(2), 1–26 (2023)

    Article  Google Scholar 

  36. Silvestri, S., et al.: Cyber threat assessment and management for securing healthcare ecosystems using natural language processing. Int J Inform Secur Springer 23, 31–50 (2024)

    Article  Google Scholar 

  37. Ponemon Institute LLC, Cyber security in operational technology: 7 insights you need to know, march 2019. Ponemon Institute LLC, (2019)

  38. Taddeo, M.: Is cybersecurity a public good? Mind Mach Springer 29, 349–354 (2019)

    Article  Google Scholar 

  39. ISO/IEC (2016). ISO/IEC 27035–1:2016. Available on-line at: https://www.iso.org/standard/60803.html (Access on 23/10/2023).

  40. ISO/IEC (2016). ISO/IEC 27035–2:2016. Available on-line at: https://www.iso.org/standard/62071.html (Access on 23/10/2023).

  41. Barrett, M. P.: Framework for improving critical infrastructure cyber security. National Institute of Standards and Technology, Gaithersburg, Version 1.1, MD, USA (2018)

  42. Scarfone, K., Grance, T., Masone, K.: Computer security incident handling guide. NIST Spec. Publ. 800(61), 38 (2008)

    Google Scholar 

  43. West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece, G., Ruefle, R.: Handbook for computer security incident response teams (CSIRTs). Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst (2003)

  44. West-Brown, M., Stikvoort, D., Kossakowski, K., Killcrece, G., Ruefle, R.: Handbook for computer security incident response teams (csirts). DTIC Document, Tech. Rep., (2003)

  45. Alberts, C., Dorofee, A., Killcrece, G., Ruefle, R. Zajicek, M.: Defining incident management processes for csirts: a work in progress. (2004)

  46. Hashemi, Sayed Hadi, et al.: A comprehensive semi-automated incident handling workflow. 6th International Symposium on Telecommunications (IST). IEEE, (2012)

  47. ENISA (2010) The European union agency for cybersecurity (ENISA) have provided a good practice guide for incident management. Available on-line at: https://www.enisa.europa.eu/publications/good-practice-guide-for-incident-management (Access on 23/10/2023).

  48. Network, Europe. "Information security agency." Good practice guide for incident management 110 (2010)

  49. Sadoddin, R., Ghorbani, A.: Alert correlation survey: framework and techniques. In Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services. ACM, 2006, pp. 37.

  50. ISO/IEC 27039 (2015). Information technology—Security techniques—Selection, deployment, and operations of intrusion detection systems (IDPS). Available on-line at: https://www.iso.org/standard/56889.html (Access on 23/10/2023).

  51. ISO/IEC 27041 (2015) Information technology—Security techniques—Guidance on assuring suitability and adequacy of incident investigative method. Available on-line at: https://www.iso.org/standard/44405.html (Access on 23/10/2023).

  52. ISO/IEC 27042 (2015). Information technology—Security techniques—Guidelines for the analysis and interpretation of digital evidence. Available on-line at: https://www.iso.org/standard/44406.html (Access on 23/10/2023).

  53. CRR Supplemental resource guide (2016). Volume 5 incident management Version 1.1, Carnegie Mellon University. Available on-line at: https://www.cisa.gov/publication/crrsupplemental-resource-guides (Access on 23/10/2023).

  54. ITU-T X.1216 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (09/2020) SERIES X (2020). DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Cyberspace security—Cybersecurity Requirements for collection and preservation of cybersecurity incident evidence. Available on-line at: https://www.itu.int/rec/T-REC-X.1216-202009-I/en (Access on 23/10/2023).

  55. Northcutt, S. Institute, S.: Computer security incident handling: step by step, a survival guide for computer security incident handling. Sans Institute, (2001)

  56. Common Vulnerabilities and Exposures (CVE), MITRE, 2023. Available on-line at: cve.mitre.org (Access on 23/10/2023)

  57. Tundis, A. Ruppert, S. Muhlhauser, M.: On the automated assessment of open-source cyber threat intelligence sources. International Conference on Computational science (ICC), Computational science—ICCS 2020, Springer, LNTCS, vol. 12138, 2020, pp. 453–467.

  58. Papastergiou, S., Polemi, N.: MITIGATE: a dynamic supply chain cyber risk assessment methodology. Smart Trends Syst, Secur Sustain Springer, LNNS 18, 1–9 (2017)

    Google Scholar 

  59. Schauer, S., Polemi, N., Mouratidis, H.: MITIGATE: A dynamic supply chain cyber risk assessment methodology. J Transport Secur, Springer 12, 1–35 (2019)

    Article  Google Scholar 

  60. Wagner, T. D. Cyber threat intelligence for “Things”. International conference on cyber situational awareness, data analytics and assessment (Cyber SA), IEEE, Oxford, UK, (2019) pp. 1–6

  61. Kumar, V., Sinha, D.: A robust intelligent zero-day cyber-attack detection technique. Complex Intell Syst Springer 7, 2211–2234 (2021)

    Article  Google Scholar 

  62. Zoppi, T., Ceccarelli, A., Bondavalli, A.: Unsupervised algorithms to detect zero-day attacks: strategy and application. IEEE Access IEEE 9, 90603–90615 (2021)

    Article  Google Scholar 

  63. Duessel, P., et al.: Detecting zero-day attacks using context-aware anomaly detection at the application-layer. Int J Inform Secur Springer 16, 475–490 (2017)

    Article  Google Scholar 

  64. ISO-31000:2018: Risk management, ISO, 2018. Available on-line at: www.iso.org/iso-31000-risk-management.html (accessed on 23/10/2023).

  65. ISO-27001:2022: Information security management system, ISO/IEC, 2022. Available on-line at: www.iso.org/standard/27001 (accessed on 23/10/2023).

  66. CIS Critical security controls, CIS. Available on-line at: https://www.cisecurity.org/controls (accessed on 23/10/2023).

  67. Common vulnerability scoring system (CVSS) v4.0, FIRST, 2023. Available on-line at: https://www.first.org/cvss/v4-0/ (accessed on 23/10/2023).

  68. Common platform enumeration (CPE), NIST, 2023. Available on-line at: nvd.nist.gov/products/cpe (accessed on 23/10/2023).

  69. Common attack pattern enumeration and classification (CAPEC), MITRE, 2019. Available on-line at: capec.mitre.org (accessed on 23/10/2023).

  70. Coordinated vulnerability disclosure (CVD), UK national cyber security centre (NCSC), 2018. Available on-line at: https://www.enisa.europa.eu/news/member-states/WEB_115207_BrochureNCSC_EN_A4.pdf (accessed on 23/10/2023).

  71. Islam, S., Papastergiou, S., Kalogeraki, E.-M., Kioskli, K.: Cyberattack path generation and prioritisation for securing healthcare systems. Appl Sci MDPI 12, 1–22 (2022)

    Google Scholar 

  72. Hatzivasilis, G. et al., Continuous security assurance of modern supply-chain ecosystems with application in autonomous driving. IEEE CSR Workshop on Cyber Resilience and Economics (CRE), IEEE, Venice, Italy, 31 July—2 August (2023), pp. 1–6

  73. CyberSANE, D2.1: Cyber Incident handling Trend Analysis. pp. 1–76, (2020)

  74. E.T. Muller, Commonsense reasoning: an event calculus based approach. 2nd edn. M. Kaufmann, (2015)

  75. Drools reasoning engine. Available on-line at: https://drools.org/ (accessed on 23/10/2023)

  76. AutoKeras. Available on-line at: https://autokeras.com/ (accessed on 23/10/2023)

  77. ELK Stack. Available on-line at: https://www.elastic.co/what-is/elk-stack (accessed on 23/10/2023)

  78. Apache, “Kafka 3.0 Documentation,” Available on-line at: https://kafka.apache.org/documentation.htm (Access on 23/10/2023)

  79. PDMFC, “CHIMERA—Anonymization Framework,” Available on-line at: https://pdmfc.com/bias.html?key=chimera (Access on 23/10/2023)

  80. MISP, Available on-line at: https://www.misp-project.org/ (Access on 23/10/2023)

  81. AEGIS IT Research, “AEGIS Forensics Visualization Toolkit (FVT)”. Available on-line at: https://aegisresearch.eu/solutions/forensics-visualization-toolkit-fvt/ (Access on 23/10/2023)

  82. Islam, S., Grigoriadis, C., Papastergiou, S. Information sharing for creating awareness for securing healthcare ecosystem. 19th International Conference on the Design of Reliable Communication Networks (DRCN), IEEE, Vilanova i la Geltru, Spain, pp. 1–5 (2023)

  83. Cho, S., et al., Cyber kill chain based threat taxonomy and its application on cyber common operational picture. International Conference on Cyber Situational Awareness, Data Analytics, and Assessment (Cyber SA 2018), June 2018, Glasgow, UK.

  84. Montesino, R., et al.: SIEM-based framework for security controls automation. Inform Manage Comput Secur Emerald 20(4), 248–263 (2012)

    Article  Google Scholar 

  85. Zamfir, V.A., Carabas, M., Carabas, C., Tapus, N.: Systems monitoring and big data analysis using the Elasticsearch system. Int Conf Control Syst Comput Sci (CSCS), IEEE (2019). https://doi.org/10.1109/CSCS.2019.00039

    Article  Google Scholar 

  86. Cisco and Sourcefire, “Snort IPS tool”. Available on-line at: https://www.snort.org/ (Access on 23/10/2023).

  87. Kioskli, K., et al.: The importance of conceptualising the human-centric approach in maintaining and promoting cybersecurity-hygiene in healthcare. Applied Sciences MDPI 13(6), 1–16 (2023)

    Google Scholar 

  88. Cichonski, K.S.P., Millar, T., Grance, T.: Computer security incident handling guide: recommendations of the national institute of standards and technology,” NIST Spec. Publ., vol. 800–61, p. 79, 2012, [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (Access on 23/10/2023)

  89. Garzón, F.: Cybersecurity incident response.4 (2020)

  90. Ahmad, A., Desouza, K.C., Maynard, S.B., Naseer, H., Baskerville, R.L.: How integration of cyber security management and incident response enables organizational learning. J. Assoc. Inf. Sci. Technol. 71(8), 939–953 (2020). https://doi.org/10.1002/asi.24311

    Article  Google Scholar 

  91. A. Castiglione, et al., (2010) An enhanced firewall scheme for dynamic and adaptive containment of emerging security threats. Proc2010 Int Conf Broadband Wirel Comput Commun Appl Bwcca 475–481 https://doi.org/10.1109/BWCCA.2010.117

  92. Adamov, A., Carlsson, A.: Cloud incident response model. Proc. 2016 IEEE East-West Des. Test Symp. EWDTS 2016 1–3 (2016) https://doi.org/10.1109/EWDTS.2016.7807665.

  93. Baliga, A. Chen, X. Iftode, L.: Paladin: automated detection and containment of rootkit attacks. 20, (2014) [Online]. Available: https://pdfs.semanticscholar.org/f51f/9be6b02d2c2ec2a414a14dde4979765f6670.pdf (Access on 23/10/2023).

  94. Ceron, J.M., Margi, C.B., Granville, L.Z.: MARS: from traffic containment to network reconfiguration in malware-analysis systems. Comput. Networks 129, 261–272 (2017). https://doi.org/10.1016/j.comnet.2017.10.003

    Article  Google Scholar 

  95. Lamis, T.: A forensic approach to incident response. Proc. 2010 Inf Secur Curric Dev Annu Conf InfoSecCD 10, 177–185 (2010). https://doi.org/10.1145/1940941.1940975

    Article  Google Scholar 

  96. CONCORDIA EU project, 2019–2022. Available on-line at: https://www.concordia-h2020.eu/ (accessed on 23/10/2023).

  97. Chou, D., Jiang, M.: A survey of data-driven network intrusion detection. ACM Comput Surv ACM 54(9), 1–36 (2021)

    Google Scholar 

  98. Jain, R.:WUSTL EHMS 2020 dataset for internet of medical things (IoMT) cybersecurity research. Washington University in St. Louis, 2020. Available on-line at: https://www.cse.wustl.edu/~jain/ehms/index.html (accessed on 23/10/2023)

  99. Lippmann, R., Haines, J., Fried, D., Korba, J., Das, K.: The 1999 DARPA offline intrusion detection evaluation. Comput Networks Elsevier 34(2000), 579–595 (2000)

    Article  Google Scholar 

  100. Sigholm, J., Bang, M.: Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats. Intell Secur Inform Conf (EISIC), 2013 European IEEE (2013). https://doi.org/10.1109/EISIC.2013.37

    Article  Google Scholar 

  101. Vazquez, D. F., Acosta, O. P., Spirito, C., Brown, S., Reid, E., Conceptual framework for cyber defense information sharing within trust relationships. 4th International Conference on Cyber Conflict, CyCon 2012, Tallinn, Estonia, June 5–8, (2012) 2012, 1–17

  102. Taddeo, M., McCutcheon, T., Floridi, L.: Trusting artificial intelligence in cybersecurity is a double-edged sword. Nat Mach Intell Springer Nat 1(12), 557–560 (2019)

    Article  Google Scholar 

  103. Hatzivasilis, G. et al., Secure semantic interoperability for IoT applications with linked data. IEEE Global Communications Conference (GLOBECOM 2019), IEEE, Waikoloa, HI, USA, 9–13 December, (2019) pp. 1–7.

  104. Krasznay, C. Gyebnar, G. Possibilities and limitations of cyber threat intelligence in energy systems. 13th International Conference on Cyber Conflict, NATO CCDCOE Publications, Talin, Estonia, (2021) pp. 171–188

  105. Ring, T.: Threat intelligence: why people don’t share. Comput Fraud Secur Elsevier 2014(3), 5–9 (2014)

    Article  Google Scholar 

  106. Guo, L. et al., (2021) Overview of cyber threat intelligence description. International Conference on Applications and Techniques in Cyber Intelligence (ATCI), Fuyang, China, Springer AISC 1398: 343–350

  107. Macnish, K., FernandezInguanzo, A., Kirichenko, A.: Smart information systems in cybersecurity. ORBIT J 2(2), 1–26 (2019)

    Google Scholar 

  108. Kioskli, K., Mouratidis, H., Polemi, N.: Bringing humans at the core of cybersecurity: Challenges and future research directions. Human Factors Cybersecurity AHFE Open Access 91, 82–92 (2023)

    Google Scholar 

  109. Kioskli, K., Dellagiacoma, D., Fotis, T., Mouratidis, H.: The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies. J Wirel Mob Networks Ubiquitous Comput Depend Appl 13(2), 147–182 (2022)

    Google Scholar 

  110. Frank, L., et al.: Policy-based identification of IoT devices’ vendor and type by DNS traffic analysis. Policy-Based Auton Data Govern Springer LNISA 11550, 180–201 (2019)

    Article  Google Scholar 

  111. Jiang, H., Bouabdallah, A.: JACPoL: a simple but expressive JSON-based access control policy language. 11th IFIP International Conference on Information Security Theory and Practice, IFIP, (2017) Heraklion, Crete, Greece 56–72

  112. Ahmed, A.J. et al., Policy-based QoS management framework for software-defined networks. International Symposium on Networks, Computers and Communications (ISNCC), 1–7 (2018)

Download references

Acknowledgements

This work has received funding from the European Union’s Horizon 2020 research and innovation programmes under grant agreements No. 883273 (AI4HEALTHSEC), No. 101021659 (SENTINEL), No. 957337 (MARVEL), and No. 101070599 (SecOPERA).

Funding

Funding is detailed in the ‘Acknowledgement’ section below.

Author information

Authors and Affiliations

  1. Institute of Computer Science, Foundation for Research and Technology—Hellas (FORTH), Heraklion, Greece

    George Hatzivasilis, Eftychia Lakka & Manos Athanatos

  2. Innovation Department, Sphynx Technology Solutions AG, Zug, Switzerland

    Manos Athanatos, Sotiris Ioannidis, Grigoris Kalogiannis, Manolis Chatzimpyrros & George Spanoudakis

  3. Innovation Department, Focal Point, Brugge, Belgium

    Spyros Papastergiou

  4. Innovation Department, PDMFC, Lisbon, Portugal

    Stylianos Karagiannis

  5. Innovation Department, Aegis It Research GmbH, Brunswick, Germany

    Andreas Alexopoulos

  6. Fraunhofer Gesellschaft Zur Foerderung Der Angewandten Forschung E.V., Munich, Germany

    Dimitry Amelin & Stephan Kiefer

Authors
  1. George Hatzivasilis
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Eftychia Lakka
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Manos Athanatos
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Sotiris Ioannidis
    View author publications

    You can also search for this author inPubMed Google Scholar

  5. Grigoris Kalogiannis
    View author publications

    You can also search for this author inPubMed Google Scholar

  6. Manolis Chatzimpyrros
    View author publications

    You can also search for this author inPubMed Google Scholar

  7. George Spanoudakis
    View author publications

    You can also search for this author inPubMed Google Scholar

  8. Spyros Papastergiou
    View author publications

    You can also search for this author inPubMed Google Scholar

  9. Stylianos Karagiannis
    View author publications

    You can also search for this author inPubMed Google Scholar

  10. Andreas Alexopoulos
    View author publications

    You can also search for this author inPubMed Google Scholar

  11. Dimitry Amelin
    View author publications

    You can also search for this author inPubMed Google Scholar

  12. Stephan Kiefer
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

G.H., E.L., M.A., S.P., S.K., A.A., D.A., and S.K. wrote the main manuscript. G.K., M.C., S.K, A.A., G.H. implement the solution and D.A. and S.K. set the piloting environment. All authors reviewed the manuscript. S.P., S.I., and G.S. supervise the research activities and review the document.

Corresponding author

Correspondence to George Hatzivasilis.

Ethics declarations

Conflict of interest

The authors have no competing interests to declare that are relevant to the content of this article.

Humans or Animals Research

No research on humans or animals took place during this research. Therefore, no informed consent procedures were needed.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hatzivasilis, G., Lakka, E., Athanatos, M. et al. Swarm-intelligence for the modern ICT ecosystems. Int. J. Inf. Secur. 23, 2951–2975 (2024). https://doi.org/10.1007/s10207-024-00869-1

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-024-00869-1

Keywords