An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Marios Anagnostopoulos*, Egon Kidmose, Amine Laghaout, Rasmus L. Olsen, Sajad Homayoun, Christian D. Jensen, Jens M. Pedersen


Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

17 Downloads (Pure)


Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

TitelNetwork and System Security : 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings
RedaktørerMin Yang, Chao Chen, Yang Liu
Antal sider17
ISBN (Trykt)978-3-030-92707-3
ISBN (Elektronisk)978-3-030-92708-0
StatusUdgivet - 2021
Begivenhed15th International Conference on Network and System Security, NSS 2021 - Tianjin, Kina
Varighed: 23 okt. 202123 okt. 2021


Konference15th International Conference on Network and System Security, NSS 2021
NavnLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Vol/bind13041 LNCS

Bibliografisk note

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.


Dyk ned i forskningsemnerne om 'An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence'. Sammen danner de et unikt fingeraftryk.