An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Marios Anagnostopoulos; Egon Kidmose; Amine Laghaout; Rasmus L. Olsen; Sajad Homayoun; Christian D. Jensen; Jens M. Pedersen

doi:10.1007/978-3-030-92708-0_11

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Marios Anagnostopoulos^*, Egon Kidmose, Amine Laghaout, Rasmus L. Olsen, Sajad Homayoun, Christian D. Jensen, Jens M. Pedersen

^*Kontaktforfatter

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

27 Downloads (Pure)

Abstract

Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

Originalsprog	Engelsk
Titel	Network and System Security : 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings
Redaktører	Min Yang, Chao Chen, Yang Liu
Antal sider	17
Forlag	Springer
Publikationsdato	2021
Sider	185-201
ISBN (Trykt)	978-3-030-92707-3
ISBN (Elektronisk)	978-3-030-92708-0
DOI	https://doi.org/10.1007/978-3-030-92708-0_11
Status	Udgivet - 2021
Begivenhed	15th International Conference on Network and System Security, NSS 2021 - Tianjin, Kina Varighed: 23 okt. 2021 → 23 okt. 2021

Konference

Konference	15th International Conference on Network and System Security, NSS 2021
Land/Område	Kina
By	Tianjin
Periode	23/10/2021 → 23/10/2021

Navn	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Vol/bind	13041 LNCS
ISSN	0302-9743

Bibliografisk note

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

Adgang til dokumentet

10.1007/978-3-030-92708-0_11

secdns_architecture_paperAccepteret manuskript, 506 KB

AUB Link

Søg efter materialet i Aalborg Universitetsbiblioteks søgemaskine

Andre filer og links

Link to publication in Scopus

Citationsformater

Anagnostopoulos, M., Kidmose, E., Laghaout, A., Olsen, R. L., Homayoun, S., Jensen, C. D., & Pedersen, J. M. (2021). An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. I M. Yang, C. Chen, & Y. Liu (red.), Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings (s. 185-201). Springer. https://doi.org/10.1007/978-3-030-92708-0_11

Anagnostopoulos, Marios ; Kidmose, Egon ; Laghaout, Amine et al. / An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. red. / Min Yang ; Chao Chen ; Yang Liu. Springer, 2021. s. 185-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13041 LNCS).

@inproceedings{cabacc3ecd8149e0a29597176c4280d7,

title = "An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence",

abstract = "Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.",

keywords = "Belief propagation, Design matrices, Graph network, Security intelligence, System architecture",

author = "Marios Anagnostopoulos and Egon Kidmose and Amine Laghaout and Olsen, {Rasmus L.} and Sajad Homayoun and Jensen, {Christian D.} and Pedersen, {Jens M.}",

note = "Funding Information: Keywords: Security intelligence · Belief propagation · System architecture · Graph network · Design matrices This research is carried out in the SecDNS project, funded by Innovation Fund Denmark. Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 15th International Conference on Network and System Security, NSS 2021 ; Conference date: 23-10-2021 Through 23-10-2021",

year = "2021",

doi = "10.1007/978-3-030-92708-0_11",

language = "English",

isbn = "978-3-030-92707-3",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "185--201",

editor = "Min Yang and Chao Chen and Yang Liu",

booktitle = "Network and System Security",

address = "Germany",

}

Anagnostopoulos, M, Kidmose, E, Laghaout, A, Olsen, RL, Homayoun, S, Jensen, CD & Pedersen, JM 2021, An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. i M Yang, C Chen & Y Liu (red), Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. Springer, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), bind 13041 LNCS, s. 185-201, 15th International Conference on Network and System Security, NSS 2021, Tianjin, Kina, 23/10/2021. https://doi.org/10.1007/978-3-030-92708-0_11

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. / Anagnostopoulos, Marios; Kidmose, Egon; Laghaout, Amine et al.
Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. red. / Min Yang; Chao Chen; Yang Liu. Springer, 2021. s. 185-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13041 LNCS).

Publikation: Bidrag til bog/antologi/rapport/konference proceeding › Konferenceartikel i proceeding › Forskning › peer review

TY - GEN

T1 - An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

AU - Anagnostopoulos, Marios

AU - Kidmose, Egon

AU - Laghaout, Amine

AU - Olsen, Rasmus L.

AU - Homayoun, Sajad

AU - Jensen, Christian D.

AU - Pedersen, Jens M.

N1 - Funding Information: Keywords: Security intelligence · Belief propagation · System architecture · Graph network · Design matrices This research is carried out in the SecDNS project, funded by Innovation Fund Denmark. Publisher Copyright: © 2021, Springer Nature Switzerland AG.

PY - 2021

Y1 - 2021

N2 - Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

AB - Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

KW - Belief propagation

KW - Design matrices

KW - Graph network

KW - Security intelligence

KW - System architecture

UR - http://www.scopus.com/inward/record.url?scp=85123304280&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-92708-0_11

DO - 10.1007/978-3-030-92708-0_11

M3 - Article in proceeding

AN - SCOPUS:85123304280

SN - 978-3-030-92707-3

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 185

EP - 201

BT - Network and System Security

A2 - Yang, Min

A2 - Chen, Chao

A2 - Liu, Yang

PB - Springer

T2 - 15th International Conference on Network and System Security, NSS 2021

Y2 - 23 October 2021 through 23 October 2021

ER -

Anagnostopoulos M, Kidmose E, Laghaout A, Olsen RL, Homayoun S, Jensen CD et al. An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. I Yang M, Chen C, Liu Y, red., Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. Springer. 2021. s. 185-201. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Bind 13041 LNCS). doi: 10.1007/978-3-030-92708-0_11