Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.
|Titel||Network and System Security : 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings|
|Redaktører||Min Yang, Chao Chen, Yang Liu|
|Status||Udgivet - 2021|
|Begivenhed||15th International Conference on Network and System Security, NSS 2021 - Tianjin, Kina|
Varighed: 23 okt. 2021 → 23 okt. 2021
|Konference||15th International Conference on Network and System Security, NSS 2021|
|Periode||23/10/2021 → 23/10/2021|
|Navn||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
Bibliografisk notePublisher Copyright:
© 2021, Springer Nature Switzerland AG.