An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Marios Anagnostopoulos; Egon Kidmose; Amine Laghaout; Rasmus L. Olsen; Sajad Homayoun; Christian D. Jensen; Jens M. Pedersen

doi:10.1007/978-3-030-92708-0_11

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

Marios Anagnostopoulos^*, Egon Kidmose, Amine Laghaout, Rasmus L. Olsen, Sajad Homayoun, Christian D. Jensen, Jens M. Pedersen

^*Corresponding author for this work

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

26 Downloads (Pure)

Abstract

Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

Original language	English
Title of host publication	Network and System Security : 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings
Editors	Min Yang, Chao Chen, Yang Liu
Number of pages	17
Publisher	Springer
Publication date	2021
Pages	185-201
ISBN (Print)	978-3-030-92707-3
ISBN (Electronic)	978-3-030-92708-0
DOIs	https://doi.org/10.1007/978-3-030-92708-0_11
Publication status	Published - 2021
Event	15th International Conference on Network and System Security, NSS 2021 - Tianjin, China Duration: 23 Oct 2021 → 23 Oct 2021

Conference

Conference	15th International Conference on Network and System Security, NSS 2021
Country/Territory	China
City	Tianjin
Period	23/10/2021 → 23/10/2021

Series	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13041 LNCS
ISSN	0302-9743

Bibliographical note

Funding Information:
Keywords: Security intelligence · Belief propagation · System architecture · Graph network · Design matrices This research is carried out in the SecDNS project, funded by Innovation Fund Denmark.

Publisher Copyright:
© 2021, Springer Nature Switzerland AG.

Keywords

Belief propagation
Design matrices
Graph network
Security intelligence
System architecture

Access to Document

10.1007/978-3-030-92708-0_11

secdns_architecture_paperAccepted author manuscript, 506 KB

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

Anagnostopoulos, M., Kidmose, E., Laghaout, A., Olsen, R. L., Homayoun, S., Jensen, C. D., & Pedersen, J. M. (2021). An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. In M. Yang, C. Chen, & Y. Liu (Eds.), Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings (pp. 185-201). Springer. https://doi.org/10.1007/978-3-030-92708-0_11

Anagnostopoulos, Marios ; Kidmose, Egon ; Laghaout, Amine et al. / An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. editor / Min Yang ; Chao Chen ; Yang Liu. Springer, 2021. pp. 185-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13041 LNCS).

@inproceedings{cabacc3ecd8149e0a29597176c4280d7,

title = "An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence",

abstract = "Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.",

keywords = "Belief propagation, Design matrices, Graph network, Security intelligence, System architecture",

author = "Marios Anagnostopoulos and Egon Kidmose and Amine Laghaout and Olsen, {Rasmus L.} and Sajad Homayoun and Jensen, {Christian D.} and Pedersen, {Jens M.}",

note = "Funding Information: Keywords: Security intelligence · Belief propagation · System architecture · Graph network · Design matrices This research is carried out in the SecDNS project, funded by Innovation Fund Denmark. Publisher Copyright: {\textcopyright} 2021, Springer Nature Switzerland AG.; 15th International Conference on Network and System Security, NSS 2021 ; Conference date: 23-10-2021 Through 23-10-2021",

year = "2021",

doi = "10.1007/978-3-030-92708-0_11",

language = "English",

isbn = "978-3-030-92707-3",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "185--201",

editor = "Min Yang and Chao Chen and Yang Liu",

booktitle = "Network and System Security",

address = "Germany",

}

Anagnostopoulos, M, Kidmose, E, Laghaout, A, Olsen, RL, Homayoun, S, Jensen, CD & Pedersen, JM 2021, An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. in M Yang, C Chen & Y Liu (eds), Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. Springer, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13041 LNCS, pp. 185-201, 15th International Conference on Network and System Security, NSS 2021, Tianjin, China, 23/10/2021. https://doi.org/10.1007/978-3-030-92708-0_11

An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. / Anagnostopoulos, Marios; Kidmose, Egon; Laghaout, Amine et al.
Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. ed. / Min Yang; Chao Chen; Yang Liu. Springer, 2021. p. 185-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13041 LNCS).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence

AU - Anagnostopoulos, Marios

AU - Kidmose, Egon

AU - Laghaout, Amine

AU - Olsen, Rasmus L.

AU - Homayoun, Sajad

AU - Jensen, Christian D.

AU - Pedersen, Jens M.

N1 - Funding Information: Keywords: Security intelligence · Belief propagation · System architecture · Graph network · Design matrices This research is carried out in the SecDNS project, funded by Innovation Fund Denmark. Publisher Copyright: © 2021, Springer Nature Switzerland AG.

PY - 2021

Y1 - 2021

N2 - Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

AB - Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.

KW - Belief propagation

KW - Design matrices

KW - Graph network

KW - Security intelligence

KW - System architecture

UR - http://www.scopus.com/inward/record.url?scp=85123304280&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-92708-0_11

DO - 10.1007/978-3-030-92708-0_11

M3 - Article in proceeding

AN - SCOPUS:85123304280

SN - 978-3-030-92707-3

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 185

EP - 201

BT - Network and System Security

A2 - Yang, Min

A2 - Chen, Chao

A2 - Liu, Yang

PB - Springer

T2 - 15th International Conference on Network and System Security, NSS 2021

Y2 - 23 October 2021 through 23 October 2021

ER -

Anagnostopoulos M, Kidmose E, Laghaout A, Olsen RL, Homayoun S, Jensen CD et al. An Architecture for Processing a Dynamic Heterogeneous Information Network of Security Intelligence. In Yang M, Chen C, Liu Y, editors, Network and System Security: 15th International Conference, NSS 2021, Tianjin, China, October 23, 2021, Proceedings. Springer. 2021. p. 185-201. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 13041 LNCS). doi: 10.1007/978-3-030-92708-0_11