A Cyber-Threat Intelligence Framework for Improved Internet Facilitated Organized Crime Threat Management

  IJCTT-book-cover
 
International Journal of Computer Trends and Technology (IJCTT)          
 
© 2018 by IJCTT Journal
Volume-60 Number-1
Year of Publication : 2018
Authors : Oluwafemi Oriola
  10.14445/22312803/IJCTT-V60P101

MLA

Oluwafemi Oriola "A Cyber-Threat Intelligence Framework for Improved Internet Facilitated Organized Crime Threat Management". International Journal of Computer Trends and Technology (IJCTT) V60(1):1-14 June 2018. ISSN:2231-2803. www.ijcttjournal.org. Published by Seventh Sense Research Group.

Abstract
Internet Facilitated Organized Crime Threats are internet aided forms of cyber-crime activities that target citizens and organizations in large scale. They have been commonly propagated through botnets and worms. At times, they exhibit as advanced persistent threats. Presently, different models have been developed for assessing the threats with the aim of combating the trends. However, such models are deficient in the technological intelligence needed for managing the threats cost-effectively and cost-efficiently. This paper thus reviews the state-of-the-arts in Cyber-Threat Intelligence with focus on Threat Management. The paper identifies the strengths and limitations of the works and proposes a Cyber-Threat Intelligence framework that maintains the strengths in the existing models and addresses the limitations for improved Internet-facilitate Organized Crime Threat Management.

Reference
[1] Weforum. 2012. “Organised Crime Enablers,” Retrieved 2nd May, 2014 https://www.weforum.org
[2] Europol. 2014. “The Internet Organised Crime Threat Assessment,” Retrieved 2nd May, 2014 from https://www.europol.europa.eu/sites/default
[3] Banday, M.T., Qadri, J.A., Shah, N.A. (2009). "Study of Botnets and Their Threats to Internet Security," . Sprouts: Working Papers on Information Systems, 9(24). Retrieved I9th May, 2012 from http://sprouts.aisnet.org/9-24.
[4] CAIDA .2003. Slammer Worms. Retrieved 4th May, 2014 from www.caida.org.
[5] Websense. 2011. “Advanced Persistent Threats and Other Advanced Attacks: Threat Analysis and Defense Strategies for SMB, Mid-Size, and Enterprise Organisations,” Retrieved 2nd May, 2014 from https://www.websense.com
[6] Symantec .2012. Internet Security Threat Report, Volume 17 Retrieved 19th January, 2014 from www.symantec.com/content
[7] Symantec .2013. Internet Security Threat Report, Volume 18 Retrieved 19th January, 2014 from www.symantec.com/content
[8] Arbor Networks. 2012. Arbor Special Report: Worldwide Infrastructure Security Report 2011. Volume VII. Retrieved 8th January, 2013 from www.arbornetworks.com/report.
[9] Kaspersky Security Bulletin. 2009. Malware Evolution 2009. Retrieved 4th April, 2014 from http://kaspersky.com
[10] Friedman, J. and Bouchard, M.2015. Definitive Guide to Cyber-Threat Intelligence, iSight Partner, Retrieved 4th June, 2016 from http://isightpartners.com
[11] Waltz, E. 1998. Information warfare principles and operations. Norwood, MA: Artech House, Inc. In Proceedings of Network and Distributed System Security Symposium (NDSS 2004).
[12] Clark, R. 2010. Intelligence analysis: A target-centric approach. (Third ed.). Washington, DC: CQ Press.
[13] Payment Council.2014. Cyber Threat Intelligence. Retrieved 3rd May, 2017 from http://www.paymentsuk.org.uk
[14] NCI. 2013. National council of isacs. Retrieved 5th February, 2014 from http://www.isaccouncil.org/home.html
[15] Amoroso, E. 2011. Cyber Attacks: Protection National Infrastructure. Burlington, MA: Elsevier.
[16] MalwareDomains. 2013. DNS-bh – malware domain blocklist. Retrieved 4th April, 2014 from http://www.malwaredomains.com
[17] EmergingThreats. 2013. Enhance your intrusion detection system with etpro™ ruleset. Retrieved 4th December, 2013 from http://www.emergingthreats.net/solutions
[18] Saklikar, S. 2013. Sharing Threat Intelligence Analytics. RSA Conference, Asia-Pacific 2013. CLT-05 Intermediate Class.
[19] Danyliw, R.,Meijer, J.and Demchenko, Y. 2007. The Incident Object Description Exchange Format. Network Working Group, RFC 5070. Retrieved 2nd April, 2014 from www.ietf.org
[20] Takahashi, T. 2013. Iodef-extension for structured cybersecurity information. Retrieved 4th April, 2014 from http://tools.ietf.org/html
[21] Moriarty, K. 2012. Real-time Inter-network Defense (RID), RFC 6545. Retrieved 2nd April, 2014 from www.ietf.org
[22] Farnham, G. 2013. Tools and Standards for Cyber Threat Intelligence Projects. GIAC (GCPM) Gold Certification.
[23] MAPP (2017) Microsoft Active Protections Program. Retrieved April 9, 2018 from https://technet.microsoft.com/enus/security/dn467918.aspx
[24] FS-ISAC(2014) Financial Services Information Sharing Analysis Centre. Retrieved April 4, 2014 from https://www.fsisac.com/
[25] AlienVault. Retrieved April 4, 2014 from http://www.alienvault.com
[26] CorreLog. Retrieved 4th May, 2014 from https://correlog.com
[27] IBM, Retrieved May, 2014 from http://ww.ibm.com
[28] OSSEC (2018) Open Source HIDS Security. Retrieved 10th May, 2017 from https://www.ossec.net/
[29] McAfee. Retrieved 4th May, 2014 from www.mcafee.com
[30] Caswell, B. and Roesch, M. 1998. Snort: The open source network intrusion detection system. Retrieved 10th April, 2014 from http://www.snort.org . International Journal of Computer Trends and Technology (IJCTT) – Volume 60 Issue 1- June 2018
[31] Kang, X., Zhou, D., Rao, D., Li, J. and Lo, V. 2004. Sequoia – A Robust Communication Architecture for Collaborative Security Monitoring Systems. Retrieved 4th April, 2014 from http://netsec.cs.uoregon.edu/research/sequoia.php
[32] Yegneswaran, V., Barford, P. and Jha, S. 2004. Global Intrusion Detection in the DOMINO Overlay System.
[33] Chen, Y., Hwang, K and Ku, W. 2007. Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions on Parallel and Distributed Systems, TPDS-0228-0806.
[34] Dondo, M. 2009. A Fuzzy Risk Calculations Approach for a Network Vulnerability Ranking System. DRDC Ottawa Defence R&D Canada – Ottawa, Technical Memorandum DRDC Ottawa TM 2007-090.
[35] Mell, P., Scarfone, K. and Romanosky, S .2009. "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", Rerieved 1st May 2014 from http://www.first.org/cvss/cvss-guide.html
[36] Ahmed, M.S., Al-Shaer, E., Taibah, M., Khan, L. 2010. Objective Risk Evaluation for Automated Security Management.
[37] Locasto, M.E., Parekh, J.J., Keromytis, A.D., Stolfo, S.J. 2005. Towards Collaborative Security and P2P Intrusion Detection. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security T1B2 1555 United States Military Academy, West Point, NY, 15.
[38] Ullrich, J. 2004 \Dshield home page." Retrieved 19th January, 2014 from http://www.dshield.org/.
[39] Ning, P., Peng, P., Hu, Y., and Xu, D. 2003. TIAA: A Visual Toolkit for Intrusion Alert Analysis. Retrieved 4th April, 2014 from http://www.iss.net.
[40] [40] Ntouskas, T., Pentafronimos, G. and Papastergiou, S. 2011. STORM - Collaborative Security Management Environment. Information Security Theory and Practice. Security and Privacy of Mobile Devices in Wireless CommunicationLecture Notes in Computer Science Volume 6633, 2011, pp 320-335.
[41] Chen, Z., Han, F., Cao, J., Jiang, X., and Chen, S. 2013. Cloud Computing-Based Forensic Analysis for Collaborative Network Security Management System. Tsinghua Science and Technology ISSNL l1007-0214l l05/12l lpp40-50 Volume 18, Number 1.
[42] Porras, P.A., Fong, M.W. and Valdes, A. 2002. A mission-impact-based approach to INFOSEC alarm correlation", Proceedings of the 5th International Symposium Recent Advances in Intrusion Detection, Zurich, Switzerland, Vol. 2516, pp. 95-114.
[43] J. Yu, Y.V. R. Reddy, S. Selliah, S. Reddy. TRINETR: An architecture for collaborative intrusion detection and knowledge-based alert evaluation. Advanced Engineering Informatics, 19 (2005) 93–101.
[44] Årnes, A., Valeur, F., Vigna, G. and Kemmerer, R. 2006. Using Hidden Markov Models to Evaluate the Risks of Intrusions: System Architecture and Model Validation", Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, pp. 145–164.
[45] Alsubhi, K., Al-Shaer, E. and Boutaba, R. 2008. Alert Prioritisation in Intrusion Detection Systems, Proceedings of the IEEE Network Operations and Management Symposium, Salvador, Brazil, pp. 33-40.
[46] Meier, J.D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R. and Murukan, A. 2003. Improving Web Application Security: Threats and Countermeasures, Threat Modelling, Microsoft Corporation.
[47] Li, Z., Lei, J., Wang, L., and Li D. 2007. A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction. Computer Communications 29.
[48] Haslum, K. 2010. Real-time network intrusion prevention. Doctoral theses at NTNU, 2010:168.
[49] Katipally, R., Cui, X. and Yang, L. 2010. Multi stage attack Detection system for Network Administrators using Data Mining.
[50] Jumaat, A. N. B. 2012. Incident Prioritization for Intrusion Response. University of Plymouth, Unpublished Ph.D. Thesis.
Hillson, D. 1999. Developing Effective Risk Responses, Proceedings of the 30th Annual Project Management Institute 1999 Seminars & Symposium, Philadelphia, Pennsylvania, USA.

Keywords
Internet-facilitated Organized Crime Threats, Cyber-Threat Intelligence, Incident, Information Sharing, Information Analysis