Next Article in Journal / Special Issue
Secure and Privacy-Aware Blockchain Design: Requirements, Challenges and Solutions
Previous Article in Journal / Special Issue
The Cybersecurity Focus Area Maturity (CYSFAM) Model
Article

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

imec—DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Heverlee, Belgium
*
Author to whom correspondence should be addressed.
J. Cybersecur. Priv. 2021, 1(1), 140-163; https://doi.org/10.3390/jcp1010008
Received: 18 January 2021 / Revised: 15 February 2021 / Accepted: 22 February 2021 / Published: 26 February 2021
Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats. View Full-Text
Keywords: threat intelligence sharing; security automation; trust threat intelligence sharing; security automation; trust
Show Figures

Figure 1

MDPI and ACS Style

Preuveneers, D.; Joosen, W. Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence. J. Cybersecur. Priv. 2021, 1, 140-163. https://doi.org/10.3390/jcp1010008

AMA Style

Preuveneers D, Joosen W. Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence. Journal of Cybersecurity and Privacy. 2021; 1(1):140-163. https://doi.org/10.3390/jcp1010008

Chicago/Turabian Style

Preuveneers, Davy, and Wouter Joosen. 2021. "Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence" Journal of Cybersecurity and Privacy 1, no. 1: 140-163. https://doi.org/10.3390/jcp1010008

Find Other Styles

Article Access Map by Country/Region

1
Back to TopTop