Special Issue "New Challenges on Cyber Threat Intelligence"

A special issue of Electronics (ISSN 2079-9292). This special issue belongs to the section "Computer Science & Engineering".

Deadline for manuscript submissions: 31 December 2020.

Special Issue Editors

Prof. Dr. Changhoon Lee
Website
Guest Editor
Department of Computer Science & Engineering, Seoul National University of Science and Technology, Seoul, Korea
Interests: cyber threat intelligence (CTI); information security; digital forensics; IoT and Cloud security; cryptography
Prof. Dr. Yu Chen
Website
Guest Editor
Department of Electrical and Computer Engineering, Binghamton University, State University of New York, Binghamton, NY 13902, USA
Interests: cyber security; intelligent surveillance; IoT and Cloud security and privacy
Special Issues and Collections in MDPI journals
Dr. Jake (Jaeik) Cho
Website
Guest Editor
IBM, Dubai Internet City, Dubai, United Arab Emirates
Interests: cyber threat intelligence (CTI); enterprise security; advanced security for IoT/OT and industry network

Special Issue Information

Dear Colleagues,

Cyber threat intelligence (CTI) is a technology that has the potential to fundamentally change the defensive strategy against cyberattacks by building a security knowledge system to respond to intelligent cyberattacks preemptively. Cyber threat intelligence (CTI) organizes and shares threat information and is driving innovation in security technologies for networks and systems through threat identification, intelligent threat analysis, attacker profiling, and kill chain responses. Therefore, when applied well, threat intelligence can help security officers and teams to defend against an ever-more sophisticated threat landscape before, during, and after an attack. That is, by studying adversaries and understanding their strategies and objectives, organizations can build more effective and more robust cyber-defenses. In recent years, this CTI technology has been expanding into infrastructure environments such as SCADA, IoT, and heterogeneous networks, contributing to advances in the confidentiality, integrity, availability, privacy, and scalability of systems.

This Special Issue aims to cover the latest techniques in all aspects and challenges, including the construction, operation, and sharing of cyber-threat intelligence systems. Theoretical and practical developments in the implementation and operation of cyber threat intelligence, the latest technical reviews, and surveys on CTI systems are welcomed. The papers will be peer-reviewed and selected on the basis of their quality and relevance to the theme of this Special Issue, with only the best high-quality papers selected for publication. The topics of interest for this Special Issue include but are not limited to:

  • Design and analysis of CTI system architecture;
  • New operation strategy for CTI;
  • Data representation model for CTI;
  • Data sharing model for CTI;
  • Data analysis methodology for CTI;
  • Machine learning techniques and tools for CTI;
  • Kill-chain model and application for CTI;
  • Design and analysis of new evaluation method for CTI;
  • Automated and smart tools for data collection, feature classification, and forensic analysis;
  • Integration of incident response and digital forensic;
  • Application of cyber security and intelligence ;
  • Reliability and risk analysis methodology for CTI;
  • Cyberattack trend analysis model and system.

Prof. Dr. Changhoon Lee
Prof. Dr. Yu Chen
Dr. Jake (Jaeik) Cho
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All papers will be peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Electronics is an international peer-reviewed open access monthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1500 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (3 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Open AccessArticle
Effective DGA-Domain Detection and Classification with TextCNN and Additional Features
Electronics 2020, 9(7), 1070; https://doi.org/10.3390/electronics9071070 - 30 Jun 2020
Abstract
Malicious codes, such as advanced persistent threat (APT) attacks, do not operate immediately after infecting the system, but after receiving commands from the attacker’s command and control (C&C) server. The system infected by the malicious code tries to communicate with the C&C server [...] Read more.
Malicious codes, such as advanced persistent threat (APT) attacks, do not operate immediately after infecting the system, but after receiving commands from the attacker’s command and control (C&C) server. The system infected by the malicious code tries to communicate with the C&C server through the IP address or domain address of the C&C server. If the IP address or domain address is hard-coded inside the malicious code, it can analyze the malicious code to obtain the address and block access to the C&C server through security policy. In order to circumvent this address blocking technique, domain generation algorithms are included in the malware to dynamically generate domain addresses. The domain generation algorithm (DGA) generates domains randomly, so it is very difficult to identify and block malicious domains. Therefore, this paper effectively detects and classifies unknown DGA domains. We extract features that are effective for TextCNN-based label prediction, and add additional domain knowledge-based features to improve our model for detecting and classifying DGA-generated malicious domains. The proposed model achieved 99.19% accuracy for DGA classification and 88.77% accuracy for DGA class classification. We expect that the proposed model can be applied to effectively detect and block DGA-generated domains. Full article
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Show Figures

Figure 1

Open AccessArticle
Anomaly Based Unknown Intrusion Detection in Endpoint Environments
Electronics 2020, 9(6), 1022; https://doi.org/10.3390/electronics9061022 - 20 Jun 2020
Abstract
According to a study by Cybersecurity Ventures, cybercrime is expected to cost $6 trillion annually by 2021. Most cybersecurity threats access internal networks through infected endpoints. Recently, various endpoint environments such as smartphones, tablets, and Internet of things (IoT) devices have been configured, [...] Read more.
According to a study by Cybersecurity Ventures, cybercrime is expected to cost $6 trillion annually by 2021. Most cybersecurity threats access internal networks through infected endpoints. Recently, various endpoint environments such as smartphones, tablets, and Internet of things (IoT) devices have been configured, and security issues caused by malware targeting them are intensifying. Event logs-based detection technology for endpoint security is detected using rules or patterns. Therefore, known attacks can respond, but unknown attacks can be difficult to respond to immediately. To solve this problem, in this paper, local outlier factor (LOF) and Autoencoder detect suspicious behavior that deviates from normal behavior. It also detects threats and shows the corresponding threats when suspicious events corresponding to the rules created through the attack profile are constantly occurring. Experimental results detected eight new suspicious processes that were not previously detected, and four malicious processes and one suspicious process were judged using Hybrid Analysis and VirusTotal. Based on the experiment results, it is expected that the use of operational policies such as allowlists in the proposed model will significantly improve performance by minimizing false positives. Full article
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Show Figures

Figure 1

Open AccessFeature PaperArticle
BLOCIS: Blockchain-Based Cyber Threat Intelligence Sharing Framework for Sybil-Resistance
Electronics 2020, 9(3), 521; https://doi.org/10.3390/electronics9030521 - 21 Mar 2020
Abstract
The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based [...] Read more.
The convergence of fifth-generation (5G) communication and the Internet-of-Things (IoT) has dramatically increased the diversity and complexity of the network. This change diversifies the attacker’s attack vectors, increasing the impact and damage of cyber threats. Cyber threat intelligence (CTI) technology is a proof-based security system which responds to these advanced cyber threats proactively by analyzing and sharing security-related data. However, the performance of CTI systems can be significantly compromised by creating and disseminating improper security policies if an attacker intentionally injects malicious data into the system. In this paper, we propose a blockchain-based CTI framework that improves confidence in the source and content of the data and can quickly detect and eliminate inaccurate data for resistance to a Sybil attack. The proposed framework collects CTI by a procedure validated through smart contracts and stores information about the metainformation of data in a blockchain network. The proposed system ensures the validity and reliability of CTI data by ensuring traceability to the data source and proposes a system model that can efficiently operate and manage CTI data in compliance with the de facto standard. We present the simulation results to prove the effectiveness and Sybil-resistance of the proposed framework in terms of reliability and cost to attackers. Full article
(This article belongs to the Special Issue New Challenges on Cyber Threat Intelligence)
Show Figures

Figure 1

Back to TopTop