SpringerLink
Log in

Cyber threat intelligence framework using advanced malware forensics

  • Original Research
  • Published:
International Journal of Information Technology Aims and scope Submit manuscript

Abstract

The emerging risk of cybercrimes has compelled the organisations to shift their cyber defence strategy from reactive to proactive. In this paper, we have analysed various cyber threat intelligence models used by organizations with respect to their potential features, their methods of countermeasures, language specification of the threat indicators, whether they are open source or closed source, owning organization, acceptance parameters of security requirements and capability to measure the efficacy of cyber threat intelligence feeds. In addition to this, the paper also proposes a cyber-threat intelligence framework which overcome the problems found in existing models and frameworks. The proposed framework consists of three layers. Layer 1 consists of input layer data incoming from online and offline sources. Layer 2 pre-processes, classifies and filters the received data from layer 1. Layer 3, provides a detailed report using Elastic search–Logstash–Kibana (ELK) stack. The implementation result shows that the proposed model detects new generation malware effectively and fulfils all the security requirements as proposed in SANS Tools and Standards for Cyber Threat Intelligence Projects.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Brazil)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. State of Malware Report, Malwarebytes Labs, Santa Clara, CA, 2017. https://www.malwarebytes.com/pdf/white-papers/stateofmalware.pdf

  2. Patrick H, Fields Z (2017) A need for cyber security creativity. In: Collective creativity for responsible and sustainable business practice. IGI Global, pp 42–61

  3. 6 Easy ways to advance your cybersecurity program when you have a small team, ThreatConnect, Arlington, VA (2017). https://www.threatconnect.com/wp-content/uploads/ThreatConnect-6-Easy-Ways-to-Advance-Your-Cybersecurity-Program-08-04-16.pdf

  4. https://webcache.googleusercontent.com/search?q=cache:rpbp2y5vElMJ:https://www.cpni.gov.uk/Documents/Publications/2015/11-jUNE-2015-CONTEXT_CPNI_Threat_Intelligence_FINAL.pdf+&cd=6&hl=en&ct=clnk&gl=in. Accessed 27 Nov 2016 (23:26:09)

  5. Osako T, Suzuki T, Iwata Y (2016) Proactive defense model based on cyber threat analysis. FUJITSU Sci Tech J 52(3):72–77

    Google Scholar 

  6. Tools and Standards for Cyber Threat Intelligence Projects, October 14th 2013, SANS Institute InfoSec Reading Room. https://www.sans.org/reading-room/whitepapers/warfare/tools-standards-cyber-threat-intelligence-projects-34375

  7. http://veriscommunity.net/howto.html. Accessed 28 Nov 2016 (19:24:16)

  8. Obrst L, Chase P, Markeloff R (2012) Develo** an ontology of the cyber security domain. STIDS, Fairfax

    Google Scholar 

  9. VerIS—a framework for gathering risk management Information from security incidents, Wade Baker Alex Hutton Chris Porter, Risk Intelligence Verizon Cybertrust Security, http://www.securitymetrics.org/attachments/Metricon-4.5-Baker-Hutton-VERIS.pdf

  10. http://www.verizonenterprise.com/verizon-insights-lab/dbir/. Accessed 28 Nov 2016 (20:31:18)

  11. https://github.com/vz-risk/veris. Accessed 28 Nov 2016 (19:20:16)

  12. Dog, Spike E et al (2016) Strategic cyber threat intelligence sharing: a case study of IDS logs. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN). IEEE, Waikoloa, HI, USA

  13. http://openioc.org/. Accessed 28 Nov 2016 (19:34:27)

  14. https://github.com/mandiant/OpenIOC_1.1. Accessed 28 Nov 2016 (21:56:28)

  15. https://github.com/mandiant/ioc_writer. Accessed 28 Nov 2016 (20:04:14)

  16. http://cyboxproject.github.io/about/. Accessed 02 Dec 2016 (14:20:20)

  17. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX™), February 20, 2014, Mitre Co., https://www.standardscoordination.org/sites/default/files/docs/STIX_Whitepaper_v1.1.pdf

  18. https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/. Accessed 02 Dec 2016 (20:53:45)

  19. Trusted Automated eXchange of Indicator Information—TAXII™ enabling cyber threat information exchange, Mitre Corp. https://makingsecuritymeasurable.mitre.org/docs/taxii-intro-handout.pdf. Accessed 03 Dec 2016 (19:56:32)

  20. https://taxiiproject.github.io/. Accessed 02 Dec 2016 (15:12:19)

  21. https://github.com/csirtgadgets/massive-octo-spice. Accessed 03 Dec 2016 (14:37:12)

  22. http://csirtgadgets.org/collective-intelligence-framework. Accessed 03 Dec 2016 (14:33:12)

  23. Alient Vault Threat Exchange (2016). http://billows.com.tw/download/dm/AlienVault-Open-Threat-Exchange.pdf

  24. Caltagirone S, Pendergast A, Betz C (2013) The diamond model of intrusion analysis. Center for Cyber Intelligence Analysis and Threat Research, Hanover

    Google Scholar 

  25. https://securityintelligence.com/a-gentle-introduction-to-the-x-force-exchange-api/. Accessed 5 Dec 2016 (18:59:12)

  26. Pirscoveanu R-S, Stevanovic M, Pedersen JM (2016) Clustering analysis of malware behavior using Self Organizing Map. In: 2016 International conference on cyber situational awareness, data analytics and assessment (CyberSA). IEEE, London, UK

  27. Annachhatre C, Austin TH, Stamp M (2015) Hidden Markov models for malware classification. J Comput Virol Hacking Tech 11(2):59–73

    Article  Google Scholar 

  28. Pai S et al (2017) Clustering for malware classification. J Comput Virol Hacking Tech 13(2):95–107

    Article  MathSciNet  Google Scholar 

  29. Nataraj L, Manjunath BS (2016) SPAM: signal processing to analyze malware. ar**v preprint. ar**v:1605.05280

  30. Makandar A, Patrot A (2015) Malware analysis and classification using artificial neural network. In: 2015 International conference on trends in automation, communications and computing technology (I-TACT-15), vol 1. IEEE. https://www.youtube.com/watch?v=VLQTRlLGz5Y. Accessed 07 July 2016 (23:12:18)

  31. Masud MM, Khan L, Thuraisingham B (2008) A scalable multi-level feature extraction technique to detect malicious executables. Inf Syst Front 10(1):33–45

    Article  Google Scholar 

  32. Ahmadi M et al (2016) Novel feature extraction, selection and fusion for effective malware family classification. In: Proceedings of the sixth ACM conference on data and application security and privacy. ACM, New York

  33. Chen T, Guestrin C (2016) Xgboost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD international conference on knowledge discovery and data mining. ACM, New York

  34. http://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html. Accessed 07 July 07 2016 (12:04:15)

Download references

Author information

Authors and Affiliations

  1. Indira Gandhi Delhi Technical University for Women, Kashmere Gate, New Delhi, 110006, India

    Yansi Keim & A. K. Mohapatra

Authors
  1. Yansi Keim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. K. Mohapatra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yansi Keim.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Keim, Y., Mohapatra, A.K. Cyber threat intelligence framework using advanced malware forensics. Int. j. inf. tecnol. 14, 521–530 (2022). https://doi.org/10.1007/s41870-019-00280-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s41870-019-00280-3

Keywords

Search

Navigation