An architecture for processing a dynamic heterogeneous information network of security intelligence

Marios Anagnostopoulos, Egon Kidmose, Amine Laghaout, Rasmus L. Olsen, Sajad Homayoun, Christian D. Jensen, Jens Myrup Pedersen

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

54 Downloads (Pure)

Abstract

Security intelligence is widely used to solve cyber security issues in computer and network systems, such as incident prevention, detection, and response, by applying machine learning (ML) and other data-driven methods. To this end, there is a large body of prior research works aiming to solve security issues in specific scenarios, using specific types of data or applying specific algorithms. However, by being specific it has the drawback of becoming cumbersome to adjust existing solutions to new use cases, data, or problems. Furthermore, all prior research, that strives to be more generic, is either able to operate with complex relations (graph-based), or to work with time varying intelligence (time series), but rarely with both. In this paper, we present the reference architecture of the SecDNS framework for representing the collected intelligence data with a model based on a graph structure, which simultaneously encompasses the time variance of these data and providing a modular architecture for both the data model and the algorithms. In addition, we leverage on the concept of belief propagation to infer the maliciousness of an entity based on its relations with other malicious or benign entities or events. This way, we offer a generic platform for processing dynamic and heterogeneous security intelligence with an evolving collection of sources and algorithms. Finally, to demonstrate the modus operandi of our proposal, we implement a proof of concept of the platform, and we deploy it in the use case of phishing email attack scenario.
Original languageEnglish
Title of host publicationProceedings of 15th International Conference on Network and System Security
Number of pages17
PublisherIEEE
Publication statusAccepted/In press - 2021
Event15th International Conference on Network and System Security - Tianjin, China
Duration: 23 Oct 202123 Oct 2021
http://nsclab.org/nss2021/

Conference

Conference15th International Conference on Network and System Security
Country/TerritoryChina
CityTianjin
Period23/10/202123/10/2021
Internet address

Keywords

  • Security intelligence
  • Belief propagation
  • System architecture ·
  • Graph network
  • Design matrices

Fingerprint

Dive into the research topics of 'An architecture for processing a dynamic heterogeneous information network of security intelligence'. Together they form a unique fingerprint.

Cite this