{"title":"Detecting Network Threats using OSINT Knowledge-Based IDS","authors":"Ivo Vacas, Ibéria Medeiros, N. Neves","doi":"10.1109/EDCC.2018.00031","DOIUrl":null,"url":null,"abstract":"Cybercrime has steadily increased over the last years, being nowadays the greatest security concern of most enterprises. Institutions often protect themselves from attacks by employing intrusion detection systems (IDS) that analyze the payload of packets to find matches with rules representing threats. However, the accuracy of these systems is as good as the knowledge they have about the threats. Nowadays, with the continuous flow of novel forms of sophisticated attacks and their variants, it is a challenge to keep an IDS updated. Open Source Intelligence (OSINT) could be explored to effectively obtain this knowledge, by retrieving information from diverse sources. This paper proposes a fully automated approach to update the IDS knowledge, covering the full cycle from OSINT data feed collection until the installation of new rules and blacklists. The approach was implemented as the IDSoSint system and was assessed with 49 OSINT feeds and production traffic. It was able to identify in real time various forms of malicious activities, including botnet C&C servers communications, remote access applications, brute-force attacks, and phishing events.","PeriodicalId":129399,"journal":{"name":"2018 14th European Dependable Computing Conference (EDCC)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 14th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2018.00031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
Cybercrime has steadily increased over the last years, being nowadays the greatest security concern of most enterprises. Institutions often protect themselves from attacks by employing intrusion detection systems (IDS) that analyze the payload of packets to find matches with rules representing threats. However, the accuracy of these systems is as good as the knowledge they have about the threats. Nowadays, with the continuous flow of novel forms of sophisticated attacks and their variants, it is a challenge to keep an IDS updated. Open Source Intelligence (OSINT) could be explored to effectively obtain this knowledge, by retrieving information from diverse sources. This paper proposes a fully automated approach to update the IDS knowledge, covering the full cycle from OSINT data feed collection until the installation of new rules and blacklists. The approach was implemented as the IDSoSint system and was assessed with 49 OSINT feeds and production traffic. It was able to identify in real time various forms of malicious activities, including botnet C&C servers communications, remote access applications, brute-force attacks, and phishing events.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
