Development of a semantic-enabled cybersecurity threat intelligence sharing model

Mtsweni, Jabu S; Shozi, Nobubele A; Matenche, Kqwadi; Mutemwa, Muyowa; Mkhonto, Njabulo; Jansen van Vuuren, Joey

dc.contributor.author	Mtsweni, Jabu S
dc.contributor.author	Shozi, Nobubele A
dc.contributor.author	Matenche, Kqwadi
dc.contributor.author	Mutemwa, Muyowa
dc.contributor.author	Mkhonto, Njabulo
dc.contributor.author	Jansen van Vuuren, Joey
dc.date.accessioned	2017-07-28T09:08:48Z
dc.date.available	2017-07-28T09:08:48Z
dc.date.issued	2016-03
dc.identifier.citation	Mtsweni, J.S., Shozi, N.A., Matenche, K. et al. 2016. Development of a semantic-enabled cybersecurity threat intelligence sharing model. 11th International Conference on Cyber Warfare & Security, 17 - 18 March 2016, Boston University, Boston, USA.	en_US
dc.identifier.uri	http://hdl.handle.net/10204/9370
dc.description	11th International Conference on Cyber Warfare & Security, 17 - 18 March 2016, Boston University, Boston, USA	en_US
dc.description.abstract	Big Data is transforming the global technological landscape by elevating online information access required for addressing everyday challenges, such as detecting in real-time the spread of diseases within areas of interest. As the data in the cyberspace continues to grow in a gargantuan manner due to the popularity and successes of Web 2.0 technologies and social networks, amongst other reasons, organizations also continue to face the complex challenge of sifting through this data to timely detect and respond to security threats relevant to their operating domain. Traditional businesses and governmental organisations generally rely on inefficient and discrete solutions that rely on limited sources of information, signature-based and anomaly-based approaches to detect known cyber threats and attacks. On the contrary, threat agents continue to develop advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In addition, emerging cybersecurity intelligence solutions lack the semantic knowledge essential for automated sharing of timely and context-aware information within a specific operating domain. Moreover, existing cybersecurity information sharing solutions lack the visualization and intelligence necessary for handling the large volume of unstructured data generated by multiple sources across different sectors. In an attempt to address some of these challenges, this paper presents a preposition of a semantic-enabled sharing model for exchanging timely and relevant cybersecurity intelligence with trusted collaborators. Drawing from previous research and open source sharing platforms, such as CRITS, this model is underpinned by common information exchange standards, such as STIX and TAXII. The proposed cross-platform sharing model is evaluated by exploiting a large stream of cybersecurity-related tweets and semantic knowledge available from a variety of data sources. Preliminary results suggest that semantic knowledge is essential towards enabling collaborative and automated exchange of timely and actionable cybersecurity intelligence.	en_US
dc.language.iso	en	en_US
dc.relation.ispartofseries	Worklist;18151
dc.subject	Cybersecurity	en_US
dc.subject	Threat intelligence	en_US
dc.subject	Crowdsourcing	en_US
dc.subject	Big data	en_US
dc.subject	Web security	en_US
dc.subject	Vulnerabilities	en_US
dc.title	Development of a semantic-enabled cybersecurity threat intelligence sharing model	en_US
dc.type	Conference Presentation	en_US
dc.identifier.apacitation	Mtsweni, J. S., Shozi, N. A., Matenche, K., Mutemwa, M., Mkhonto, N., & Jansen van Vuuren, J. (2016). Development of a semantic-enabled cybersecurity threat intelligence sharing model. http://hdl.handle.net/10204/9370	en_ZA
dc.identifier.chicagocitation	Mtsweni, Jabu S, Nobubele A Shozi, Kqwadi Matenche, Muyowa Mutemwa, Njabulo Mkhonto, and Joey Jansen van Vuuren. "Development of a semantic-enabled cybersecurity threat intelligence sharing model." (2016): http://hdl.handle.net/10204/9370	en_ZA
dc.identifier.vancouvercitation	Mtsweni JS, Shozi NA, Matenche K, Mutemwa M, Mkhonto N, Jansen van Vuuren J, Development of a semantic-enabled cybersecurity threat intelligence sharing model; 2016. http://hdl.handle.net/10204/9370 .	en_ZA
dc.identifier.ris	TY - Conference Presentation AU - Mtsweni, Jabu S AU - Shozi, Nobubele A AU - Matenche, Kqwadi AU - Mutemwa, Muyowa AU - Mkhonto, Njabulo AU - Jansen van Vuuren, Joey AB - Big Data is transforming the global technological landscape by elevating online information access required for addressing everyday challenges, such as detecting in real-time the spread of diseases within areas of interest. As the data in the cyberspace continues to grow in a gargantuan manner due to the popularity and successes of Web 2.0 technologies and social networks, amongst other reasons, organizations also continue to face the complex challenge of sifting through this data to timely detect and respond to security threats relevant to their operating domain. Traditional businesses and governmental organisations generally rely on inefficient and discrete solutions that rely on limited sources of information, signature-based and anomaly-based approaches to detect known cyber threats and attacks. On the contrary, threat agents continue to develop advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In addition, emerging cybersecurity intelligence solutions lack the semantic knowledge essential for automated sharing of timely and context-aware information within a specific operating domain. Moreover, existing cybersecurity information sharing solutions lack the visualization and intelligence necessary for handling the large volume of unstructured data generated by multiple sources across different sectors. In an attempt to address some of these challenges, this paper presents a preposition of a semantic-enabled sharing model for exchanging timely and relevant cybersecurity intelligence with trusted collaborators. Drawing from previous research and open source sharing platforms, such as CRITS, this model is underpinned by common information exchange standards, such as STIX and TAXII. The proposed cross-platform sharing model is evaluated by exploiting a large stream of cybersecurity-related tweets and semantic knowledge available from a variety of data sources. Preliminary results suggest that semantic knowledge is essential towards enabling collaborative and automated exchange of timely and actionable cybersecurity intelligence. DA - 2016-03 DB - ResearchSpace DP - CSIR KW - Cybersecurity KW - Threat intelligence KW - Crowdsourcing KW - Big data KW - Web security KW - Vulnerabilities LK - https://researchspace.csir.co.za PY - 2016 T1 - Development of a semantic-enabled cybersecurity threat intelligence sharing model TI - Development of a semantic-enabled cybersecurity threat intelligence sharing model UR - http://hdl.handle.net/10204/9370 ER -	en_ZA

Files in this item

Name: Mtsweni_18151_2016.pdf

Size: 427.4Kb

Format: PDF

Description: Conference paper

View/Open

This item appears in the following Collection(s)

Conference Publications

Show simple item record

Browse

All of ResearchSpace
This Collection
- By Issue Date
- Authors
- Titles
- Subjects
- Publication Type
- Cluster
- Impact Area

Quick Links

Legislation and compliance

General Enquiries

Tel: + 27 12 841 2911
Email: callcentre@csir.co.za

Physical Address
Meiring Naudé Road
Brummeria
Pretoria
South Africa

Postal Address
PO Box 395
Pretoria 0001
South Africa

Social Connect

Resources on this site are free to download and reuse according to associated licensing provision. Please read the terms and conditions of usage of each resource.