skip to main content
10.1145/2808128.2808130acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article
Public Access

Data Mining for Efficient Collaborative Information Discovery

Published: 12 October 2015 Publication History

Abstract

The cybersecurity community expends considerable effort on establishing protocols, data formats, and coordination centers for sharing operational security information. There is widespread agreement that sharing information should create value, but also that it is far from simple for one organization to use intelligence provided to it by another. Substantial work focuses on engineering ontologies and data formats to resolve syntactic, and to some extent semantic, differences. These solutions aim to create high quality low noise shared data resources, but require substantial commitments in technology, man hours, and inter-organizational relationship building. Such expenditures may be beyond the reach of many organizations, especially since a substantial portion of the resulting shared data will remain unused.
We contend that applying data mining and statistical learning methods to more easily obtainable, inconsistently or entirely unstructured data can guide and prioritize effort. We demonstrate these ideas with a case study of the incident reports collected by US-CERT in the course of one year. We find that data mining techniques can identify subsets of the indicator and incident landscapes for which the exchange of complete incident information may be useful to analysts and decision makers. The techniques studied here may allow broader participation in information sharing efforts, and make better use of the valuable resources dedicated to collaborative cybersecurity information discovery.

References

[1]
US-CERT Federal Incident Notification Guidelines.
[2]
S. Barnum. Standardizing cyber threat intelligence information with the Structured Threat Information eXpression (STIX). Technical report, MITRE, 2012.
[3]
A. Chuvakin and D. Blum. Information Sharing as an Industry Imperative to Improve Security. Technical report, Gartner, 2013.
[4]
J. Connolly, M. Davidson, and C. Schmidt. The Trusted Automated eXchange of Indicator Information (TAXII). Technical report, MITRE, 2014.
[5]
G. Fisk, C. Ardi, N. Pickett, J. Heidemann, M. Fisk, C. Papadopoulos, and M. Rey. Privacy Principles for Sharing Cyber Security Data. In IEEE CS Security and Privacy Workshops, pages 193--197, 2015.
[6]
M. H. Fleming and E. Goldstein. Evaluating the Impact of Cybersecurity Information Sharing on Cyber Incidents and Their Consequences. Technical report, Homeland Security Studies and Analysis Institute, 2014.
[7]
J. Freudiger, E. De Cristofaro, and A. Brito. Controlled Data Sharing for Collaborative Predictive Blacklisting. In DIMVA, 2015.
[8]
M. Gupte and T. Eliassi-Rad. Measuring tie strength in implicit social networks. Proceedings of the 3rd Annual ACM Web Science Conference on - WebSci '12, pages 109--118, 2012.
[9]
K. Harrison and G. White. Information sharing requirements and framework needed for community cyber incident detection and response. 2012 IEEE International Conference on Technologies for Homeland Security, HST 2012, pages 463--469, 2012.
[10]
P. Indyk and R. Motwani. Approximate nearest neighbors: towards removing the curse of dimensionality. In Proceedings of the thirtieth annual ACM symposium on Theory of computing, pages 604--613. ACM, 1998.
[11]
M. C. Libicki. Sharing Information About Threats Is Not a Cybersecurity Panacea. Technical report, RAND, 2015.
[12]
D. Mann, S. S. Shapiro, and D. Bodeau. Bilateral Analysis of Information Sharing Efforts : Determining the Expected Effectiveness of Information Sharing Efforts. In ACM WISCS, pages 41--50, 2014.
[13]
D. Rhoades. Machine Actionable Indicators of Compromise. In ICCST Security Technology, 2014.
[14]
M. Rosvall and C. T. Bergstrom. Maps of random walks on complex networks reveal community structure. Proceedings of the National Academy of Sciences of the United States of America, 105(4):1118--1123, 2008.
[15]
O. Serrano, L. Dandurand, and S. Brown. On the Design of a Cyber Security Data Sharing System. In ACM WISCS, pages 61--69, 2014.
[16]
F. Skopik, M. Wurzenberger, G. Settanni, and R. Fiedler. Establishing National Cyber Situational Awareness through Incident Information Clustering. In Cyber Science, 2015.
[17]
W. Zhao and G. White. Designing a formal model facilitating collaborative information sharing for community cyber security. Proceedings of the Annual Hawaii International Conference on System Sciences, pages 1987--1996, 2014.

Cited By

View all
  • (2022)Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning TechniquesCybernetics and Information Technologies10.2478/cait-2022-001922:2(96-113)Online publication date: 1-Jun-2022
  • (2019)Cyber Threat Information SharingProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3340528(1-9)Online publication date: 26-Aug-2019
  • (2017)Mining Attributed Graphs for Threat IntelligenceProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029811(15-22)Online publication date: 22-Mar-2017
  • Show More Cited By

Index Terms

  1. Data Mining for Efficient Collaborative Information Discovery

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Conferences
      WISCS '15: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security
      October 2015
      84 pages
      ISBN:9781450338226
      DOI:10.1145/2808128
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Sponsors

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 12 October 2015

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. data mining
      2. pattern discovery
      3. security

      Qualifiers

      • Research-article

      Funding Sources

      • Department of Defense

      Conference

      CCS'15
      Sponsor:

      Acceptance Rates

      WISCS '15 Paper Acceptance Rate 6 of 16 submissions, 38%;
      Overall Acceptance Rate 23 of 58 submissions, 40%

      Upcoming Conference

      CCS '25

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)88
      • Downloads (Last 6 weeks)9
      Reflects downloads up to 22 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2022)Visualizing Interesting Patterns in Cyber Threat Intelligence Using Machine Learning TechniquesCybernetics and Information Technologies10.2478/cait-2022-001922:2(96-113)Online publication date: 1-Jun-2022
      • (2019)Cyber Threat Information SharingProceedings of the 14th International Conference on Availability, Reliability and Security10.1145/3339252.3340528(1-9)Online publication date: 26-Aug-2019
      • (2017)Mining Attributed Graphs for Threat IntelligenceProceedings of the Seventh ACM on Conference on Data and Application Security and Privacy10.1145/3029806.3029811(15-22)Online publication date: 22-Mar-2017
      • (2016)MISPProceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security10.1145/2994539.2994542(49-56)Online publication date: 24-Oct-2016

      View Options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Login options

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media