BIBLIOS

  Ciências References Management System

Visitor Mode (Login)
Need help?


Back

Publication details

Document type
Conference papers

Document subtype
Extended abstract/Short paper

Title
Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists

Participants in the publication
João Alves (Author)
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA
Ana Respício (Author)
Dep. Informática
CMAFcIO
Ivo Rosa (Author)
EDP - ENERGIAS DE PORTUGAL, S.A.
Pedro Rodrigues (Author)
EDP - ENERGIAS DE PORTUGAL, S.A.

Summary
Cybercrime activity has been growing over the years and there is no evidence that this tendency will stop in the near future, hence it raises the obligation of the organization’s cybersecurity team to strengthen the cybersecurity, to avoid irreversible damages. The use of public blacklists is one strategy to monitor the organization’s network to detect suspicious communications, however, the use of public blacklist generates a high percentage of false positives alerts. This paper describes a\nsolution that gathers external information about malicious IP, reported by public blacklists, and organization’s internal information regarding security incidents, to calculate reputation scores for external IP and public IP blacklists. The reputation score is used by the SIEM rules to select the type of alert for each IP address to monitor. The objective is to decrease the rate of false positives alerts that are usually generated when using public blacklists. The trustworthiness score will aid the SOC team to select the public blacklists that can be more suitable for the organization cyber context. The presented solution is aimed at enhancing the SIEM’s coverage on cybercrime activity over the organization’s network. Preliminary results of an application on a worldwide company are presented.

Date of Publication
2017-10-24

Event
eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research

Publication Identifiers

Address
Porto, Portugal

Organizers
APWG.EU

Document Identifiers
URL - http://disiem-project.eu/wp-content/uploads/2017/11/Threat-Intelligence-Improving-SIEM-cybercriminality-awareness-using-information-from-IP-blacklists.pdf

Keywords
—threat intelligence; security metrics; public blacklists; open-source intelligence security information and event management cybercrime threat intelligence security metrics public blacklists open-source intelligence security information and event management cybercrime security information and event management cybercrime security information and event management security information and event management cybercrime cybercrime


Export

APA
João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues, (2017). Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists. eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, -

IEEE
João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues, "Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists" in eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, Porto, Portugal, 2017, pp. -, doi:

BIBTEX
@InProceedings{41207, author = {João Alves and Ana Respício and Ivo Rosa and Pedro Rodrigues}, title = {Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists}, booktitle = {eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research}, year = 2017, pages = {-}, address = {Porto, Portugal}, publisher = {} }