BIBLIOS

  Sistema de Gestão de Referências Bibliográficas de Ciências

Modo Visitante (Login)
Need help?


Voltar

Detalhes Referência

Tipo
Artigos em Conferência

Tipo de Documento
Resumo Extendido

Título
Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists

Participantes na publicação
João Alves (Author)
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA
Ana Respício (Author)
Dep. Informática
CMAFcIO
Ivo Rosa (Author)
EDP - ENERGIAS DE PORTUGAL, S.A.
Pedro Rodrigues (Author)
EDP - ENERGIAS DE PORTUGAL, S.A.

Resumo
Cybercrime activity has been growing over the years and there is no evidence that this tendency will stop in the near future, hence it raises the obligation of the organization’s cybersecurity team to strengthen the cybersecurity, to avoid irreversible damages. The use of public blacklists is one strategy to monitor the organization’s network to detect suspicious communications, however, the use of public blacklist generates a high percentage of false positives alerts. This paper describes a\nsolution that gathers external information about malicious IP, reported by public blacklists, and organization’s internal information regarding security incidents, to calculate reputation scores for external IP and public IP blacklists. The reputation score is used by the SIEM rules to select the type of alert for each IP address to monitor. The objective is to decrease the rate of false positives alerts that are usually generated when using public blacklists. The trustworthiness score will aid the SOC team to select the public blacklists that can be more suitable for the organization cyber context. The presented solution is aimed at enhancing the SIEM’s coverage on cybercrime activity over the organization’s network. Preliminary results of an application on a worldwide company are presented.

Data de Publicação
2017-10-24

Evento
eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research

Identificadores da Publicação

Local
Porto, Portugal

Organizadores
APWG.EU

Identificadores do Documento
URL - http://disiem-project.eu/wp-content/uploads/2017/11/Threat-Intelligence-Improving-SIEM-cybercriminality-awareness-using-information-from-IP-blacklists.pdf

Keywords
—threat intelligence; security metrics; public blacklists; open-source intelligence security information and event management cybercrime threat intelligence security metrics public blacklists open-source intelligence security information and event management cybercrime security information and event management cybercrime security information and event management security information and event management cybercrime cybercrime


Exportar referência

APA
João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues, (2017). Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists. eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, -

IEEE
João Alves, Ana Respício, Ivo Rosa, Pedro Rodrigues, "Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists" in eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research, Porto, Portugal, 2017, pp. -, doi:

BIBTEX
@InProceedings{41207, author = {João Alves and Ana Respício and Ivo Rosa and Pedro Rodrigues}, title = {Threat Intelligence – Improving SIEM cybercrime awareness using information from IP blacklists}, booktitle = {eCrime2017.EU – APWG.EU Symposium on Electronic Crime Research}, year = 2017, pages = {-}, address = {Porto, Portugal}, publisher = {} }