Oleksii Osliak

Topic: 
Dynamic threat assessment & prediction
Research work: 

The main objective of the research is to design a framework for collaborative analysis of Cyber-Threat Information (CTI). The framework itself requires automated data preprocessing for fast and effective analysis and secure information sharing among parties involved in the process. However, often CTI includes sensitive data (private and confidential information) that might be used illegally. Often, intruders use sensitive information in performing attacks on systems (e.g., injection attacks). Considering an increased number of attacks on Critical Infrastructures (CI) such as Industrial Control Systems and Smart Grids, and taking into account consequences of attacks, the development of new solutions for cybersecurity of these systems become more crucial.

The emphasis of the research is developing a security management framework for secure analysis and sharing of CTI in Industrial Control Systems. The framework will integrate intrusion detection techniques, threat, and vulnerability assessment, secure information sharing, and decision making based on the analyzed information.

Moreover, my work will focus on the practical development of new security solutions for solving issues related to communication and data access in ICS.

ESRs Publications

Description:

The paper proposes a STIX-based data representation for privacy-preserving data analysis, to report format and semantics of specific data types, and to represent sticky policies in the format of embedded human-readable DSAs. More specifically, we exploit and extend the STIX standard, to represent in a structured way analysis-ready pieces of data and the attached privacy policies. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Moreover, the paper provides a new scheme for general Data-Sharing Agreement representation that has been practically applied for the process of encoding specific attributes in different Cyber-Threat Intelligence reports. Due to the chosen approach, the research results may have limitations. Specifically, current practice for entity recognition has the limitation that was discovered during the research. However, its effect on process time was minimized. This paper has covered the existing gap including the lack of generality in DSA representation for privacy-preserving analysis of structured CTI. Therefore, the new model for DSA representation was introduced as well as its practical implementation.

Description:

This paper proposes an extension to the standard STIX representation for Cyber Threat Information (CTI) which couples specific data attributes with privacy-preserving conditions expressed through Data Sharing Agreements (DSA). The proposed scheme allows, in fact, to define sharing and anonymization policies in the form of a human-readable DSA, bound to the specific CTI. The whole scheme is designed to be completely compatible with the STIX 2.0 standard for CTI representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Hence, an application to an email is presented, together with DSA definition and inclusion in a STIX record. Finally, a set of experiments will show the performance improvement related to data access, brought by the adoption of the proposed scheme.