Graph Visualization of Cyber Threat Intelligence Data for Analysis of Cyber Attacks

Abstract

Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. Cyber threat intelligence sources include open-source intelligence, social media intelligence, human intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic, and data derived for the deep and dark web. In this study, graph visualization is discussed for the intelligible and accurate analysis of complex cyber threat intelligence data, including network attacks. The processes of collecting, cleaning, organizing, and visualizing cyber intelligence data in different formats and contents on a single platform are given step by step. Dynamic graphs play an active role in these systems, where the attack locations and targets from different points are constantly variable. Therefore, research on dynamic graph solutions and visualization in the visual analysis of cyberattacks is presented.

Keywords

• cyber security
• graph visualization
• dynamic graph
• cyber threat intelligence
• cyber attack visualization
• big data

References

1. [1] Y. Bu ̈rhan and R. Das ̧, “Co-author link prediction from academic databases,” Gazi University, Journal of Polytechnic, vol. 20, no. 4, pp. 787–800, Dec. 2017. [Online]. Available: http://dergipark.gov.tr/ download/article- file/387477
2. [2] L. Yang, E. Cheng, and Z. M. O ̈zsoyog ̆lu, “Efficient path-based computations on pedigree graphs with compact encodings,” BMC Bioinformatics, vol. 13, no. S3, p. S14, Dec. 2012. [Online]. Available: https://bmcbioinformatics.biomedcentral. com/articles/10.1186/1471- 2105- 13- S3- S14
3. [3] Q. Guo, X. Qiu, X. Xue, and Z. Zhang, “Syntax-guided text generation via graph neural network,” Science China Information Sciences, vol. 64, no. 5, p. 152102, May 2021. [Online]. Available: http://link.springer.com/10.1007/s11432-019-2740-1
4. [4] B. Xie, C. Qi, H. Ben, and W. Yu, “The applications of graph theory in electric network,” in 2019 International Conference on Sensing, Diagnostics, Prognostics, and Control (SDPC). Beijing, China: IEEE, Aug. 2019, pp. 780–784. [Online]. Available: https: //ieeexplore.ieee.org/document/9168962/
5. [5] D. P. Sinha, “A pairing between graphs and trees,” arXiv:math/0502547, Oct. 2006, arXiv: math/0502547. [Online]. Available: http://arxiv.org/ abs/math/0502547
6. [6] S. A. M. A. Junid, N. M. Tahir, Z. A. Majid, and M. F. M. Idros, “Potential of graph theory algorithm approach for DNA sequence alignment and comparison,” in 2012 Third International Conference on Intelligent Systems Modelling and Simulation. Kota Kinabalu, Malaysia: IEEE, Feb. 2012, pp. 187–190. [Online]. Available: http://ieeexplore.ieee.org/document/6169697/
7. [7] J. Zhao, Q. Yan, J. Li, M. Shao, Z. He, and B. Li, “TIMiner: Automatically extracting and analyzing categorized cyber threat intelligence from social data,” Computers & Security, vol. 95, p. 101867, Aug. 2020. [Online]. Available: https://linkinghub.elsevier.com/ retrieve/pii/S0167404820301395
8. [8] OASIS, “STIXTM version 2.0. part 3: Cyber observable core concepts.”

9. [9] E. Rossi, B. Chamberlain, F. Frasca, D. Eynard, F. Monti, and M. Bronstein, “Temporal graph networks for deep learning on dynamic graphs,” arXiv:2006.10637 [cs, stat], Oct. 2020, arXiv: 2006.10637. [Online]. Available: http://arxiv.org/abs/2006.10637
10. [10] F. Harary and G. Gupta, “Dynamic graph models,” Mathematical and Computer Modelling, vol. 25, no. 7, pp. 79–87, Apr. 1997. [Online]. Available: https://linkinghub.elsevier.com/retrieve/pii/ S0895717797000502
11. [11] M. Krzywinski, I. Birol, S. J. Jones, and M. A. Marra, “Hive plots– rational approach to visualizing networks,” Briefings in Bioinformatics, vol. 13, no. 5, pp. 627–644, Sep. 2012. [Online]. Available: https://academic.oup.com/bib/article- lookup/doi/10.1093/bib/bbr069
12. [12] R. Das and I. Turkoglu, “Creating meaningful data from web logs for improving the impressiveness of a website by using path analysis method,” Expert Systems with Applications, vol. 36, no. 3, Part 2, pp. 6635–6644, Apr. 2009. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0957417408005952
13. [13] S. Noel, E. Harley, K. Tam, M. Limiero, and M. Share, “Chapter 4 - cygraph: Graph-based analytics and visualization for cybersecurity,” in Cognitive Computing: Theory and Applications, ser. Handbook of Statistics, V. N. Gudivada, V. V. Raghavan, V. Govindaraju, and C. Rao, Eds. Elsevier, 2016, vol. 35, pp. 117–167. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0169716116300426
14. [14] “Global international migration flows | Wittgenstein Centre.” [Online]. Available: http://download.gsb.bund.de/BIB/global flow/
15. [15] G. Chen, “Information fusion and visualization of cyber-attack graphs,” SPIE Newsroom, 2007. [Online]. Available: http://www.spie.org/x14562. xml
16. [16] M. Alshammari and A. Rezgui, “An all pairs shortest path algorithm for dynamic graphs,” International Journal of Mathematics and Computer Science, p. 20, 2020.
17. [17] J. R. Nascimento, U. S. Souza, and J. L. Szwarcfiter, “Partitioning a graph into complementary subgraphs,” Graphs and Combinatorics, vol. 37, no. 4, pp. 1311–1331, Jul. 2021. [Online]. Available: https://link.springer.com/10.1007/s00373-021-02319-4
18. [18] S. V. Patil and D. B. Kulkarni, “K-way spectral graph partitioning for load balancing in parallel computing,” Bharati Vidyapeeth’s Institute of Computer Applications and Management, Aug. 2021. [Online]. Available: https://link.springer.com/10.1007/s41870-021-00777-w
19. [19] M.Baykara,R.Das ̧,andG.Tuna,“Websunucueris ̧imku ̈tu ̈klerinden web ataklarının tespitine yo ̈nelik web tabanlı log analiz platformu,” Fırat U ̈niversitesi Mu ̈hendislik Bilimleri Dergisi, vol. 28, pp. 291 – 302, 2016.
20. [20] “Visualized SDO relationships,” Sep. 2021. [Online]. Available: https://oasis- open.github.io/cti- documentation/examples/ visualized- sdo- relationships
21. [21] S. Majeed, M. Uzair, U. Qamar, and A. Farooq, “Social Network Analysis Visualization Tools: A Comparative Review,” in 2020 IEEE 23rd International Multitopic Conference (INMIC). Bahawalpur, Pakistan: IEEE, Nov. 2020, pp. 1–6. [Online]. Available: https: //ieeexplore.ieee.org/document/9318162/
22. [22] S. Hussain, L. Muhammad, and A. Yakubu, “Mining social media and DBpedia data using Gephi and R,” Journal of Applied Computer Science & Mathematics, vol. 12, no. 1, pp. 14–20, 2018. [Online]. Available: http://www.jacsm.ro/view/?pid=25 2
23. [23] G. Drakopoulos, A. Baroutiadi, and V. Megalooikonomou, “Higher order graph centrality measures for Neo4j,” in 2015 6th International Confer- ence on Information, Intelligence, Systems and Applications (IISA), Jul. 2015, pp. 1–6.
24. [24] E. Curmi, R. Fenner, K. Richards, J. M. Allwood, B. Bajzˇelj, and G. M. Kopec, “Visualising a stochastic model of californian water resources using sankey diagrams,” Water Resources Management, vol. 27, no. 8, pp. 3035–3050, Jun. 2013. [Online]. Available: http://link.springer.com/10.1007/s11269-013-0331-2