Abstract
Open Source Intelligence (OSINT) is a system of intelligence generation from information gathered by systematic
collection, processing and analysis of publicly available information. Open source intelligence is seen as a strategic
intelligence. Open source intelligence for cyber attacks will create a new level of intelligence to prevent attacks.
Social media is a fast and effective resource for intelligence. Research shows that zero-day attacks can be detected
through social media without attack or spread. Therefore, it is thought that OSINT-based intrusion prevention
systems will provide effective prevention against cyber attacks. In this study, a literature review about OSINTbased intrusion detection studies and a semi-automatic OSINT-based intrusion prevention model that was introduced when attack intelligence was provided through social media was proposed. This model is created in
such a way that the intelligence data can be automatically added to the system (BlackIP, virus signature, etc.) from
within the tweets, and to provide maximum information as soon as possible to the expert to analyze the attack.
References
- [1] Department of the Army. (2012, Temmuz). Open-Source Intelligence. Army Techniques Publication. Erişim: https://fas.org/irp/doddir/army/atp2-22-9.pdf.
- [2] R. D. Steele, “Open Source Intelligence:What Is It? Why Is It Important to the Military?,”American Intelligence Journal, vol. 17, no. 1&2, pp. 35-41, 1996.
- [3] F. Ansari, M. Akhlaq ve A. Rauf, “Social networks and web security: Implications on open source intelligence,” 2nd National Conference on Information Assurance (NCIA), Rawalpindi, Pakistan, 2013, ss. 79-82.
- [4] A. Sapienza, A. Bessi, S. Damodaran, P. Shakarian, K. Lerman ve E. Ferrara, “Early warnings of cyber threats in online discussions,” 2017 IEEE International Conference on Data Mining Workshops, New Orleans, LA, A.B.D., 2017, ss. 667-674.
- [5] DiSIEM Consortium, “D4.2 OSINT data fusion and analysis architecture,” Rap., 2 Mart 2018. Erişim: http://www.disiem-project.eu/wp-content/uploads/2018/03/D4.2.pdf.
- [6] R. Campiolo, L. A. F. Santos, D. M. Batista ve M. A. Gerosa “Evaluating the utilization of Twitter messages as a source of security alerts,” The 28th Annual ACM Symposium on Applied Computing, Coimbra, Portekiz, 2013, pp. 942-943.
- [7] P. Mueller ve B. Yedagari, “The Stuxnet Worm,” University of Arizona, Rap., 2012. Available:https://www2.cs.arizona.edu/~collberg/Teaching/466- 566/2012/Resources/presentations/topic9-final/report.pdf. [Erişildi: 14.01.2019].
- [8] S. Lee ve T. Shon, “Open source intelligence base cyber threat inspection framework for critical infrastructures,” 2016 Future Technologies Conference (FTC), San Francisco, CA, A.B.D., 2016, ss. 1030-1033.
- [9] V. S. Carvalho, M. J. Polidoro ve J. P. Magalhaes, “OwlSight: Platform for real-time detection and visualization of cyber threats,” 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), New York, NY, A.B.D., 2016, pp. 61-66.
- [10] S. Mittal, P. K. Das, V. Mulwady , A. Joshi ve T. Finin, “CyberTwitter: Using Twitter to generate alerts for cybersecurity threats and vulnerabilities,” 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), San Francisco, CA, 2016, pp. 860- 867.
- [12] .internetlivestats.com. [Çevrimiçi]. Available: http://www.internetlivestats.com/twitterstatistics/. [Erişildi: 02.12.2018].
- [13] Y. Erkal, M. Sezgin ve S. Gündüz, “A new cyber security alert system for Twitter,” 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), Miami, FL, A.B.D., 2015, pp. 766-770.
- [14] M. Spitters, P. T. Eendebak, D. T. Worm ve H. Bouma, “Threat detection in tweets with trigger patterns and contextual cues,” 2014 IEEE Joint Intelligence and Security Informatics Conference, Hague, Holland, 2014, pp. 216-219.
- [15] tweepy.org. [Çevrimiçi]. Available: http://www.tweepy.org/. [Erişildi: 12.02.2018].
- [16] G. Gu, “Machine learning meets social networking security: Detecting and analyzing malicious social networks for fun and profit,” the 5th ACM Workshop on Security and Artificial Intelligence, Raleigh, North Carolina, A.B.D., 2012, pp. 1-2.
- [17] İ. Civelek, M. Kara ve K. Kaya, “Cyber security model via social media with open source intelligence,” 2018 1. Uluslararası Akdeniz Sempozyumu, Mersin, Türkiye, 2018, pp. 52-64.
Abstract
Açık kaynak istihbaratı (Open Source Intelligence, OSINT), kamuya açık bilgilerin sistematik olarak toplanması,
işlenmesi ve analiz edilmesi sonucu elde edilen bilgiden istihbarat üretme disiplinidir. Açık kaynak istihbaratı
çıkarmak stratejik bir zekâ olarak görülmektedir. Siber saldırılar için açık kaynak istihbaratı çıkarmak, saldırıların
önlenmesi için yeni bir zekâ seviyesi oluşturacaktır. Sosyal medya, istihbarat için hızlı ve etkili bir kaynak
oluşturmaktadır. Yapılan araştırmalar sıfırıncı gün (zero-day) atakların, saldırı gerçekleşmeden ya da henüz çok
yayılmadan sosyal medya üzerinden tespit edilebildiğini göstermektedir. Bu nedenle OSINT tabanlı saldırı önleme
sistemlerinin, siber ataklara karşı etkili bir önleme sağlayacağı düşünülmektedir. Bu çalışmada OSINT tabanlı
saldırı tespit çalışmaları ile ilgili literatür taraması yapılmış aynı zamanda sosyal medya üzerinden saldırı
istihbaratı sağlandığı anda devreye giren yarı-otomatik OSINT tabanlı saldırı önleme modeli önerilmiştir. Bu
model, tweetler içerisinden istihbarat dataların çıkartılabildiği durumunda (BlackIP, virüs imzası vb.) sisteme
otomatik eklenmesini, çıkartılamadığı durumlarda saldırıyı analiz edecek uzmana en kısa sürede maksimum bilgi
sağlayacak şekilde oluşturulmuştur.
References
- [1] Department of the Army. (2012, Temmuz). Open-Source Intelligence. Army Techniques Publication. Erişim: https://fas.org/irp/doddir/army/atp2-22-9.pdf.
- [2] R. D. Steele, “Open Source Intelligence:What Is It? Why Is It Important to the Military?,”American Intelligence Journal, vol. 17, no. 1&2, pp. 35-41, 1996.
- [3] F. Ansari, M. Akhlaq ve A. Rauf, “Social networks and web security: Implications on open source intelligence,” 2nd National Conference on Information Assurance (NCIA), Rawalpindi, Pakistan, 2013, ss. 79-82.
- [4] A. Sapienza, A. Bessi, S. Damodaran, P. Shakarian, K. Lerman ve E. Ferrara, “Early warnings of cyber threats in online discussions,” 2017 IEEE International Conference on Data Mining Workshops, New Orleans, LA, A.B.D., 2017, ss. 667-674.
- [5] DiSIEM Consortium, “D4.2 OSINT data fusion and analysis architecture,” Rap., 2 Mart 2018. Erişim: http://www.disiem-project.eu/wp-content/uploads/2018/03/D4.2.pdf.
- [6] R. Campiolo, L. A. F. Santos, D. M. Batista ve M. A. Gerosa “Evaluating the utilization of Twitter messages as a source of security alerts,” The 28th Annual ACM Symposium on Applied Computing, Coimbra, Portekiz, 2013, pp. 942-943.
- [7] P. Mueller ve B. Yedagari, “The Stuxnet Worm,” University of Arizona, Rap., 2012. Available:https://www2.cs.arizona.edu/~collberg/Teaching/466- 566/2012/Resources/presentations/topic9-final/report.pdf. [Erişildi: 14.01.2019].
- [8] S. Lee ve T. Shon, “Open source intelligence base cyber threat inspection framework for critical infrastructures,” 2016 Future Technologies Conference (FTC), San Francisco, CA, A.B.D., 2016, ss. 1030-1033.
- [9] V. S. Carvalho, M. J. Polidoro ve J. P. Magalhaes, “OwlSight: Platform for real-time detection and visualization of cyber threats,” 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), New York, NY, A.B.D., 2016, pp. 61-66.
- [10] S. Mittal, P. K. Das, V. Mulwady , A. Joshi ve T. Finin, “CyberTwitter: Using Twitter to generate alerts for cybersecurity threats and vulnerabilities,” 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), San Francisco, CA, 2016, pp. 860- 867.
- [12] .internetlivestats.com. [Çevrimiçi]. Available: http://www.internetlivestats.com/twitterstatistics/. [Erişildi: 02.12.2018].
- [13] Y. Erkal, M. Sezgin ve S. Gündüz, “A new cyber security alert system for Twitter,” 2015 IEEE 14th International Conference on Machine Learning and Applications (ICMLA), Miami, FL, A.B.D., 2015, pp. 766-770.
- [14] M. Spitters, P. T. Eendebak, D. T. Worm ve H. Bouma, “Threat detection in tweets with trigger patterns and contextual cues,” 2014 IEEE Joint Intelligence and Security Informatics Conference, Hague, Holland, 2014, pp. 216-219.
- [15] tweepy.org. [Çevrimiçi]. Available: http://www.tweepy.org/. [Erişildi: 12.02.2018].
- [16] G. Gu, “Machine learning meets social networking security: Detecting and analyzing malicious social networks for fun and profit,” the 5th ACM Workshop on Security and Artificial Intelligence, Raleigh, North Carolina, A.B.D., 2012, pp. 1-2.
- [17] İ. Civelek, M. Kara ve K. Kaya, “Cyber security model via social media with open source intelligence,” 2018 1. Uluslararası Akdeniz Sempozyumu, Mersin, Türkiye, 2018, pp. 52-64.
Details
| Primary Language | Turkish |
|---|---|
| Subjects | Engineering |
| Journal Section | Articles |
| Authors | |
| Publication Date | January 31, 2019 |
| Published in Issue | Year 2019 Volume: 7 Issue: 1 |
