Siber Tehdit İstihbaratında Yapay Zeka ve Makine Öğrenmesi

Abstract

Siber tehditler giderek karmaşık bir hal almaktadır. Bu tehditlerin hedefi olabilecek kurumların daha etkin savunma gerçekleştirme çabaları siber tehdit istihbaratının önemini artırmaktadır. Geleneksel yöntemlerin kullanımı ile siber tehdit istihbaratı, siber tehditlerin anlaşılması ve bu tehditlere karşı önlemlerin alınması sağlamaktadır. Yapay zeka ve makine öğrenmesi ile siber tehdit istihbaratının verimliliğini ve etkinliğini artırabilmek çalışmalar gerçekleştirilmektedir. Bu çalışmalar, büyük miktarda veriyi hızlı ve verimli bir şekilde analiz ederek, tehditlerin daha hızlı ve doğru bir şekilde tespit edilmesini ve anlamlandırılmasına yardımcı olmayı amaçlamaktadır. Bu noktadan hareketle çalışmada, yapay zeka ve makine öğrenmesinin siber tehdit istihbaratına faydaları ve nasıl uygulanabileceği incelenmektedir. Çalışma kapsamında, yapay zeka ve makine öğrenmesinin siber tehdit istihbaratının farklı aşamalarında nasıl kullanılabileceğinin açıklaması ve geliştirilmiş platformla ile dünya çapında etki göstermiş saldırılara karşı gerçekleştirilen başarılı savunmalara dair örnekler sunulmaktadır.

Keywords

• Siber Tehdit İstihbaratı
• Tehdit Analizi
• Yapay Zeka
• Makine Öğrenmesi

Artificial Intelligence and Machine Learning in Cyber Threat Intelligence

Abstract

Cyber threats are becoming increasingly sophisticated. Efforts by corporations that may be the target of these threats to carry out more effective defense increase the importance of cyber threat intelligence. Using traditional methods, cyber threat intelligence provides understanding of cyber threats and taking precautions against these threats. Studies are carried out to increase the efficiency and effectiveness of cyber threat intelligence with artificial intelligence and machine learning. These studies aim to help detect and make sense of threats more quickly and accurately by analyzing large amounts of data quickly and efficiently. Starting from this point, the study examines the benefits of artificial intelligence and machine learning in cyber threat intelligence and how they can be applied. Within the scope of the study, an explanation of how artificial intelligence and machine learning can be used at different stages of cyber threat intelligence and examples of successful defenses against attacks that have a worldwide impact with developed platforms are presented.

Keywords

• Cyber Threat Intelligence
• Threat Analysis
• Artificial Intelligence
• Machine Learning

References

1. Bank of England. (2016). CBEST Intelligence-Led Testing Understanding Cyber Threat Intelligence Operations Version 2.0. CBEST. Erişim adresi: https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf
2. Barikat Siber Güvenlik. (2020). SOC Faaliyet Raporu—Kasım 2020. Barikat Siber Güvenlik. Erişim adresi: https://www.barikat.com.tr/blog/soc-faaliyet-raporu-kasim-2020
3. BlackBerry Limited. (t.y.). Cylance AI from BlackBerry. Erişim adresi: https://www.blackberry.com/us/en/products/cylance-endpoint-security/cylance-ai
4. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, & Cody B. Thomas. (2020). MITRE ATT&CKÒ: Design and Philosophy. MITRE Corporation. Erişim adresi: https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
5. Buczak, A. L., & Guven, E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176. https://doi.org/10.1109/COMST.2015.2494502
6. Cezarina Dinu. (2023). Operational Threat Intelligence (OTI): Definition, Lifecycle, Benefits. Heimdal Security Blog. Erişim adresi: https://heimdalsecurity.com/blog/operational-threat-intelligence/ Darktrace Team. (2020). Darktrace Cyber AI Analyst. Erişim adresi: https://em360tech.com/sites/default/files/2021-01/Darktrace%20Cyber%20AI%20Analyst.pdf
7. Development, Concepts and Doctrine Centre, UK Ministry of Defence. (2011). Joint Doctrine Publication 2-00. Erişim adresi: https://assets.publishing.service.gov.uk/media/653a4b0780884d0013f71bb0/JDP_2_00_Ed_4_web.pdf
8. El Naqa, I., & Murphy, M. J. (2015). What Is Machine Learning? Içinde I. El Naqa, R. Li, & M. J. Murphy (Ed.), Machine Learning in Radiation Oncology (ss. 3-11). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-18305-3_1

9. FIRST. (2018). Introduction to CTI as a General topic / Cyber Threat Intelligence SIG Curriculum. FIRST — Forum of Incident Response and Security Teams. Erişim adresi: https://www.first.org/global/sigs/cti/curriculum/cti-introduction
10. Forcepoint. (2018, Ağustos 11). What is Threat Intelligence? Forcepoint. Erişim adresi: https://www.forcepoint.com/cyber-edu/threat-intelligence
11. Groce, A. (2016). LibGuides: Intelligence Studies: Dissemination of Intelligence. Erişim adresi: https://usnwc.libguides.com/c.php?g=494120&p=3381610
12. Harrington, C. (2013). Sharing Indicators of Compromise: An Overview of Standards and Formats. Program adı: RSACONFERENCE2013. Erişim adresi: https://docs.huihoo.com/rsaconference/usa-2013/Sharing-Indicators-of-Compromise-An-Overview-of-Standards-and-Formats.pdf
13. IBM. (t.y.). IBM Security QRadar XDR. Erişim adresi: https://www.ibm.com/products/qradar-xdr
14. InfoSEC. (2019, Aralık 5). Vectra—InfoSEC. Erişim adresi: https://www.infosec.com.tr/vectra/ Intel&AnalysisWorkingGroup. (2015, Ekim 26). What is Cyber Threat Intelligence? CIS. Erişim adresi: https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/
15. Jain, J. (2021). Artificial Intelligence in the Cyber Security Environment. Içinde N. Bhargava, R. Bhargava, P. S. Rathore, & R. Agrawal (Ed.), Artificial Intelligence and Data Mining Approaches in Security Frameworks (1. bs, ss. 101-117). Wiley. https://doi.org/10.1002/9781119760429.ch6
16. Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804. https://doi.org/10.1016/j.inffus.2023.101804
17. Kebude, A. (t.y.). Yapay Zeka. Ahmet Kebude.
18. Kurt Baker. (2023, Mart 23). What is Cyber Threat Intelligence? [Beginner’s Guide]. Erişim adresi: https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
19. Lakshmanan, R. (2020). Hackers-For-Hire Group Develops New “PowerPepper” In-Memory Malware. The Hacker News. Erişim adresi: https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html
20. Lee, J., Kim, J., Kim, I., & Han, K. (2019). Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles. IEEE Access, 7, 165607-165626. https://doi.org/10.1109/ACCESS.2019.2953095
21. Lee, M. (2023). Cyber threat intelligence. Oxford, UK ; Hoboken, NJ, USA: Wiley.
22. Li, J. (2018). Cyber security meets artificial intelligence: A survey. Frontiers of Information Technology & Electronic Engineering, 19(12), 1462-1474. https://doi.org/10.1631/FITEE.1800573
23. Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2021). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. Içinde R. Montasari, H. Jahankhani, R. Hill, & S. Parkinson (Ed.), Digital Forensic Investigation of Internet of Things (IoT) Devices (ss. 47-64). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3 Oracle Türkiye. (2014). Makine Öğrenimi nedir? Erişim adresi: https://www.oracle.com/tr/artificial-intelligence/machine-learning/what-is-machine-learning/
24. Rathore, P., Singh, A. K., & García-Díaz, V. (2020). A Holistic Methodology for Improved RFID Network Lifetime by Advanced Cluster Head Selection using Dragonfly Algorithm. International Journal of Interactive Multimedia and Artificial Intelligence, 6(2), 8. https://doi.org/10.9781/ijimai.2020.05.003
25. Raza, Muhammad. 2023. “What Are TTPs? Tactics, Techniques & Procedures Explained | Splunk”. Erişim adresi: https://www.splunk.com/en_us/blog/learn/ttp-tactics-techniques-procedures.html
26. Recorded Future. (2020). What Is Threat Intelligence? | Recorded Future. Erişim adresi: https://www.recordedfuture.com/blog/threat-intelligence
27. SparkCognition. (2020). SparkCognition’s DeepArmor®️ Cybersecurity Product Detects PowerPepper Malware. Erişim adresi: https://www.prnewswire.com/news-releases/sparkcognitions-deeparmor-cybersecurity-product-detects-powerpepper-malware-301188352.html
28. SparkCognition Inc. (2018). Deeparmor-platform-architecture.pdf. Erişim adresi: https://www.sparkcognition.com/wp-content/uploads/2019/12/deeparmor-platform-architecture.pdf
29. Trend Micro Incorporated. (2023). Indicators of compromise—Definition. Erişim adresi: https://www.trendmicro.com/vinfo/us/security/definition/indicators-of-compromise
30. Tuma, K., Calikli, G., & Scandariato, R. (2018). Threat analysis of software systems: A systematic literature review. Journal of Systems and Software, 144, 275-294. https://doi.org/10.1016/j.jss.2018.06.073
31. Vectra. (2023). Ricoh Co. Ltd. Achieves real-time monitoring of 100,000 units to detect threats in advance. Erişim adresi: https://www.vectra.ai/resources/customer-stories/ricoh
32. Zeng, Y. (2022). AI Empowers Security Threats and Strategies for Cyber Attacks. Procedia Computer Science, 208, 170-175. https://doi.org/10.1016/j.procs.2022.10.025