Artificial Intelligence and Machine Learning in Cyber Threat Intelligence

Year 2024, Volume: 1 Issue: 1, 75 - 96, 22.03.2024

Beyza Özdemir

Abstract

Cyber threats are becoming increasingly sophisticated. Efforts by corporations that may be the target of these threats to carry out more effective defense increase the importance of cyber threat intelligence. Using traditional methods, cyber threat intelligence provides understanding of cyber threats and taking precautions against these threats. Studies are carried out to increase the efficiency and effectiveness of cyber threat intelligence with artificial intelligence and machine learning. These studies aim to help detect and make sense of threats more quickly and accurately by analyzing large amounts of data quickly and efficiently. Starting from this point, the study examines the benefits of artificial intelligence and machine learning in cyber threat intelligence and how they can be applied. Within the scope of the study, an explanation of how artificial intelligence and machine learning can be used at different stages of cyber threat intelligence and examples of successful defenses against attacks that have a worldwide impact with developed platforms are presented.

Keywords

Cyber Threat Intelligence, Threat Analysis, Artificial Intelligence, Machine Learning

Siber Tehdit İstihbaratında Yapay Zeka ve Makine Öğrenmesi

Abstract

Siber tehditler giderek karmaşık bir hal almaktadır. Bu tehditlerin hedefi olabilecek kurumların daha etkin savunma gerçekleştirme çabaları siber tehdit istihbaratının önemini artırmaktadır. Geleneksel yöntemlerin kullanımı ile siber tehdit istihbaratı, siber tehditlerin anlaşılması ve bu tehditlere karşı önlemlerin alınması sağlamaktadır. Yapay zeka ve makine öğrenmesi ile siber tehdit istihbaratının verimliliğini ve etkinliğini artırabilmek çalışmalar gerçekleştirilmektedir. Bu çalışmalar, büyük miktarda veriyi hızlı ve verimli bir şekilde analiz ederek, tehditlerin daha hızlı ve doğru bir şekilde tespit edilmesini ve anlamlandırılmasına yardımcı olmayı amaçlamaktadır. Bu noktadan hareketle çalışmada, yapay zeka ve makine öğrenmesinin siber tehdit istihbaratına faydaları ve nasıl uygulanabileceği incelenmektedir. Çalışma kapsamında, yapay zeka ve makine öğrenmesinin siber tehdit istihbaratının farklı aşamalarında nasıl kullanılabileceğinin açıklaması ve geliştirilmiş platformla ile dünya çapında etki göstermiş saldırılara karşı gerçekleştirilen başarılı savunmalara dair örnekler sunulmaktadır.

Keywords

Siber Tehdit İstihbaratı, Tehdit Analizi, Yapay Zeka, Makine Öğrenmesi

References

• Bank of England. (2016). CBEST Intelligence-Led Testing Understanding Cyber Threat Intelligence Operations Version 2.0. CBEST. Erişim adresi: https://www.bankofengland.co.uk/-/media/boe/files/financial-stability/financial-sector-continuity/understanding-cyber-threat-intelligence-operations.pdf
• Barikat Siber Güvenlik. (2020). SOC Faaliyet Raporu—Kasım 2020. Barikat Siber Güvenlik. Erişim adresi: https://www.barikat.com.tr/blog/soc-faaliyet-raporu-kasim-2020
• BlackBerry Limited. (t.y.). Cylance AI from BlackBerry. Erişim adresi: https://www.blackberry.com/us/en/products/cylance-endpoint-security/cylance-ai
• Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, & Cody B. Thomas. (2020). MITRE ATT&CKÒ: Design and Philosophy. MITRE Corporation. Erişim adresi: https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf
• Buczak, A. L., & Guven, E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176. https://doi.org/10.1109/COMST.2015.2494502
• Cezarina Dinu. (2023). Operational Threat Intelligence (OTI): Definition, Lifecycle, Benefits. Heimdal Security Blog. Erişim adresi: https://heimdalsecurity.com/blog/operational-threat-intelligence/ Darktrace Team. (2020). Darktrace Cyber AI Analyst. Erişim adresi: https://em360tech.com/sites/default/files/2021-01/Darktrace%20Cyber%20AI%20Analyst.pdf
• Development, Concepts and Doctrine Centre, UK Ministry of Defence. (2011). Joint Doctrine Publication 2-00. Erişim adresi: https://assets.publishing.service.gov.uk/media/653a4b0780884d0013f71bb0/JDP_2_00_Ed_4_web.pdf
• El Naqa, I., & Murphy, M. J. (2015). What Is Machine Learning? Içinde I. El Naqa, R. Li, & M. J. Murphy (Ed.), Machine Learning in Radiation Oncology (ss. 3-11). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-319-18305-3_1
• FIRST. (2018). Introduction to CTI as a General topic / Cyber Threat Intelligence SIG Curriculum. FIRST — Forum of Incident Response and Security Teams. Erişim adresi: https://www.first.org/global/sigs/cti/curriculum/cti-introduction
• Forcepoint. (2018, Ağustos 11). What is Threat Intelligence? Forcepoint. Erişim adresi: https://www.forcepoint.com/cyber-edu/threat-intelligence
• Groce, A. (2016). LibGuides: Intelligence Studies: Dissemination of Intelligence. Erişim adresi: https://usnwc.libguides.com/c.php?g=494120&p=3381610
• Harrington, C. (2013). Sharing Indicators of Compromise: An Overview of Standards and Formats. Program adı: RSACONFERENCE2013. Erişim adresi: https://docs.huihoo.com/rsaconference/usa-2013/Sharing-Indicators-of-Compromise-An-Overview-of-Standards-and-Formats.pdf
• IBM. (t.y.). IBM Security QRadar XDR. Erişim adresi: https://www.ibm.com/products/qradar-xdr
• InfoSEC. (2019, Aralık 5). Vectra—InfoSEC. Erişim adresi: https://www.infosec.com.tr/vectra/ Intel&AnalysisWorkingGroup. (2015, Ekim 26). What is Cyber Threat Intelligence? CIS. Erişim adresi: https://www.cisecurity.org/blog/what-is-cyber-threat-intelligence/
• Jain, J. (2021). Artificial Intelligence in the Cyber Security Environment. Içinde N. Bhargava, R. Bhargava, P. S. Rathore, & R. Agrawal (Ed.), Artificial Intelligence and Data Mining Approaches in Security Frameworks (1. bs, ss. 101-117). Wiley. https://doi.org/10.1002/9781119760429.ch6
• Kaur, R., Gabrijelčič, D., & Klobučar, T. (2023). Artificial intelligence for cybersecurity: Literature review and future research directions. Information Fusion, 97, 101804. https://doi.org/10.1016/j.inffus.2023.101804
• Kebude, A. (t.y.). Yapay Zeka. Ahmet Kebude.
• Kurt Baker. (2023, Mart 23). What is Cyber Threat Intelligence? [Beginner’s Guide]. Erişim adresi: https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
• Lakshmanan, R. (2020). Hackers-For-Hire Group Develops New “PowerPepper” In-Memory Malware. The Hacker News. Erişim adresi: https://thehackernews.com/2020/12/hackers-for-hire-group-develops-new.html
• Lee, J., Kim, J., Kim, I., & Han, K. (2019). Cyber Threat Detection Based on Artificial Neural Networks Using Event Profiles. IEEE Access, 7, 165607-165626. https://doi.org/10.1109/ACCESS.2019.2953095
• Lee, M. (2023). Cyber threat intelligence. Oxford, UK ; Hoboken, NJ, USA: Wiley.
• Li, J. (2018). Cyber security meets artificial intelligence: A survey. Frontiers of Information Technology & Electronic Engineering, 19(12), 1462-1474. https://doi.org/10.1631/FITEE.1800573
• Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2021). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. Içinde R. Montasari, H. Jahankhani, R. Hill, & S. Parkinson (Ed.), Digital Forensic Investigation of Internet of Things (IoT) Devices (ss. 47-64). Cham: Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3 Oracle Türkiye. (2014). Makine Öğrenimi nedir? Erişim adresi: https://www.oracle.com/tr/artificial-intelligence/machine-learning/what-is-machine-learning/
• Rathore, P., Singh, A. K., & García-Díaz, V. (2020). A Holistic Methodology for Improved RFID Network Lifetime by Advanced Cluster Head Selection using Dragonfly Algorithm. International Journal of Interactive Multimedia and Artificial Intelligence, 6(2), 8. https://doi.org/10.9781/ijimai.2020.05.003
• Raza, Muhammad. 2023. “What Are TTPs? Tactics, Techniques & Procedures Explained | Splunk”. Erişim adresi: https://www.splunk.com/en_us/blog/learn/ttp-tactics-techniques-procedures.html
• Recorded Future. (2020). What Is Threat Intelligence? | Recorded Future. Erişim adresi: https://www.recordedfuture.com/blog/threat-intelligence
• SparkCognition. (2020). SparkCognition’s DeepArmor®️ Cybersecurity Product Detects PowerPepper Malware. Erişim adresi: https://www.prnewswire.com/news-releases/sparkcognitions-deeparmor-cybersecurity-product-detects-powerpepper-malware-301188352.html
• SparkCognition Inc. (2018). Deeparmor-platform-architecture.pdf. Erişim adresi: https://www.sparkcognition.com/wp-content/uploads/2019/12/deeparmor-platform-architecture.pdf
• Trend Micro Incorporated. (2023). Indicators of compromise—Definition. Erişim adresi: https://www.trendmicro.com/vinfo/us/security/definition/indicators-of-compromise
• Tuma, K., Calikli, G., & Scandariato, R. (2018). Threat analysis of software systems: A systematic literature review. Journal of Systems and Software, 144, 275-294. https://doi.org/10.1016/j.jss.2018.06.073
• Vectra. (2023). Ricoh Co. Ltd. Achieves real-time monitoring of 100,000 units to detect threats in advance. Erişim adresi: https://www.vectra.ai/resources/customer-stories/ricoh
• Zeng, Y. (2022). AI Empowers Security Threats and Strategies for Cyber Attacks. Procedia Computer Science, 208, 170-175. https://doi.org/10.1016/j.procs.2022.10.025