Cyber Attack Detection Methods over Open Source Intelligence

Yıl 2019, Cilt: 7 Sayı: 1, 577 - 593, 31.01.2019

Ali Eksim , Mustafa Kara

https://doi.org/10.29130/dubited.494416

Cited By: 1

Öz

In recent years, the growing impact of cybercrime has revealed worldwide intelligence and law enforcement
agencies to overcome cyber threats. All institutions and organizations are trying to learn how to fight cybercrime
in the best possible way. With the development and expansion of internet networking technologies, it becomes
increasingly difficult to prevent cyber attacks. It is rapidly developing as an important tool for intelligence units
by collecting data on the internet to generate a comprehensive analysis of dangerous targets on the network. As
the amount of available open-source resources on the internet increases rapidly, the emerging open-source
intelligence, in other words, is more effective within the framework of OSINT methods. In this connection, advanced software tools and techniques are further developed for the effective and efficient collection and
processing of information. In this study, the concept of OSINT was discussed in all aspects for cyber attack
detection. The purpose of browsing, finding, collecting, extracting, using, verifying and analyzing the OSINT
concept through publicly available data is explained in detail. Existing efforts to use open source data for
research against cyber threats have been reviewed and examined in detail. In addition, the cyber crime
investigation framework has been proposed to combat cybercrime effectively.

Anahtar Kelimeler

Open Source Intelligence, Security, OSINT, Attack Detection, Cyber Defense

Açık Kaynak İstihbaratı Üzerinden Siber Saldırı Tespiti Yöntemleri

Öz

Son yıllarda siber suçun gittikçe büyüyen etkisi, siber tehditlerin üstesinden gelmek için dünya çapında istihbarat
ve kanun uygulayıcı kurumlar ortaya çıkartmıştır. Tüm kurum ve kuruluşlar siber suçla en iyi şekilde nasıl
mücadele edileceğini öğrenmeye çalışmaktadır. İnternet ağ teknolojilerinin gelişmesi ve genişlemesi ile siber
saldırıları engellemek gittikçe zorlaşmaktadır. Ağdaki tehlikeli hedeflerin kapsamlı bir analizini oluşturmak için
internette açık halde bulunan verileri toplayarak istihbarat elde etmek, istihbarat birimleri için önemli bir araç
olarak hızla gelişmektedir. İnternetteki mevcut açık kaynakların miktarı hızla arttıkça, siber suçla mücadele
gelişen açık kaynak istihbaratı yani OSINT yöntemleri çerçevesinde daha etkin olmaktadır. Buna bağlı olarak
bilginin etkili ve verimli bir şekilde toplanması ve işlenmesi için gelişmiş yazılım araçları ve teknikleri daha da
gelişmektedir. Bu çalışmada, OSINT kavramı siber saldırı tespiti için her açıdan ele alınmıştır. OSINT kavramını
internet ortamında kamuya açık paylaşılan veriler üzerinden tarama, bulma, toplama, çıkarma, kullanma,
doğrulama ve analiz yaparak elde etme amaçlı destek yöntemleri detaylandırılarak anlatılmıştır. Siber tehditlere
karşı geliştiren araştırmalar için açık kaynak verilerinin kullanılmasına yönelik mevcut çabalar gözden geçirilmiş
ve detaylı bir şekilde incelenmiştir. Bunlara ek olarak, siber suçlarla etkin mücadele için siber suç soruşturma
çerçevesi önerilmiştir.

Anahtar Kelimeler

Açık Kaynak İstihbaratı, Güvenlik, OSINT, Saldırı Tespiti, Siber Savunma

Kaynakça

• [1] M. Roozbehani, A. Povilionis, C. Schunck ve M. Talamo, “On the Fragility of Network Security Verification in Rare-Observation Regimes,” IFAC-PapersOnLine, vol. 50, no.1, pp. 411-418, 2017.
• [2] M. Glassman ve M. J. Kang, “Intelligence in the Internet Age: The Emergence and Evolution of Open Source Intelligence (OSINT),” Computers in Human Behavior, vol. 28, no. 2, pp. 673-682, 2012.
• [3] C. Hobbs, M. Moran ve D. Salisbury, Open Source Intelligence in the Twenty-First Century: New Approaches and Opportunities, Springer, 2012.
• [4] R. A. Best Jr ve A. Cumming, “Open source intelligence (OSINT): Issues for congress,” Congressional Research Service Reports, Rap. 5 Aralık 2007.
• [5] PWC cyber security, (16 Ocak 2019). [Online]. Erişim: https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2015-us-cybercrimesurvey.pdf.
• [6] O. A. Hathaway, R. Crootof, P. Levitz, H. Nix, A. Nowlan, W. Perdue ve J. Spiegel, “The Law of Cyber-Attack,” California Law Review, vol. 100, pp. 817-885, 2012.
• [7] R. Layton, C. Perez, B. Birregah, P. Watters ve M. Lemercier, “Indirect information linkage for OSINT through authorship analysis of aliases,” Pacific-Asia Conference on Knowledge Discovery and Data Mining, Gold Coast, Avustralya, 2013, pp. 36-46.
• [8] A. S. Hulnick, “The dilemma of open sources intelligence: Is OSINT really intelligence?,” The Oxford Handbook of National Security Intelligence, New York, A.B.D: Oxford University Press, Inc., 2010.
• [9] D. Quick ve K. K. R. Choo, “Digital forensic intelligence: Data subsets and open source intelligence (DFINT+ OSINT): A timely and cohesive mix,” Future Generation Computer Systems, vol. 78, pp. 558-567, 2018.
• [10] G. Hribar, I. Podbregar, ve T. Ivanuša, “OSINT: a “grey zone”?,” International Journal of Intelligence and CounterIntelligence, vol. 27, no. 3, pp. 529-549, 2014.
• [11] S. A. Stottlemyre, “HUMINT, OSINT, or something new? Defining crowdsourced intelligence,” International Journal of Intelligence and CounterIntelligence, vol. 28, no. 3, pp. 578-589, 2015.
• [12] J. M. Carroll, “OSINT analysis using adaptive resonance theory for conterterrorism warnings,” Artificial Intelligence and Applications, pp. 756-760, 2005.
• [13] N. Einwechter. (7 Ocak 2002). An introduction to distributed intrusion detection systems. Erişim: https://www.symantec.com/connect/articles/introduction-distributed-intrusion-detectionsystems.
• [14] L. Benes, “OSINT, new technologies, education: Expanding opportunities and threats. A new paradigm,” Journal of Strategic Security, vol. 6, no. 5, pp. 22-37, 2013.
• [15] Y. Benkler ve H. Masum, Collective Intelligence: Creating a Prosperous World at Peace, Oakton, Virginia, A.B.D.: Earth Intelligence Network, 2008.
• [16] F. Schaurer ve J. Störger, “The evolution of open source intelligence (OSINT),” The Intelligencer Journal of U.S. Intelligence Studies, vol. 19, pp. 53-56, 2013.
• [17] M. Vigil, J. Buchmann, D. Cabarcas, C. Weinert ve A. Wiesmaier, “Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey,” Computers & Security, vol. 50, pp. 16-32, 2015.
• [18] R. D. Steele, “Information peacekeeping: The purest form of war,” Challenging the United States Symmetrically and Asymmetrically: Can America be Defeated, Carlisle Barracks, A.B.D.: U.S. Army War College Strategic Studies Institute, pp. 143-171, 1998.
• [19] N. D. Thuc, N. C. Phu, T. N. Bao ve V. T. Hai, “A Sofware Solution for Defending Against Man-in-the-Middle Attacks on Wlan,” Department of Electronic Engineering and Information Sciences, Ruhr University Bochum, Germany, 2015.
• [20] S. Gong, C. Jaeik, ve L. Changhoon, “A Reliability Comparison Method for OSINT Validity Analysis,” IEEE Transactions on Industrial Informatics, vol. 14, no. 12, pp. 5428-5435, 2018.
• [21 ] C. Simmons, C. Ellis, S. Shiva, D. Dasgupta ve Q. Wu, “AVOIDIT: A cyber attack taxonomy,” In Proc. of 9th Annual Symposium On Information Assurance-ASIA, 2009 vol. 14, pp. 12- 22.
• [22] B. J. Koops, J.H. Hoepman, R. Leenes, “Open-Source Intelligence and Privacy by Design,” Computer Law & Security Review, vol. 29, no. 6, pp. 676-688, 2013.
• [23] A. S. Hulnick, “The Downside of Open Source Intelligence,” International Journal of Intelligence and CounterIntelligence, vol. 15, no. 4, pp. 565-579, 2010.
• [24] E. Otte ve R. Rousseau, “Social Network Analysis: A Powerful Strategy, Also for the Information Sciences,” Journal of Information Science, vol. 28, no. 6, pp. 441-453, 2002.
• [24 ] F. Stalder ve J. Hirsh, “Open source intelligence,” First Monday, vol. 7, no. 6, 2002.
• [25 ] C. Best, “OSINT, the internet and privacy,” 2012 European Intelligence and Security Informatics Conference, Odense, Denmark, 2012, pp. 4.
• [26] S. Mittal, P. K. Das, V. Mulwad, A. Joshi ve T. Finin, “Cybertwitter: Using twitter to generate alerts for cybersecurity threats and vulnerabilities.,” 2016 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, San Francisco, CA, USA, 2016, pp. 860-867.
• [27] L. K. Johnson, (Ed.)., Handbook of Intelligence Studies, 1. Baskı, New York, A.B.D.:Routledge, 2007.
• [28] R. Vatrapu, R. R. Mukkamala, A. Hussain ve B. Flesch, “Social Set Analysis: A Set Theoretical Approach to Big Data Analytics,” IEEE Access, vol. 4, pp. 2542-2571, 2016.
• [29] G. Cascavilla, F. Beato, A. Burattin, M. Conti ve L. V. Mancini, “OSSINT-Open Source Social Network Intelligence an Efficient and Effective Way to Uncover" Private" Information in OSN Profiles,” Online Social Networks and Media, vol. 6, pp. 58–68, 2018.
• [30] H. Zhang, R. Dantu ve J. W. Cangussu, “Socioscope: Human Relationship and Behavior Analysis in Social Networks,” IEEE Transactions on Systems, Man, and Cybernetics-Part A: Systems and Humans, vol. 41, no. 6, pp. 1122-1143, 2011.
• [31] S. Wasserman ve K. Faust. “Social Network Analysis: Methods and Applications,” Cambridge, U.K.: Cambridge Univ. Press, pp. 505–555, 1994.
• [32] S. Noubours, A. Pritzkau ve U. Schade, “NLP as an essential ingredient of effective OSINT frameworks,” IEEE Military Communications and Information Systems Conference, Canberra, Avustralya, 2013, pp. 1-7.
• [33] M. A. Pravia, R. K. Prasanth, P. O. Arambel, C. Sidner, ve C. Y. Chong, “Generation of a fundamental data set for hard/soft information fusion,” IEEE 11th International Conference on Information Fusion, Köln, Almanya, 2008, pp. 1-8.
• [34] D. Bradbury, “In plain view: open source intelligence,” Computer Fraud & Security, vol. 4, pp. 5-9, 2011.
• [35] R. D. Steele, “Open source intelligence,” Handbook of Intelligence Studies, Routledge, 2007, pp. 129-147.