The exponential growth in the number of cyber threats requires sharing in a timely and efficient manner a wide range of Indicators of Compromise (IoCs), i.e., fragments of forensics data that can be used to recognize malicious network or system activities. To this aim, a suitable architecture is required, especially to distribute and process the various IoCs. Unfortunately, the continuous creation of offensive techniques, along with the diffusion of advanced persistent threats, imposes the ability to update and extend the platform used to manage the multitude of IoCs collected in the wild. In this paper, we present the ORISHA architecture, which takes advantage of a distributed threat detection system to match performance and scalability requirements. The paper also discusses how the platform can be extended to handle the most recent "stealthy" malware as well as campaigns aimed at spreading fake news.

ORISHA: Improving Threat Detection through Orchestrated Information Sharing

L Caviglione;C Comito;M Guarascio;G Manco;F S Pisani;M Zuppelli
2023

Abstract

The exponential growth in the number of cyber threats requires sharing in a timely and efficient manner a wide range of Indicators of Compromise (IoCs), i.e., fragments of forensics data that can be used to recognize malicious network or system activities. To this aim, a suitable architecture is required, especially to distribute and process the various IoCs. Unfortunately, the continuous creation of offensive techniques, along with the diffusion of advanced persistent threats, imposes the ability to update and extend the platform used to manage the multitude of IoCs collected in the wild. In this paper, we present the ORISHA architecture, which takes advantage of a distributed threat detection system to match performance and scalability requirements. The paper also discusses how the platform can be extended to handle the most recent "stealthy" malware as well as campaigns aimed at spreading fake news.
2023
Istituto di Calcolo e Reti ad Alte Prestazioni - ICAR
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
threat intelligence
risk mitigation
active learning
collaborative approach
File in questo prodotto:
File Dimensione Formato  
prod_481327-doc_197896.pdf

solo utenti autorizzati

Descrizione: ORISHA: Improving Threat Detection through Orchestrated Information Sharing (Position Paper)
Tipologia: Versione Editoriale (PDF)
Licenza: Nessuna licenza dichiarata (non attribuibile a prodotti successivi al 2023)
Dimensione 529.96 kB
Formato Adobe PDF
529.96 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/433059
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact