INTERSCT Papers at Cyber Hunt 2023

The following papers by researchers of TU Eindhoven (TU/e) in INTERSECT will be part of the 6th Annual Workshop on Cyber Threat Intelligence and Hunting, to be held in conjunction with IEEE Big Data 2023, this year in Sorrento, Italy from December 15 to 18, 2023!

A Modular Approach to Automatic Cyber Threat Attribution using Opinion Pools – Authored by Koen T.W. Teuwen. This paper proposes an alternative approach to threat attribution in which the attribution problem is split up into more tractable smaller problems. Solutions from individual modules may be combined through a pairing approach using opinion pools. The overall architecture is highly usable and offers interpretability through transparency.

Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents – Authored by Cristoffer Leite, Jerry den Hartog, Daniel Ricardo dos Santos (Forescout B.V.), and Elisa Costante (Forescout B.V.). This paper proposes a solution to automate the creation of verifiable high-level Cyber Threat Intelligence reports by mapping chains of alerts to TTPs from MITRE ATT&CK. Its structure enables visualisation of attack chains and tactics used, but also manual analysis and validation of the reports created if necessary.

ICS Honeypot Interactions: A Latitudinal Study – Authored by Francesco Lupia (University of Calabria), Marco Lucchese (University of Verona), Massimo Merro (University of Verona), and Nicola Zannone. This work presents a latitudinal study on a dataset comprising both IT and ICS interactions collected from an instance of an ICS honeynet emulating ICS devices exposed on the Internet for three months. The study focuses on three orthogonal aspects of such interactions: level of interaction, origin of interactions, and interaction/attack patterns. The results shed light on the impact of different choices in the 
configuration of a honeynet on its attractiveness and on the captured behavior.

The online version of all the papers will be available soon and referenced through this page.

Written by INTERSCT Communication