SECURE CYBER SECURITY THREAT INFORMATION EXCHANGE

The following paper tackles one of the most important fields of current cyber security, in our opinion. This article concerns threat information exchange. Without information exchange a cyber-security system's functionality is severely hampered. An event might not trigger a specific danger threshold if attacks are stealthy and targeted. But the same attack, if information is gathered and correlated from different sources around an organization's network it might hit that specific threshold, and also hit an alarm point which will be much more visible to a human operator. In different studies it is demonstrated that a single hit can make the difference from an incident which is categorized as important and treated in a timely manner or, in the other scenario which is categorized as usual traffic and left uninvestigated. Information regarding cyber threats, when exchanged between entities involved in the same field of action permits transforming information into intelligence. The theme discussed in the present paper is focused on intelligent threat exchange, which makes different checks and decisions before sending different information in a secure manner. Any attack detail can be used by a third party for exploiting different vulnerable resources from the protected organization, if discovered. Another thorny problem of the current cyber security state is that of standardizing the way security incident information is normalized and packed for transport. This latter problem is also delved into in the current article. The experimental setup is built on top of a neural network and an evolved SIEM like infrastructure, for collecting, analyzing and sharing threat information.