Towards efficient collaboration in cyber security

Cyber security analysts in different geographical and organizational domains are often largely tasked with similar duties, albeit with domain-specific variations. These analysts necessarily perform much of the same work independently- for instance, analyzing the same list of security bulletins released by largely the same set of software vendors. As such, communication and collaboration between such analysts would be mutually beneficial to the analysts involved, potentially reducing redundancy and offering the opportunity to preemptively alert each other to high-severity security alerts in a more timely fashion. However, several barriers to practical and efficient collaboration exist, and consequently, no such framework exists to support these efforts. In this paper, we discuss the inherent difficulties which make efficient collaboration between cyber security analysts a difficult goal to achieve. We discuss preliminary ideas and concepts towards a collaborative cyber-security framework currently under development, whose goal is to facilitate analyst collaboration across these boundaries. While still in its early stages, we describe work-in-progress towards achieving this goal, including motivation, functionality, concepts, and a high-level description of the proposed system architecture.

[1]  James Allan,et al.  Topic detection and tracking: event-based information organization , 2002 .

[2]  Li Gong,et al.  The complexity and composability of secure interoperation , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Elisa Bertino,et al.  Secure collaboration in mediator-free environments , 2005, CCS '05.

[4]  James D. Myers,et al.  Collaboratories: Doing Science on the Internet , 1996, Computer.

[5]  Sung-Hyon Myaeng,et al.  Domain-specific sentiment analysis using contextual feature generation , 2009, TSA@CIKM.

[6]  Himanshu Khurana,et al.  Palantir: a framework for collaborative incident response and investigation , 2009, IDtrust '09.

[7]  Li Zhang,et al.  Empirical Study on the Performance Stability of Named Entity Recognition Model across Domains , 2006, EMNLP.

[8]  Injong Rhee,et al.  CCF: Collaborative Computing Frameworks , 1998, Proceedings of the IEEE/ACM SC98 Conference.

[9]  Lynn Uyen Tran,et al.  DOING science on the Internet , 2001 .

[10]  Ravi S. Sandhu,et al.  Secure information sharing enabled by Trusted Computing and PEI models , 2006, ASIACCS '06.

[11]  Deborah A. Frincke,et al.  Tensions in Collaborative Cyber Security and how They Affect Incident Detection and Response , 2010 .

[12]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[13]  Chris North,et al.  Visualizing cyber security: Usable workspaces , 2009, 2009 6th International Workshop on Visualization for Cyber Security.

[14]  Ravi S. Sandhu,et al.  Toward a Usage-Based Security Framework for Collaborative Computing Systems , 2008, TSEC.

[15]  Jonathan Grudin,et al.  Computer-supported cooperative work: history and focus , 1994, Computer.

[16]  Li Gong,et al.  Computational Issues in Secure Interoperation , 1996, IEEE Trans. Software Eng..

[17]  Alan F. Smeaton,et al.  Topic-dependent sentiment analysis of financial blogs , 2009, TSA@CIKM.

[18]  Lyle H. Ungar,et al.  Web-scale named entity recognition , 2008, CIKM '08.

[19]  Xian Wu,et al.  Domain Adaptation with Latent Semantic Association for Named Entity Recognition , 2009, NAACL.

[20]  Zornitsa Kozareva,et al.  Combining data-driven systems for improving Named Entity Recognition , 2005, Data Knowl. Eng..