Black Sheep Wall: Towards Multiple Vantage Point-Based Information Space Situational Awareness

Bernhards Blumbergs, Bernhards Blumbergs

2024

Abstract

CSIRTs rely on processing extensive amounts of incident and threat intelligence data. While the market is saturated with such solutions, they are limited to a narrow range of Internet positions for data collection, impeding the establishment of the security context and comprehensive awareness of the monitored Internet resources. To tackle this challenge, a novel approach is proposed for distributed content collection. Simultaneously employing multiple Internet positions and various content access techniques, a broader representation of the content may be obtained by combining data from all positions, followed by automated difference analysis and clustering. The solution enables fully automated large-scale deployments across globally distributed IP networks and seamless integration into existing toolsets. It enhances CSIRT capabilities in identifying content changes, access restrictions, contextual intelligence on cybercrime and threat actor campaigns, as well as detecting defacement and availability attacks, and misinformation attempts. Initial evaluation of the prototype demonstrated its effectiveness by detecting significant and distinct changes in website content, thereby providing expanded visibility and intelligence. Prototype code and validation datasets are released publicly for further use, research, and validation.

Download


Paper Citation


in Harvard Style

Blumbergs B. (2024). Black Sheep Wall: Towards Multiple Vantage Point-Based Information Space Situational Awareness. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 605-614. DOI: 10.5220/0012709600003767


in Bibtex Style

@conference{secrypt24,
author={Bernhards Blumbergs},
title={Black Sheep Wall: Towards Multiple Vantage Point-Based Information Space Situational Awareness},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={605-614},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012709600003767},
isbn={978-989-758-709-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Black Sheep Wall: Towards Multiple Vantage Point-Based Information Space Situational Awareness
SN - 978-989-758-709-2
AU - Blumbergs B.
PY - 2024
SP - 605
EP - 614
DO - 10.5220/0012709600003767
PB - SciTePress