Ransomware Analysis: Knowledge Extraction and Classification for Advanced Cyber Threat Intelligence
Author: Claudia Lanza (Author), Abdelkader Lahmadi (Author), Jérôme François (Author) & 0 more
Publisher finelybook 出版社: CRC Press
Edition 版本: 1st
Publication Date 出版日期: 2024-11-13
Language 语言: English
Print Length 页数: 96 pages
ISBN-10: 103283210X
ISBN-13: 9781032832104
Book Description
This book presents the development of a classification scheme to organize and represent ransomware threat knowledge through the implementation of an innovative methodology centered around the semantic annotation of domain-specific source documentation. By combining principles from computer science, document management, and semantic data processing, the research establishes an innovative framework to organize ransomware data extracted from specialized source texts in a systematic classification system.
Through detailed chapters, the book explores the process of applying semantic annotation to a specialized corpus comprising CVE prose descriptions linked to known ransomware threats. This approach not only organizes but also deeply analyzes these descriptions, uncovering patterns and vulnerabilities within ransomware operations. The book presents a pioneering methodology that integrates CVE descriptions with ATT&CK frameworks, significantly refining the granularity of threat intelligence.
The insights gained from a pattern-based analysis of vulnerability-related documentation are structured into a hierarchical model within an ontology framework, enhancing the capability for predictive operations. This model prepares cybersecurity professionals to anticipate and mitigate risks associated with new vulnerabilities as they are cataloged in the CVE list, by identifying recurrent characteristics tied to specific ransomware and related vulnerabilities.
With real-world examples, this book empowers its readers to implement these methodologies in their environments, leading to improved prediction and prevention strategies in the face of growing ransomware challenges.
About the Author
Claudia Lanza is currently a Research Fellow at the University of Calabria. After a yearly visting abroad period as PhD student with the TALN group at the University of Nantes, she obtained a PhD title in 2021 in ICT on a thesis focusing on the Semantic control within the Cybersecurity domain. In 2023 she was Visiting Researcher in Nancy at LORIA working on the creation of cyber-attacks classification tools as a means of guaranteeing a monitoring semantic activity in Cybersecurity triaging procedures. Her research interests cover Information Science, Documentation, Information Retrieval, Knowledge organization and representation, and Specialized domain-oriented terminology systematization.
In this monograph Claudia Lanza is the author specifically of the whole Chapter 1; for Chapter 2 is the author of Section 2.1; for Chapter 3 is the author of Section 3.2. and Sub-section 3.2.1; for Chapter 4 is the author of Section 4.1. and Sub-sections 4.1.1., 4.1.2, 4.1.2.1, 4.1.2.2, Section 4.2. and Sub-sections 4.2.1, 4.2.2, and Sub-section 4.3.2.
Abdelkader Lahmadi is an associate professor in computer science at University of Lorraine, teaching at ENSEM engineering school and doing research at LORIA and Inria in RESIST research team. Abdelkader’s research interests are in the area of cybersecurity and threat analysis in networked systems (IoT, industrial systems, 5G, etc.). More in detail, he is investigating innovative solutions in the area of automated cyber security using AI for anomaly detection, mitigation, and proactive approaches. In this area, he developed and patented a technology, named SCUBA, for discovering in an automated way the attack paths that can be exploited by an attacker through the assets of a given network. He has a Ph.D. and engineering degree in computer science. Since 2018, he has been the head of ISN (Digital Systems Engineers) degree at the ENSEM engineering school in Nancy. He has been scientific director of the LHS (High Security Laboratory) in Nancy since 2020, specializing in experimentation and analysis for cybersecurity research. Throughout his professional career, Abdelkader has contributed to numerous software developments and prototypes to validate his scientific research. He is a co-founder of CYBI, a spin-off of University of Lorraine and Inria focused on automated cybersecurity solutions using AI systems for attack path management.
Jérôme François is a senior research scientist at the university of Luxembourg in the research group SEDAN (Service and Data Management) at SnT (https://wwwen.uni.lu/snt/research/sedan) and is an affiliate member of LORIA and INRIA Lab in Nancy, France where he was a researcher and deputy team leader of RESIST team from 2014 to 2023. He received a Ph.D. degree in computer science from the University of Lorraine, France, in December 2009. His area of research is is network and service management but with a focus on security management. He developed a strong scientific expertise and practical experience in the adaptation and application of Machine Learning methods in this area. This covers different topics such as that anomaly detection, phishing prevention, botnet modelling, or honeypot and darknet monitoring as endorsed by his publications.
He participated in different national and European projects (SPARTA European Cybersecurity Competence Network, French EPR on cybersecurity , H2020 AI@EDGE, H2020 SecureIoT) and was leading the NATO international research project ThreatPredict. He developed strong partnerships with industries (e.g. Orange, Thales) and academia (joint teams with University of Waterloo in Canada and Osaka in Japan). He is a core member of network and service management community by taking several responsibilities regarding conference organization and by leading IRTF Network Management Research Group (NMRG). He is the co-founder of Cybi (https://www.cybi.fr/), a cybersecurity startup built on top of research results regarding attack path management.
In this monograph Abdelkader Lahmadi and Jérôme François are the authors specifically of the whole Chapter 2 except for just Section 2.1; for Chapter 3 are the authors of Section 3.1, and Sub-sections 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, Section 3.3. 3.3. and Sub-sections 3.3.1, 3.3.2 ; for Chapter 4 are the authors of Sub-section 4.1.2.3, Section 4.3 and Sub-section 4.3.1. The three authors jointly collaborated for the Preface and Conclusion sections.
相关文件下载地址
相关推荐
- Microsoft 365 Copilot At Work: Using AI to Get the Most from Your Business Data and Favorite Apps
- Real-World Edge Computing: Scale, secure, and succeed in the realm of edge computing with Open Horizon
- Salesforce DevOps for Architects: Discover tools and techniques to optimize the delivery of your Salesforce projects
- Mastering DevOps on Microsoft Power Platform: Build, deploy, and secure low-code solutions on Power Platform using Azure DevOps and GitHub
- Managing Project Risks, 2nd Edition
- Introduction to Python Programming