A Conceptual Model for Data-Driven Threat Analysis for Enhancing Cyber Security

Alwaheidi, Mohammed K. S.; Islam, Shareeful; Papastergiou, Spyridon

doi:10.1007/978-3-031-14054-9_34

Mohammed K. S. Alwaheidi¹⁶,
Shareeful Islam^17,19 &
Spyridon Papastergiou^18,19

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1431))

Included in the following conference series:

The International Conference on Innovations in Computing Research

454 Accesses

Abstract

Technology has become increasingly adopted by businesses for achieving overall objectives. Systems within these technologies generate a huge amount of data. It is necessary to identify the data and undertake appropriate controls to protect the data from any potential threats. Data, in general, is different types, such as operational and business which have different costs and impact on the overall business continuity. Threat analysis needs to consider various data types and associated weaknesses related to an organisational context’s systems and applications. There are numerous threat models available, but there is a lack of focus on analysing and prioritizing threats relating to the data. This paper presents a data-driven approach for threat analysis and a conceptual model. The model includes several concepts, i.e., actor, infrastructure, data and weakness, to analyse the data and threats from three phases management, control and business. Finally, a running example is used to demonstrate the applicability of the work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 189.00; Price excludes VAT (USA)

Softcover Book: USD 249.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Casola, V., De Benedictis, A., Rak, M., Villano, U.: Toward the automation of threat modeling and risk assessment in IoT systems. Internet Things 7 (2019)
Google Scholar
Tanyi, F.: Attack modeling and risk assessments in software defined networking (SDN) (2019)
Google Scholar
Pell, R., Moschoyiannis, S., Panaousis, E., Heartfield, R.: Towards dynamic threat modelling in 5g core networks based on mitre att&ck a preprint (2021)
Google Scholar
Kohnfelder, L., Garg, P.: The threats to our products, Microsoft Interface, Microsoft Corp., vol. 33 (1999)
Google Scholar
UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons, Hoboken (2015)
Google Scholar
Shevchenko, N.: Threat Modeling: 12 Available Methods (2018). https://insights.sei.cmu.edu/sei_blog/2018/12/threat-modeling-12-available-methods.html. Accessed 25 Feb 2020
Scarfone, K., Souppaya, M.: Draft NIST Special Publication 800–154 Guide to Data-Centric System Threat Modeling Draft NIST Special Publication 800–154 Guide to Data-Centric System Threat Modeling (2016)
Google Scholar
Bharathi, B.B., Babu, E.S.: A novel approach to cyber hazard management intelligence system. Int. J. Eng. Technol. 7, 473–479 (2018)
Article Google Scholar
Bradshaw, S.: Chapter eight: combatting cyber threats: CSIRTS and fostering, Cyber Secur. a Volatile World, p. 105 (2016)
Google Scholar
CWE–Common Weakness Enumeration (2022). https://cwe.mitre.org/index.html. Accessed 18 Jan 2022
CWE–CWE-521: Weak Password Requirements (4.6). https://cwe.mitre.org/data/definitions/521.html. Accessed 27 Jan 2022
CAPEC–Common Attack Pattern Enumeration and Classification (CAPEC^TM) (2022). https://capec.mitre.org/. Accessed 18 Jan 2022
CAPEC–CAPEC-49: Password Brute Forcing (Version 3.6). https://capec.mitre.org/data/definitions/49.html. Accessed 27 Jan 2022
Joint Task Force: National Institute of Standards and Technology Special Publication 800–53, Revision 5 : Security and Privacy Controls for Information Systems and Organizations, NIST Spec. Publ., p. 465 (2020)
Google Scholar

Download references

Acknowledgment

This work was partially supported by the AI4HEALTHSEC EU project, funded from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 883273.

Author information

Authors and Affiliations

School of Architecture Computing and Engineering, University of East London, London, UK
Mohammed K. S. Alwaheidi
School of Computing and Information Science, Anglia Ruskin University, Cambridge, UK
Shareeful Islam
Department of Informatics, University of Piraeus, Piraeus, Greece
Spyridon Papastergiou
Focal Point, Brussels, Belgium
Shareeful Islam & Spyridon Papastergiou

Authors

Mohammed K. S. Alwaheidi
View author publications
You can also search for this author in PubMed Google Scholar
Shareeful Islam
View author publications
You can also search for this author in PubMed Google Scholar
Spyridon Papastergiou
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Shareeful Islam .

Editor information

Editors and Affiliations

University of Detroit Mercy, Detroit, MI, USA
Kevin Daimi
Kent Institute Australia, Sydney, NSW, Australia
Abeer Al Sadoon

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Alwaheidi, M.K.S., Islam, S., Papastergiou, S. (2022). A Conceptual Model for Data-Driven Threat Analysis for Enhancing Cyber Security. In: Daimi, K., Al Sadoon, A. (eds) Proceedings of the ICR’22 International Conference on Innovations in Computing Research. ICR 2022. Advances in Intelligent Systems and Computing, vol 1431. Springer, Cham. https://doi.org/10.1007/978-3-031-14054-9_34

Download citation

DOI: https://doi.org/10.1007/978-3-031-14054-9_34
Published: 11 August 2022
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14053-2
Online ISBN: 978-3-031-14054-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics