Intelligence Graphs for Threat Intelligence and Security Policy Validation of Cyber Systems

Abstract

While the recent advances in data science and machine learning attract lots of attention in cyber security because of their promise for effective security analytics, vulnerability analysis, risk assessment, and security policy validation remain slightly aside. This is mainly due to the relatively slow progress in the theoretical formulation and the technological foundation of the cyber security concepts such as logical vulnerability, threats, and risks. In this article, we are proposing a framework for logical analysis, threat intelligence, and validation of security policies in cyber systems. It is based on multi-level model, consisting of ontology of situations and actions under security threats, security policies governing the security-related activities, and graph of the transactions. The framework is validated using a set of scenarios describing the most common security threats in digital banking, and a prototype of an event-driven engine for navigation through the intelligence graphs has been implemented. Although the framework was developed specifically for application in digital banking, the authors believe that it has much wider applicability to security policy analysis, threat intelligence, and security by design of cyber systems for financial, commercial, and business operations.