CSR ACTI 2021

2021 IEEE CSR Workshop on Actionable Cyber Threat Intelligence (ACTI)

July 28, 2021

Over the past recent years, Cyber Threat Intelligence (CTI) has attracted a considerable attention and investment from the cyber security research community. As such, CTI standards, definitions and practices have reached a notable maturity level; the direction towards standardization of CTI exchange languages such as Structural Threat Information Exchange (STIX), Incident Object Description Exchange Format (IODEF) as well as the efforts for a systematic organization and curation of threats under popular frameworks such as MITRE’s ATT&CK matrices, vulnerability databases and enumerations, have set the foundations for reaching a high situational awareness potential.

Actionable CTI is an international workshop aiming to expand and exploit the competencies delivered by the standardization efforts in CTI, by fusing this domain with enabling disciplines such as artificial intelligence and machine learning, risk management approaches, as well as best practices in SecOps and Early Warning System deployments, including reporting and crowdsourcing, in order to make the cyber security information and knowledge actionable and of high subsequent value. We also welcome research on novel designs and design methods to help empowering citizens with tools and literacy and increase their ability in recognizing, reporting and combatting threats.

Topics of Interest

Prospective authors are encouraged to submit previously unpublished contributions from a broad range of topics, which include but are not limited to the following:

› Privacy compliance in CTI exchange
› CTI in malware and vulnerability analysis
› Sociotechnical aspects of CTI
› CTI for smart cities, industrial and cyber physical systems
› CTI datasets
› CTI for cyber attribution
› Data analysis and CTI
› CTI and situational awareness

› CTI in early warning systems
› CTI quality and metrics
› Psychological and cognitive aspects of CTI
› Deception systems
› Reporting and crowdsourcing for CTI
› Cyber behavior and CTI
› CTI and threat hunting

Important Dates

Paper submission deadline: ~~April 19~~ May 10, 2021 AoE (firm)
Authors’ notification: ~~May 3~~ May 31, 2021 AoE
Camera-ready submission: ~~May 10~~ June 7, 2021 AoE
Early registration deadline: June 14, 2021 AoE
Workshop date: July 28, 2021

Submission Guidelines

The workshop’s proceedings will be published by IEEE and will be included in IEEE Xplore. The guidelines for authors, manuscript preparation guidelines, and policies of the IEEE CSR conference are applicable to ACTI 2021 workshop. Please visit the authors’ instructions page for more details. When submitting your manuscript via the conference management system, please make sure that the workshop’s track 2T1 ACTI is selected in the Topic Areas drop down list.

Workshop Committees

Workshop chair

Vasilis Katos, Bournemouth University (UK)

Organizing committee

Sotiris Ioannidis, Technical University of Crete (GR)
Florent Kirchner, CEA (FR)
Wim Mees, Royal Military Academy (BE)
Constantinos Patsakis, University of Piraeus (GR)
Todor Tagarev, Institute of Information and Communication Technologies (BG)
Konstantinos Votis, Centre for Research and Technology (GR)
Cagatay Yucel, Bournemouth University (UK)

Publicity chair

Marton Kis, Semmelweis University (HU)

Contact us

cert@bournemouth.ac.uk

Program committee

Raian Ali, Hamad bin Khalifa University (QA)
Saif Al-Kuwari, Hamad bin Khalifa University (QA)
Louis Galindo Sanchez, Telefonica (ES)
Evaldas Bruze, Lithuanian Cybercrime Center of Excellence (LT)
Fran Casino, University of Piraeus (GR)
Ioannis Chalkias, Bournemouth University (UK)
Jane Henriksen-Bulmer, Bournemouth University (UK)
Ahmet Koltuksuz, Yasar University (TR)
Theodoros Kostoulas, University of the Aegean (GR)
Cornelius Ncube, British University in Dubai (AE)
Marcin Niemiec, AGH (PL)
Notis Mengidis, Centre for Research and Technology (GR)
Andrii Shalaginov, Norwegian University of Science and Technology (NO)
Nikolai Stoianov, Bulgarian Defence Institute (BG)
Theodora Tsikrika, Centre for Research and Technology (GR)
Egidija Versinskiene, Lithuanian Cybercrime Center of Excellence (LT)
Antonis Voulgaridis, Centre for Research and Technology (GR)
Stefanos Vrochidis, Centre for Research and Technology (GR)

Selected papers will be invited to submit an extended full paper for publication consideration in Security and Communication Networks, Special Issue on Advances in Cyber Threat Intelligence, https://www.hindawi.com/journals/scn/si/832075/

Supported by

ACTI Program

All sessions are held in Nafsika room (July 28, 2021)

Keynote session WS-ACTI1 Chair: Vasilis Katos, Bournemouth University (UK)
10:00–10:20 CET	Welcome from the ACTI workshop chair V. Katos
10:20–11:00 CET	Invited talk: Stop chasing rabbits: The case of actionable intelligence where the rubber meets the road Azeem Aleem, NTT (UK) Abstract. ‘It must be expected something unexpected will happen’ Aristotle (384-322 BC). These are unprecedented times for business; however, risk/crisis management is nothing new for humanity. It would be wrong to assume that threat intelligence is a modern-day concern. In fact, navigating through history makes us realize that risk intelligence management and development are the oldest recorded human activities. There’s an ancient Chinese proverb that says, ‘the man who chases two rabbits catches neither. Right now, this is an excellent philosophy for cybersecurity specialists. We live in a world where there is no shortage of threat intelligence. Organizations are overwhelmed by intelligence, making it challenging for them to decide what’s relevant to their specific environment and circumstances. This session aims to analyze the maturity journey towards Proactive Actionable Intelligence. Using a tactical case study based approach and predictive analytics, the session will encourage discussion on developing innovative defense, discovery, architectural design, testing, implementation, and operations. We will discuss how detaching the opinion/ desirability bias from intelligence is always difficult but is the key for hunting mindset/ culture. Biography. An experienced information security executive with over 15 years of practitioner experience in cyber defence technologies, security operations, counter threat intelligence, data analytics and behavioral classification of cyber criminal. Within the domain of organisational operations Azeem has an extensive experience in managing P&L, driving operational excellence, change management and process reengineering. Azeem has been at the forefront of architecting cyber resilience capability against Advanced Persistent Threats (APT) for some of the best financial, government and public sector organisations across Europe, the US, Asia and the Middle East. He has worked extensively with the national and international law enforcement agencies around intelligence training, detection and investigation of cyber crime. As a subject matter expert, he has made frequent appearance on regional television and radio programmes as an expert on cyber threats. A published book author and academic criminologist, he has also authored several periodical on advanced security threats in peer reviewed journals and security magazines. He is an eminent plenary conference guest speaker both at the national and international level.

Coffee break

Technical session WS-ACTI2 Chair: Cagatay Yucel, Bournemouth University (UK)
11.40–12:00 CET	Mapping cyber threat intelligence to probabilistic attack graphs A. Gylling, M. Ekstedt, Z. Afzal, and P. Eliasson
12.00–12:20 CET	A tree-based machine learning methodology to automatically classify software vulnerabilities G. Aivatoglou, M. Anastasiadis, G. Spanos, A. Voulgaridis, K. Votis, and D. Tzovaras
12.20–12:40 CET	Evaluation and enhancement of the actionability of publicly available cyber threat information in digital forensics A. Dimitriadis, E. Lontzetidis, and I. Mavridis
12.40–13:00 CET	A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms B. Stojkovski and G. Lenzini

Lunch break

Technical session WS-ACTI3 Chair: Ioannis Chalkias, Bournemouth University (UK)
14:00–14:20 CET	CTI blockchain-based sharing using proof-of-quality consensus algorithm D. Chatziamanetoglou and K. Rantos
14:20–14:40 CET	Towards intrusion response intel K. Hughes, K. McLaughlin, and S. Sezer
14:40–15:00 CET	Data sanitisation and redaction for cyber threat intelligence sharing platforms C. Yucel, I. Chalkias, D. Mallis, D. Cetinkaya, J. Henriksen-Bulmer, and A. Cooper
15:00–15:20 CET	Named entity recognition in cyber threat intelligence using transformer-based models P. Evangelatos, C. Iliou, T. Mavropoulos, K. Apostolou, T. Tsikrika, S. Vrochidis, and I. Kompatsiaris

Coffee break

Technical session WS-ACTI4 Chair: Dimitrios Mallis, Bournemouth University (UK)
15:40–16:00 CET	Towards selecting informative content for cyber threat intelligence P. Panagiotou, C. Iliou, K. Apostolou, T. Tsikrika, S. Vrochidis, P. Chatzimisios, and I. Kompatsiaris
16:00–16:20 CET	Trust and quality computation for cyber threat intelligence sharing platforms K. B. Mavzer, E. Konieczna, H. Alves, C. Yucel, I. Chalkias, D. Mallis, D. Cetinkaya, and L. Galindo Sanchez
16:20–16:40 CET	Towards automated matching of cyber threat intelligence reports based on cluster analysis in an Internet-of-vehicles environment G. E. Raptis, C. Katsini, and C. Alexakos
16:40–17:00 CET	Workshop’s closing remarks V. Katos

See also the conference’s overall program.

Accepted Papers

A tree-based machine learning methodology to automatically classify software vulnerabilities
G. Aivatoglou, M. Anastasiadis, G. Spanos, A. Voulgaridis, K. Votis, and D. Tzovaras

A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms
B. Stojkovski and G. Lenzini

CTI blockchain-based sharing using proof-of-quality consensus algorithm
D. Chatziamanetoglou and K. Rantos

Data sanitisation and redaction for cyber threat intelligence sharing platforms
C. Yucel, I. Chalkias, D. Mallis, D. Cetinkaya, J. Henriksen-Bulmer, and A. Cooper

Evaluation and enhancement of the actionability of publicly available cyber threat information in digital forensics
A. Dimitriadis, E. Lontzetidis, and I. Mavridis

Mapping cyber threat intelligence to probabilistic attack graphs
A. Gylling, M. Ekstedt, Z. Afzal, and P. Eliasson

Named entity recognition in cyber threat intelligence using transformer-based models
P. Evangelatos, C. Iliou, T. Mavropoulos, K. Apostolou, T. Tsikrika, S. Vrochidis, and I. Kompatsiaris

Towards automated matching of cyber threat intelligence reports based on cluster analysis in an Internet-of-vehicles environment
G. E. Raptis, C. Katsini, and C. Alexakos

Towards intrusion response intel
K. Hughes, K. McLaughlin, and S. Sezer

Towards selecting informative content for cyber threat intelligence
P. Panagiotou, C. Iliou, K. Apostolou, T. Tsikrika, S. Vrochidis, P. Chatzimisios, and I. Kompatsiaris

Trust and quality computation for cyber threat intelligence sharing platforms
K. B. Mavzer, E. Konieczna, H. Alves, C. Yucel, I. Chalkias, D. Mallis, D. Cetinkaya, and L. Galindo Sanchez

See also the conference’s overall list of accepted papers.