Lists
Lists
Halane, Abdiweli Mohamed (2025) How to share cyber intelligence automatically in real-time by using system architecture process. Doctoral thesis, London Metropolitan University.
Cyber dangers have grown, as cyber-attackers exploit unknown but extant software and system vulnerabilities through phishing, ransomware, and malware attacks. Even though cyber intelligence (CI) sharing is important as a defence mechanism, its implementation is hindered by issues such as lack of standardisation, lack of automation, lack of trust between businesses, need for timely and efficient processes, legal barriers, and privacy concerns. Current CI sharing platforms rely heavily on informal community-based platforms or semi-automated methods which includes emails communications, phone calls, voucher systems, or in-person meetings, and struggle to distribute timely, relevant, and actionable intelligence. This delay in distribution makes shared intelligence less effective against malware attacks especially, and makes cyber defence not proactive. This study tackles these malware detection and defence limitations by recommending the Proactive Self Defence Cyber Intelligence Sharing (PSDCIS) Model; a novel model that automatically integrates security systems in real-time CI exchange, that is fully automated without human intervention. The model is akin to the philosophy of Sun Tzu, by allowing systems to engage with threat situations, get fresh malware intelligence, and share it in real time to initiate proactive defence. To develop the PSDCIS model, this study investigated three CI sharing models which are Structured Intelligence Sharing Model, Detection Maturity Level (DML) Model, and the Cyber Threat Intelligence (CTI) Model. In addition, five CI sharing systems were assessed which are Collective Intelligence Framework (CIF), Malware Information Sharing Platform (MISP), Webroot Intelligence Network (WIN), Darknet and Deepnet Cyber Security Threat Intelligence, and the Proactive Threat Analysis of Cyber Threat Intelligence. The problem discovered was that even though these models gather malware intelligence and centralise them effectively, the delay in processing and the lack of an all-in-one system integration reduce the operational value of real-time defence. In response, this research study created the PSDCIS model; an automatic State Machine (SM) model that can gather intelligence, analyse datasets using Machine Learning classification algorithms and instantly share malware intelligence with managers, system administrators and security systems, and also mitigate broader cyber risks.
 |
View Item |