Authors: Dimitrios Christos Asimopoulos (MINDS), Pavlos Bouzinis (MINDS), Aikaterini Karampasi (UOWM)
The digital era has made the risks to cybersecurity graver than ever before for the integrity and safety of our digital infrastructure. Therefore, the following advancements for innovation in such a changing environment are required to defend against malicious actors. AI4COLLAB is developed to alert and defend from the probable danger of a cyber-attack; an innovative implementation to distribute Cyber Threat Intelligence (CTI) widely and openly to everyone.
CTI sharing is one of the core practices in cybersecurity, widely supported by European institutions and enshrined in the legislation, including the Network and Information Security 2 (NIS2) Directive. Organizations work together to strengthen their defences by sharing the details of any cyber incidents pertaining to indicators of compromise, artifacts, Tactics, Techniques and Procedures (TTPs), and mitigation actions. This practice is not only recommendable but tends to become a must-do by the Operators of Essential Services (OES) and Critical Infrastructure Operators.
AI4COLLAB is working towards these weaknesses by integrating CTI sharing platforms such as MISP and OpenCTI in order to improve the scope and quality of CTI coverage. AI4COLLAB uses artificial intelligence methods, so that it works as an automatic sensitive information detector from CTI data, and it can anonymize information while keeping information utility with respect to privacy and confidentiality.
The architecture of AI4COLLAB shown in the figure above is meticulously designed with a focus on efficiency and security. Its core consists of multiple containers with functionality:
- MISP Converter and Enricher: This acts as the initial touchpoint for incoming CTI events, transforming them into a format suitable for further processing and enrichment.
- Anonymiser: Utilizing the Presidio library, this container detects and masks sensitive information, ensuring that CTI remains both useful and compliant with privacy laws.
- Local MISP Instance: It facilitates participation in global MISP communities, sharing anonymized CTI data while allowing for local configuration and management.
- OpenCTI: Broadening the horizon, this container fetches and processes CTI from additional sources, converting them into the STIX format for a unified operational picture.
- TLS Termination Proxy: This container ensures that all incoming connections are secure, providing encrypted access to the system’s internal components.
The implementation of AI4COLLAB exemplifies how collaborative technologies could significantly contribute to the uplifting of the level of our cyber defense. By automating the detection and anonymization of sensitive information within the incident data and ensuring fast-forwarding CTI sharing, AI4COLLAB is not only robust but also very scalable, due to automation in detection and anonymization of sensitive information. As threats continue to grow, cyber strategy must become more secure. AI4COLLAB demonstrates the power of collaboration and advanced technology in securing our digital future, by creating an environment where information sharing is protected and secured.