Book Review: Cyber Threat Intelligence
Cyber Threat Intelligence. Edited by Ali Dehghantanha, Mauro Conti, and Tooska Dargahi. Springer International Publishing; springer.com; 334 pages; $109.
Immersion is a valid educational strategy, and this book immerses the reader in the highly technical field of searching, identifying, and classifying malware anomalies through the artificial intelligence practice of machine learning (ML). The 16 chapters in Cyber Threat Intelligence—separate articles drafted by an impressive array of global cyber experts—are heavy with intimidating technical terms, graphs, and algorithms.
This is good, because security professionals responsible for cyber holdings must at least familiarize themselves with this field just as they must continually upgrade their awareness of current terrorism and intelligence threats and the countermeasures required to defeat them.
A picture emerges of ML techniques employed for static or dynamic analysis, both of which have strengths and weaknesses, all toward the noble goal of detecting malware anomalies that may be identified and classified for further research.
One important topic is the Border Gateway Protocol (BGP), which refers to the paths cyber messages take to their ultimate destinations. In this book, the authors point out that because anomalies of the BGP affect network operations, their detection is important. They describe the main properties of the protocol and datasets that contain BGP records collected from various public and private domain repositories, then employ various algorithms to extract the most relevant features that are later used to classify BGP anomalies.
Other chapters further expand on using ML to detect anomalies, most notably within the contexts and relevance of known threats, opportunities, and environments, such as ransomware, botnets and intrusion detection, phishing, Darknet, honeypots, and cloud computing. Ordinary computer users may be surprised that one of the venues for hacker exploitation is the Portable Document Format, or PDF.
This reviewer suspects that there are other books that could provide what this one does, but he has not yet seen them. For now, Cyber Threat Intelligence offers responsible security professionals a chance to come face to face with the cyberthreat detectors of the modern era. Many may be intimidated by the “computerese,” equations, and algorithms that litter the book, but they have the educational advantage of engaging with the genuine article, not a sugar-coated primer.
Reviewer: James T. Dunne, CPP, is a member of the ASIS Council for Global Terrorism, Political Instability, and International Crime. He was a part-time instructor at the George Washington University and is a senior analyst in the State Department’s Bureau of Diplomatic Security. The views expressed in this article are those of the author, and do not necessarily reflect those of the U.S. Department of State or the U.S. government.