Cyber Intelligence Assessment- an approach through Entropy

摘要

The conventional methods of defence against cyber attacks are classified principally under signature verification and pattern recognition. The weaknesses inherent in them enables the hackers to penetrate the cyber security. Hence Cyber threat intelligence has become a fundamental component of any advanced cyber security program. Other than the advance warning of incidences received from shared sources, the cyber intelligence is basically derived from the vast information generated from the in house systems, like SIEM data for anomaly and deviation. Assuming a probability distribution of the anomalies arriving in the SIEM system attempt in this paper is taking Shanon’s Entropy as a measure for the uncertainty for a typical data set. As in machine learning a model probability distribution of the alerts in the SIEM may be taken as ‘training data’ and the corresponding Entropy value as reference. Now for any sample of an actual Alerts is likely to have a different probability distribution. A Cross Entropy of this new distribution against the reference model will give the divergence value. This paper proposes to take this divergence as an index for assessment of the cyber intelligence.