跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 鄧經業
Ching-Yeh Teng
論文名稱: 入侵威脅指標之阻擋時效研究-以IP為例
The Research on Blocking Timeliness of Indicators of Compromise - A Case Study on IP
指導教授: 陳奕明
Yi-Ming Chen
口試委員:
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理學系在職專班
Executive Master of Information Management
論文出版年: 2023
畢業學年度: 111
語文別: 中文
論文頁數: 120
中文關鍵詞: 網路威脅情資入侵威脅指標有效期限阻擋時效
外文關鍵詞: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness
相關次數: 點閱:11下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 入侵威脅指標通常採用機器可讀(Machine-Readable)格式,使其可以很容易地整合至資安設備或資安監控機制之中,故為組織應用最廣之情資類型,但隨時間推移,入侵威脅指標將會變得越來越不可靠,原先遭攻擊者利用之 IP,可能會變得合法,若持續阻擋,可能會導致誤報(False Positives),然而,實務上,並沒有任何一個標準或機制,可用來判定入侵威脅指標之阻擋時效,因此,本研究以IP為例,設計一套實務上可行之自動化入侵威脅指標阻擋時效最適化模型,並進行多項實驗,找出最適解的最適化模型。本研究所設計之最適化模型,準確率高達94.4%,召回率高達97.2%,俾利於組織可利用該模型,有效排除已過阻擋時效之入侵威脅指標。
    關鍵字:網路威脅情資、入侵威脅指標、有效期限、阻擋時效

    Indicators of Compromise (IoC) are commonly represented in machine-readable formats, making it easy to integrate them into cybersecurity devices or monitoring mechanisms. They are the most widely used type of threat intelligence in organizational applications. However, over time, IoCs can become increasingly unreliable. IP addresses that were previously used by attackers may become legitimate, and continuously blocking them could result in false positives. Unfortunately, there is currently no standard or mechanism to determine the timeliness of blocking IoCs.
    Therefore, this study focuses on IP addresses and designs a practical and optimal model for blocking timeliness of IoC. Multiple experiments are conducted to find the best solution for the optimization model. The designed optimization model in this study achieves a high accuracy rate of 94.4% and a high recall rate of 97.2%. Organizations can effectively utilize this model to eliminate expired IoCs.
    Keywords: Cyber Threat Intelligence, Indicators of Compromise, Expiration Date, Blocking Timeliness.

    中文摘要 I Abstract IV 誌謝 V 目 錄 VI 表 目 錄 VIII 圖 目 錄 X 第一章 緒論 1 1.1 研究背景 1 1.2 研究動機 2 1.3 研究目的 4 1.4 論文架構 5 第二章 文獻探討 6 2.1 網路威脅情資 6 2.1.1 定義 6 2.1.2 類型 7 2.1.3 來源 10 2.1.4 生命週期 13 2.2 入侵威脅指標 19 2.2.1 定義 19 2.2.2 類型 21 2.2.3 生命週期 24 2.3 評估入侵威脅指標 30 第三章 系統架構與實驗設計 37 3.1 阻擋時效最適化模型設計 37 3.1.1 Hash 37 3.1.2 IP位址 38 3.2 系統架構 56 3.2.1 入侵威脅指標應用機制 57 3.2.2 資安監控機制 58 3.2.3 資安防禦機制 59 3.3 系統運作流程 60 3.4 實驗設計 61 3.4.1 資料蒐集來源與方式 62 3.4.2 實驗目的與流程 65 3.4.3 實驗結果驗證方式 67 第四章 實驗結果分析 71 4.1 實驗環境 71 4.2 實驗資料 72 4.3 實驗結果 74 第五章 結論 96 5.1 研究結論與貢獻 96 5.2 未來研究方向 97 參考文獻 98 表 目 錄 表1 戰略型與戰術型威脅情資之差異 2 表2 不同的網路威脅情資分類 7 表3 不同的網路威脅情資生命週期 14 表4 基於主機與網路的入侵威脅指標分類 23 表5 IoC應用於網路狙殺鏈不同階段之行動方針 25 表6 入侵威脅指標生命週期 27 表7 評估入侵威脅指標之相關文獻 32 表8 IP位址使用類型對應之分數 42 表9 惡意行為分類對應之分數 44 表10 Verdict分類對應之分數 48 表11 IP位址相關的惡意程式樣本時間遠近對應之分數 49 表12 IP位址阻擋時效最適化模型參數之定義 55 表13 本實驗採用之開源情資來源 63 表14 混淆矩陣 69 表15 實驗環境軟硬體規格 71 表16 實驗資料集 73 表17 實驗資料集一、二、三 73 表18 實驗結果範例 76 表19 實驗資料參數值(節錄) 79 表20 實驗資料參數值量化(節錄) 81 表21 最適化模型之權重組合 82 表22 以權重組合A計算IP之分數(節錄) 83 表23 以權重組合A~O計算IP之分數(節錄) 84 表24 VirusTotal驗證結果(節錄) 85 表25 權重組合A~O之準確率 86 表26 權重組合A~O之召回率 89 表27 最適化模型之權重組合-Domain 92 表28 實驗資料集一、二、三-Domain 93 表29 權重組合A~O之準確率-Domain 94 表30 權重組合A~O之召回率-Domain 95 圖 目 錄 圖1 有效期限與阻擋時效之定義 4 圖2 資料、資訊與情資的關係 6 圖3 網路威脅情資金字塔架構 8 圖4 網路威脅情資的四種類型 10 圖5 美國情報界定義的情資蒐集來源 12 圖6 三種主要的情資蒐集來源 13 圖7 SANS定義之網路威脅情資生命週期 16 圖8 MWR資安公司定義之網路威脅情資生命週期 16 圖9 兩種網路威脅情資生命週期之比較 17 圖10 網路威脅情資生命週期的六個階段 18 圖11 三種網路威脅情資生命週期之比較 19 圖12 入侵威脅指標之範例 20 圖13 IoC痛苦金字塔模型 21 圖14 網路狙殺鏈 24 圖15 OpenIOC定義之入侵威脅指標生命週期 26 圖16 HashedOut定義之入侵威脅指標生命週期 26 圖17 入侵威脅指標策劃的生命週期 28 圖18 AbuseIPDB平台畫面 40 圖19 IP位址使用類型 41 圖20 IP位址遭濫用之可信度 42 圖21 IP位址遭回報惡意行為的分類 43 圖22 AlienVault OTX平台畫面 46 圖23 IP位址遭判定為惡意的 47 圖24 IP位址傳輸檔案的惡意比率 48 圖25 IP位址相關的惡意程式樣本(otx) 49 圖26 ThreatMiner平台畫面 50 圖27 IP位址相關的惡意程式樣本(ThreatMiner)-1 51 圖28 IP位址相關的惡意程式樣本(ThreatMiner)-2 52 圖29 IBM X-Force Exchange平台 53 圖30 IP位址的風險分數 54 圖31 系統整體架構 56 圖32 入侵威脅指標應用機制 57 圖33 SOC中心之工作內容 59 圖34 系統運作流程 60 圖35 開源情資提供的IoC清單 62 圖36 Feodo Tracker開源情資源 65 圖37 Feodo Tracker提供之入侵威脅指標清單 65 圖38 實驗流程 66 圖39 VirusTotal平台畫面 68 圖40 實驗資料集示意圖 74 圖41 實驗步驟 74

    [1] 蘇偉慶 and 林承忠, “從威脅情資分享談網路安全防禦的新趨勢,” 財金資訊季刊, no. 94, pp. 7–15, Dec. 2018.
    [2] M. Clark and A. Barros, “How to Use Threat Intelligence for Security Monitoring and Incident Response,” Gart. Tech. Prof. Advice.
    [3] M. Sahrom, S. Rahayu, A. Ariffin, and Y. Robiah, “An Enhancement of Cyber Threat Intelligence Framework,” J. Adv. Res. Dyn. Control Syst., vol. 10, pp. 96–104, Nov. 2018.
    [4] “Joint Publication 2-0 Joint Intelligence,” US Joint Chiefs of Staff, Oct. 2013. [Online]. Available: https://irp.fas.org/doddir/dod/jp2_0.pdf
    [5] I. Alsmadi, “Cyber Intelligence Analysis,” in The NICE Cyber Security Framework: Cyber Security Intelligence and Analytics, Cham: Springer International Publishing, 2019, pp. 91–134. doi: 10.1007/978-3-030-02360-7_6.
    [6] D. Chismon and M. Ruks, “Threat Intelligence Collecting, Analysing, Evaluating,” MWR InfoSecurity Ltd, 2015. [Online]. Available: https://www.foo.be/docs/informations-sharing/Threat-Intelligence-Whitepaper.pdf
    [7] Y. Kazato, Y. Nakagawa, and Y. Nakatani, “Improving Maliciousness Estimation of Indicator of Compromise Using Graph Convolutional Networks,” in 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC), Jan. 2020, pp. 1–7. doi: 10.1109/CCNC46108.2020.9045113.
    [8] M. Bromiley, “Threat Intelligence: What It Is, and How to Use It Effectively,” SANS Institute, 2016.
    [9] J. Friedman and M. Bouchard, Definitive Guide to Cyber Threat Intelligence. CyberEdge, 2015.
    [10] “Understanding the Different Types of Intelligence Collection Disciplines,” Maltego Blog, Oct. 27, 2022. https://www.maltego.com/blog/understanding-the-different-types-of-intelligence-collection-disciplines/
    [11] R. M. Clark, “Guide to the Study of Intelligence: Perspectives on Intelligence Collection,” AFIO Intell. J. US Intell. Stud., vol. 2, no. 20, pp. 47–53, Fall/Winter 2013.
    [12] RFSID, “Improve Your Threat Intelligence Strategy with These Ideas,” Recorded Future Blog, Feb. 2016. https://www.recordedfuture.com/threat-intelligence-strategy
    [13] 楊新章 and 黃怡翔, “運用公開來源文件於商業情報探勘,” presented at the 國際資訊管理研討會, 中華民國資訊管理學會, 2012.
    [14] N. Veerasamy, “Cyber Threat Intelligence Exchange: A Growing Requirement,” Jun. 2017, [Online]. Available: http://hdl.handle.net/10204/9462
    [15] G. Francisco Contreras Leão, “Assessment of Cyber Threats Discovered by OSINT,” Universidade de Lisboa, 2022.
    [16] D. Franke, “Threat Intel Processing at Scale,” SANS Institute, Mar. 2019.
    [17] “What the 6 Phases of the Threat Intelligence Lifecycle Mean for Your Team,” Recorded Future Blog, Jan. 2020. https://www.recordedfuture.com/threat-intelligence-lifecycle-phases
    [18] Yuzuka, “The Threat Intelligence Lifecycle: A Definitive Guide for 2023,” Flare Blog, Nov. 2023. https://flare.systems/learn/resources/blog/threat-intelligence-lifecycle/
    [19] C. Harrington, “Sharing Indicators of Compromise: An Overview of Standards and Formats,” EMC Crit. Incid. Response Cent., vol. 14, no. 5, pp. 28–42, 2013.
    [20] A. Villalón-Huerta, I. Ripoll-Ripoll, and H. Marco-Gisbert, “Key Requirements for the Detection and Sharing of Behavioral Indicators of Compromise,” Electronics, vol. 11, no. 3, p. 416, 2022.
    [21] C. Casey, “Indicators of Compromise: Cybersecurity’s Digital Breadcrumbs,” HashedOut Blog, Aug. 26, 2022. https://www.thesslstore.com/blog/indicators-of-compromise-cybersecuritys-digital-breadcrumbs/
    [22] M. Shahi, “Tactics, Techniques and Procedures (TTPs) to Augment Cyber Threat Intelligence (CTI): A Comprehensive Study,” 2018.
    [23] E. Hutchins, M. Cloppert, and R. Amin, “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains,” Lead. Issues Inf. Warf. Secur. Res., vol. 1, Jan. 2011.
    [24] D. Bianco, “The Pyramid of Pain,” Jan. 17, 2014. [Online]. Available: https://rvasec.com/slides/2014/Bianco_Pyramid%20of%20Pain.pdf
    [25] M. Tatam, B. Shanmugam, S. Azam, and K. Kannoorpatti, “A Review of Threat Modelling Approaches for APT-style Attacks,” Heliyon, vol. 7, no. 1, p. e05969, Jan. 2021, doi: 10.1016/j.heliyon.2021.e05969.
    [26] “The Cyber Kill Chain,” Lockheed Martin Corporation. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
    [27] “The Value of Commitment Indicators in Industry,” INCIBE-CERT Blog, Aug. 03, 2018. https://www.incibe-cert.es/en/blog/value-commitment-indicators-industry
    [28] “Sophisticated Indicators for the Modern Threat Landscape: An Introduction to OpenIOC,” OpenIOC, 2012.
    [29] K. O’Meara and M. Gardner, “End of Life of an Indicator of Compromise (IOC),” Dragos Blog, May 31, 2022. https://www.dragos.com/blog/end-of-life-of-an-indicator-of-compromise-ioc/
    [30] “2020 ICS Cybersecurity Year in Review,” Dragos, Feb. 2021. [Online]. Available: https://www.dragos.com/blog/industry-news/2020-ics-cybersecurity-year-in-review/
    [31] A. Iklody, G. Wagener, A. Dulaunoy, S. Mokaddem, and C. Wagner, “Decaying Indicators of Compromise.” arXiv, Mar. 29, 2018. doi: 10.48550/arXiv.1803.11052.
    [32] A. Dulaunoy, G. Wagener, A. Iklody, S. Mokaddem, and C. Wagner, “An Indicator Scoring Method for MISP Platforms,” Jun. 2018.
    [33] S. Mokaddem, G. Wagener, A. Dulaunoy, and A. Iklody, “Taxonomy Driven Indicator Scoring in MISP Threat Intelligence Platforms.” arXiv, Feb. 08, 2019. doi: 10.48550/arXiv.1902.03914.
    [34] “Indicators of Compromise Lifecycle Management,” Defensys Blog. https://defensys.com/blog-posts/indicators-of-compromise-lifecycle-management/
    [35] C. Wagner, A. Dulaunoy, G. Wagener, and A. Iklody, “MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform,” in Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, in WISCS ’16. New York, NY, USA: Association for Computing Machinery, Oct. 2016, pp. 49–56. doi: 10.1145/2994539.2994542.
    [36] “Decaying of Indicators - MISP Improved Model to Expire Indicators Based on Custom Models,” MISP Blog, Sep. 12, 2019. https://www.misp-project.org/2019/09/12/Decaying-Of-Indicators.html/
    [37] S. Gong, J. Cho, and C. Lee, “A Reliability Comparison Method for OSINT Validity Analysis,” IEEE Trans. Ind. Inform., vol. 14, no. 12, pp. 5428–5435, Feb. 2018, doi: 10.1109/TII.2018.2857213.
    [38] “Indicators of Compromise (IOCs): How We Collect and Use Them,” SecureList by Kaspersky, Dec. 02, 2022. https://securelist.com/how-to-collect-and-use-indicators-of-compromise/108184/ (accessed Apr. 07, 2023).
    [39] “IoC Management,” CheckPoint Horizon SOC Administration Guide. https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Horizon-SOC/Content/Topics-Horizon-SOC/IoC-Management.htm?TocPath=IoC%20Management%7C_____0 (accessed Apr. 09, 2023).
    [40] Clark M., “A Guide to Indicator Expiration,” ThreatQuotient, Mar. 14, 2017. https://www.threatq.com/a-guide-to-indicator-expiration/ (accessed Apr. 09, 2023).
    [41] “Best Practices for Optimizing Custom Indicators,” Microsoft Techcommunity, Aug. 23, 2021. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/best-practices-for-optimizing-custom-indicators/ba-p/2670357 (accessed Apr. 09, 2023).
    [42] “AbuseIPDB - IP Address Abuse Reports,” AbuseIPDB. https://www.abuseipdb.com/ (accessed Apr. 10, 2023).
    [43] “Marathon Studios - Building Web Brands,” Marathon Studios, Inc. https://www.marathon-studios.com/ (accessed Apr. 10, 2023).
    [44] S. N. Thanh Vu, M. Stege, P. I. El-Habr, J. Bang, and N. Dragoni, “A Survey on Botnets: Incentives, Evolution, Detection and Current Trends,” Future Internet, vol. 13, no. 8, Art. no. 8, Aug. 2021, doi: 10.3390/fi13080198.
    [45] “What is a Content Delivery Network (CDN)? How do CDNs work?,” Cloudflare Blog. https://www.cloudflare.com/learning/cdn/what-is-a-cdn/ (accessed Apr. 10, 2023).
    [46] “AbuseIPDB APIv2 Documentation,” AbuseIPDB. https://docs.abuseipdb.com/#configuring-fail2ban (accessed Apr. 24, 2023).
    [47] “AbuseIPDB Report Categories,” AbuseIPDB. https://www.abuseipdb.com/categories (accessed Apr. 10, 2023).
    [48] “What is DNS Cache Poisoning?,” Cloudflare Blog. https://www.cloudflare.com/learning/dns/dns-cache-poisoning/ (accessed Apr. 10, 2023).
    [49] “AlienVault Open Threat Exchange,” AlienVault. https://otx.alienvault.com/browse/global/pulses?include_inactive=0&sort=-modified&page=1&limit=10 (accessed Apr. 10, 2023).
    [50] R. Kirk, “Threat Sharing – A Neighbourhood Watch for Security Practitioners,” Netw. Secur., vol. 2015, no. 12, pp. 5–7, Dec. 2015, doi: 10.1016/S1353-4858(15)30109-4.
    [51] L. Rudman and B. Irwin, A Sharing Platform for Indicators of Compromise. 2016.
    [52] “ThreatMiner - Data Mining for Threat Intelligence,” ThreatMiner.org. https://www.threatminer.org/ (accessed Apr. 10, 2023).
    [53] “IBM X-Force Exchange,” IBM X-Force Exchange, Nov. 03, 2022. https://exchange.xforce.ibmcloud.com/exchange.xforce.ibmcloud.com (accessed Apr. 24, 2023).
    [54] “IBM X-Force Exchange威脅情資平台 在駭客上門前 先一步強化安全,” iThome. https://www.ithome.com.tw/pr/124533 (accessed Apr. 24, 2023).
    [55] “企業該如何掌握網路威脅情資,以有效阻擋惡意攻擊,” iThome. https://www.ithome.com.tw/tech/108544 (accessed Apr. 11, 2023).
    [56] “Importing External Custom Intelligence Feeds in CLI,” CheckPoint Threat Prevention R81 Administration Guide. https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ThreatPrevention_AdminGuide/Topics-TPG/Importing-External-Custom-Intelligence-Feeds-in-CLI.htm?tocpath=Configuring%20Advanced%20Threat%20Prevention%20Settings%7CConfiguring%20Threat%20Indicators%7CImporting%20External%20Custom%20Intelligence%20Feeds%7C_____1 (accessed Apr. 11, 2023).
    [57] K. K. Watson, “Deploying Indicators of Compromise (IOCs) for Network Defense,” Feb. 2021.
    [58] “Real-Time Indicator Feeds,” Center for Internet Security, CIS. https://www.cisecurity.org/ms-isac/services/real-time-indicator-feeds/ (accessed Apr. 11, 2023).
    [59] “What is the Difference Between SIEM and SOC,” Mezmo. https://www.mezmo.com/learn-observability/what-is-the-difference-between-siem-and-soc (accessed Apr. 11, 2023).
    [60] N. Miloslavskaya, Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers. 2018, p. 288. doi: 10.1007/978-3-319-63940-6_40.
    [61] B. Leung, “Security Information and Event Management (SIEM) Evaluation Report,” 2021.
    [62] “ThreatConnect SIEM Threat Intelligence Whitepaper,” ThreatConnect. Accessed: Apr. 11, 2023. [Online]. Available: https://threatconnect.com/wp-content/uploads/ThreatConnect-SIEM-Threat-Intelligence-Whitepaper.pdf
    [63] “Adding Intelligence to Your SIEM: What Threat Intelligence is and why it is Important,” MicroFocus. Accessed: Apr. 11, 2023. [Online]. Available: https://www.microfocus.com/media/flyer/adding_intelligence_to_your_siem_what_threat_intelligence_is_and_why_it_is%20important_flyer.pdf
    [64] “What is a Firewall?,” Forcepoint, Aug. 09, 2018. https://www.forcepoint.com/cyber-edu/firewall (accessed Apr. 11, 2023).
    [65] “BlackListTotal,” BlackListTotal. https://www.blacklisttotal.com/ (accessed Apr. 12, 2023).
    [66] “BlacklistTotal威脅情資平台介紹,” L7 Networks. https://www.tw.l7-networks.com/poweredbyblaclisttotal (accessed Apr. 12, 2023).
    [67] “Binary Defense Threat Intelligence Feed,” Binary Defense. https://www.binarydefense.com/banlist.txt (accessed Apr. 12, 2023).
    [68] “Botvrij.EU - Powered by MISP,” Botvrij.EU. https://www.botvrij.eu/ (accessed Apr. 12, 2023).
    [69] D. Baglieri, “DigitalSide Threat-Intel.” Apr. 01, 2023. Accessed: Apr. 12, 2023. [Online]. Available: https://github.com/davidonzo/Threat-Intel
    [70] “Feodo Tracker,” Feodo Tracker. https://feodotracker.abuse.ch/ (accessed Apr. 12, 2023).
    [71] “Feodo Tracker Blocklist,” Feodo Tracker. https://feodotracker.abuse.ch/blocklist/#tos (accessed Apr. 12, 2023).
    [72] C. Tsaousis, “FireHOL IP Lists, IP Blacklists, IP Reputation Feeds,” FireHOL. http://iplists.firehol.org/ (accessed Apr. 12, 2023).
    [73] “FireHOL IP Lists介紹,” L7 Networks. https://kb.l7-networks.com/ (accessed Apr. 12, 2023).
    [74] M. Stampar, “IPSum.” Apr. 06, 2023. Accessed: Apr. 12, 2023. [Online]. Available: https://github.com/stamparm/ipsum
    [75] M. Stampar and M. Kasimov, “Maltrail - Malicious Traffic Detection System.” Dec. 2014. doi: 10.23721/100/1503924.
    [76] “VirusTotal,” VirusTotal. https://www.virustotal.com/gui/home/upload (accessed Apr. 12, 2023).
    [77] J. Liu et al., “TriCTI: an actionable cyber threat intelligence discovery system via trigger-enhanced neural network,” Cybersecurity, vol. 5, p. 8, Apr. 2022, doi: 10.1186/s42400-022-00110-3.
    [78] “VirusTotal Multisandbox += Microsoft Sysinternals.” https://blog.virustotal.com/2021/10/virustotal-multisandbox-microsoft.html (accessed May 16, 2023).
    [79] “VirusTotal support integrated into new version of Process Explorer.” https://www.virusbulletin.com/blog/2014/01/virustotal-support-integrated-new-version-process-explorer/ (accessed May 16, 2023).
    [80] “Fortinet FortiSOAR v3.0.2 Connect VirusTotal.” https://docs.fortinet.com/document/fortisoar/3.0.2/virustotal/374/docs.fortinet.com/document/fortisoar/3.0.2/virustotal/374/virustotal-v3-0-2 (accessed May 16, 2023).
    [81] “VirusTotal += Fortinet URL Scanner.” https://blog.virustotal.com/2013/03/virustotal-fortinet-url-scanner.html (accessed May 16, 2023).
    [82] https://community.checkpoint.com/t5/user/viewprofilepage/user-id/34642, “Malware Catcher and Analyst: Virus Total and SandBlast Cooperation,” Check Point CheckMates, Apr. 02, 2021. https://community.checkpoint.com/t5/Scripts/Malware-catcher-and-analyst/td-p/115143 (accessed May 16, 2023).
    [83] “VirusTotal += Check Point.” https://blog.virustotal.com/2017/03/virustotal-check-point.html (accessed May 16, 2023).
    [84] “VirusTotal += Palo Alto Networks.” https://blog.virustotal.com/2017/03/virustotal-palo-alto-networks.html (accessed May 16, 2023).
    [85] “CrowdStrike Virustotal Partner Integration Data Sheet,” crowdstrike.com. https://www.crowdstrike.com/resources/data-sheets/virustotal-integration/ (accessed May 16, 2023).
    [86] “Confusion matrix,” Wikipedia. Apr. 07, 2023. Accessed: May 16, 2023. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Confusion_matrix&oldid=1148699071
    [87] “Precision and recall,” Wikipedia. Apr. 09, 2023. Accessed: May 16, 2023. [Online]. Available: https://en.wikipedia.org/w/index.php?title=Precision_and_recall&oldid=1149017180#F-measure
    [88] M. Stampar, “Blackbook of Malware Domains.” May 24, 2023. Accessed: May 25, 2023. [Online]. Available: https://github.com/stamparm/blackbook
    [89] “ZoneFiles Compromised Domain Lists.” https://zonefiles.io/compromised-domain-list/ (accessed May 25, 2023).

    QR CODE
    :::