The fourth publication for the TIDE project. The FIRST talk (see here) has
been extended into a journal paper for Digital Threats: Research and Practice
(DTRAP). In this paper we argue that we, as a security community, should move
towards proactive security. However, we shed light on both sides of the coin. We
think the ‘optimal’ way is to combine the reactive and proactive methods, to
make use of the best of both worlds.

The Internet exposes us to cyberthreats attacking information, services and the Internet infrastructure itself. Such attacks are typically detected in a reactive fashion. The downside of this approach is that alerts of an attack is issued as it is happening. In this paper weadvocate that the security community could benefit by complementing traditional reactive solutions with a proactive threat detectionapproach, as this would enable us to provide early warnings by analyzing and detecting threat indicators in actively collected data. Bydescribing three use cases from the DNS domain, we highlight the strengths and limitations of proactive threat detection and discusshow we could integrate those with existing solutions.

Slides of the presentation are available here: pdf