Measuring and visualizing cyber threat intelligence quality-Reference-Cited by-同舟云学术

Measuring and visualizing cyber threat intelligence quality

Published:2020-03-02 Issue:1 Volume:20 Page:21-38
ISSN:1615-5262
Container-title:International Journal of Information Security
language:en
Short-container-title:Int. J. Inf. Secur.

Author:

Schlette Daniel^ORCID,Böhm Fabian^ORCID,Caselli Marco,Pernul Günther

Abstract

AbstractThe very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.

Funder

Horizon 2020

Publisher

Springer Science and Business Media LLC

Subject

Computer Networks and Communications,Safety, Risk, Reliability and Quality,Information Systems,Software

Link

http://link.springer.com/content/pdf/10.1007/s10207-020-00490-y.pdf

Reference32 articles.

1. Symantec Corporation.: Internet security threat report 2019 (2019). https://www.symantec.com/content/dam/ symantec/docs/reports/istr-24-2019-en.pdf

2. Riesco, R., Villagrá, V.A.: Leveraging cyber threat intelligence fora dynamic risk framework. Int. J. Inf. Secur. 18, 715–739 (2019)

3. Ponemon Institute LLC.: Live threat intelligence impact report 2013 (2013). https://www.ponemon.org/blog/ live-threat-intelligence-impact-report-2013-1

4. Ring, T.: Threat intelligence: Why people don’t share. Comput. Fraud Secur. 2014(3), 5 (2014)

5. Sillaber, C., Sauerwein, C., Mussmann, A., Breu, R.: Data quality challenges and future research directions in threat intelligence sharing practice. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security - WISCS’16, pp. 65–70. ACM, New York (2016)

Cited by 44 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Improving quality of indicators of compromise using STIX graphs;Computers & Security;2024-09

2. An automated dynamic quality assessment method for cyber threat intelligence;Computers & Security;2024-09

3. Blockchain-Based Model for Incentivized Cyber Threat Intelligence Sharing;Applied Sciences;2024-08-06

4. SYNAPSE - An Integrated Cyber Security Risk & Resilience Management Platform, With Holistic Situational Awareness, Incident Response & Preparedness Capabilities: SYNAPSE;Proceedings of the 19th International Conference on Availability, Reliability and Security;2024-07-30

5. TIPCE: A Longitudinal Threat Intelligence Platform Comprehensiveness Analysis;Proceedings of the Fourteenth ACM Conference on Data and Application Security and Privacy;2024-06-19