A scheme for the sticky policy representation supporting secure cyber-threat intelligence analysis and sharing

Abstract

Purpose This paper aims to propose a structured threat information expression (STIX)-based data representation for privacy-preserving data analysis to report format and semantics of specific data types and to represent sticky policies in the format of embedded human-readable data sharing agreements (DSAs). More specifically, the authors exploit and extend the STIX standard to represent in a structured way analysis-ready pieces of data and the attached privacy policies. Design/methodology/approach The whole scheme is designed to be completely compatible with the STIX 2.0 standard for cyber-threat intelligence (CTI) representation. The proposed scheme will be implemented in this work by defining the complete scheme for representing an email, which is more expressive than the standard one defined for STIX, designed specifically for spam email analysis. Findings Moreover, the paper provides a new scheme for general DSA representation that has been practically applied for the process of encoding specific attributes in different CTI reports. Research limitations/implications Because of the chosen approach, the research results may have limitations. Specifically, current practice for entity recognition has the limitation that was discovered during the research. However, its effect on process time was minimized and the way for improvement was proposed. Originality/value This paper has covered the existing gap including the lack of generality in DSA representation for privacy-preserving analysis of structured CTI. Therefore, the new model for DSA representation was introduced, as well as its practical implementation.