Investigating sharing of Cyber Threat Intelligence and proposing a new data model for enabling automation in knowledge representation and exchange.

Abstract

For a strong, collective defense in the digital domain we need to produce, consume, analyze and share cyber threat intelligence. With an increasing amount of available information, we need automation in order to be effective. We present the results from a questionnaire investigating the use of standards and standardization and how practitioners share and use cyber threat intelligence. We propose a strict data model for cyber threat intelligence which enables consumption of all relevant data, data validation and analysis of consumed content. The main contribution of this paper is insight into how cyber threat intelligence is shared and used by practitioners, and the strictness of the data model which enforces input of information and enables automation and deduction of new knowledge.