“ETIP: An Enriched Threat Intelligence Platform for Improving OSINT Correlation, Analysis, Visualisation and Sharing Capabilities”

From Navigators

Revision as of 00:57, 19 March 2021 by Imedeiros (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Gustavo Gonzalez-Granadillo, Mario Faiella, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa

Journal of Information Security and Applications, Elsevier, vol. 58, May 2021.

Abstract: Open Source Intelligence (OSINT) data is collected by publicly available sources to be used by intelligence contexts among which Threat Intelligence Platforms (TIPs) are the main consumers. These platforms help organizations aggregate, correlate, and analyze threat data from multiple sources in real-time to support defensive actions. However, considering the unstructured nature of the collected data, TIPs require the data to be correlated with real-time information coming from the monitored infrastructure, before being further analyzed and shared. This paper presents \emph{ETIP}, an \emph{Enriched Threat Intelligence Platform} with extended capabilities in terms of import, quality assessment processes, visualization and information sharing in current TIPs. The platform receives structured cyber threat information from multiple sources and performs the correlation among them with static and dynamic data coming from external sources and the monitored infrastructure. This allows the evaluation of a threat score through heuristic-based analysis, used to enrich the information received from OSINT and other sources. The final result is sent to external entities, such as SIEMs, to be further used for a more in-depth analysis, and to be shared with trusted organizations.

Export citation


Project(s): Project:DiSIEM

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox