Browse wiki

From Navigators

Jump to: navigation, search
Publication:Inforum2018 ibe2
Abstract Cyber-security has become a top priority f Cyber-security has become a top priority for most organizations, as the impact costs of cyber-attacks has risen to the billions of dollars. Organizations, to protect themselves, are resorting to security information and event management (SIEM) systems to monitor their infrastructures while investing in cyber threat intelligence (CTI) to provide them forewarning about the risks they face, as well as to accelerate their response times in the detection of attacks. One path to obtain CTI is the collection of open source intelligence (OSINT) via threat intelligence platforms (TIP) and their representation as indicators of compromise (IoC). However, most of TIPs provide threat information with little to no processing. This situation increases the pressure on security analysts who, already faced with the arduous task of sorting the alerts originating from their networks, must also sort this additional flow of data to find relevant intelligence. This paper proposes an approach to generate \emph{threat intelligence of quality} based on collected OSINT feeds that can later be used in defensive infrastructures, such as SIEMs. The approach, implemented in a platform and assessed with 34 OSINT feeds, was able to create \emph{enriched IoCs} that allowed e identification of cyber-attacks previously not possible by analyzing the IoCs individually. ssible by analyzing the IoCs individually.
Author Rui Azevedo + , Ibéria Medeiros + , Alysson Bessani +
Booktitle Proceedings of the 10th Simpósio de Informática (INForum 2018), Coimbra, Portugal  +
Key Inforum2018 ibe2  +
Month sep  +
NumPubDate 2,018.09  +
Project Project:DiSIEM +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Automated Solution for Enrichment and Quality IoC Creation from OSINT  +
Type inproceedings  +
Year 2018  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 20 September 2018 23:48:31  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox