Browse wiki

From Navigators

Jump to: navigation, search
Publication:Rui Azevedo Tese
Abstract The impact of cyber-attacks and its cost h The impact of cyber-attacks and its cost has increased and risen to the billions of dollars, and therefore cyber-security has become a top priority for most organizations. To more aptly protect themselves, organizations are moving from reactive to proactive defensive measures, investing in cyber threat intelligence (CTI) to provide them forewarning about the risks they face, as well as to accelerate their response times in the detection of attacks. One means to obtain CTI is the collection of open source intelligence (OSINT) feeds via threat intelligence platforms and their representation as indicators of compromise (IoC). However, most of these platforms are providing threat information with little to no processing. This situation increases the pressure on security analysts who, already faced with the arduous task of sorting through the multitude of alerts originating from their networks must also sort this additional flow of data to find relevant intelligence. This dissertation proposes an architecture to generate threat intelligence of quality in the form of new enriched IoCs based on collected OSINT feeds. This improved intelligence is obtained by correlating and combining IoCs coming from different OSINT feeds that contain information on the same threat, aggregating them into clusters, and then representing the threat information contained within those clusters in a single enriched IoC. This dissertation first offers an overview of the current status of the use of CTI, methodologies, and technologies used, before proposing an architecture focused on a clustering approach, for which two methods are introduced, the na¨ıve and the n-level aggregation. It then describes the implementation of this architecture and its validation. The proposal was implemented in a prototype confirmed with 34 OSINT feeds, which allowed the creation of enriched IoCs that may enable the identification of cyber-attacks not previously possible by analyzing the received IoCs individually. analyzing the received IoCs individually.
Advisor Ibéria Medeiros + , Alysson Bessani +
Author Rui Azevedo +
Key Rui Azevedo Tese  +
Month jan  +
NumPubDate 2,019.01  +
Project Project:DiSIEM +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
School Mestrado em Segurança Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa  +
Title Leveraging OSINT to Improve Threat Intelligence Quality  +
Type mastersthesis  +
Year 2019  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 10 February 2019 02:31:19  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.
Personal tools
Navigators toolbox