Browse wiki

From Navigators

Jump to: navigation, search
Publication:TOPS 22
Abstract Today’s threats use multiple means of prop Today’s threats use multiple means of propagation, such as social engineering, email, and application vulnerabilities, and often operate in different phases, such as single device compromise, lateral network movement and data exfiltration. These complex threats rely on advanced persistent threats (APTs) supported by well-advanced tactics for appear unknown to traditional security defences. As organisations realise that attacks are increasing in size and complexity, cyber threat intelligence (TI) is growing in popularity and use. This trend followed the evolution of APTs as they require a different level of response that is more specific to the organisation. TI can be obtained via many formats, being open-source intelligence (OSINT) one of the most common; and using threat intelligence platforms (TIPs) that aid organisations to consume, produce and share TI. TIPs have multiple advantages that enable organisations to quickly bootstrap the core processes of collecting, analysing and sharing threat-related information. However, current TIPs have some limitations that prevent their mass adoption. This paper proposes AECCP, a platform that addresses some of the TIPs limitations. AECCP improves quality TI by classifying it accordingly to a single unified taxonomy, removing the information with low value, enriching it with valuable information from OSINT sources, and aggregating it for complementing information associated with the same threat. AECCP was validated and evaluated with three datasets of events and compared with two other platforms, showing that it can generate quality TI automatically and help security analysts analyse security incidents in less time. s analyse security incidents in less time.
Author Claudio Martins + , Ibéria Medeiros +
Journal ACM Transactions on Privacy and Security  +
Key TOPS 22  +
Month may  +
NumPubDate 2,022.05  +
Project Project:SEAL + , Project:Xivt +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Generating Quality Threat Intelligence Leveraging OSINT and a Cyber Threat Unified Taxonomy  +
Type article  +
Volume 25-3  +
Year 2022  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 24 August 2022 16:56:58  +
NumberThis property is a special property in this wiki. 19  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox