Measuring and visualizing cyber threat intelligence quality

The very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that ina...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:International journal of information security Ročník 20; číslo 1; s. 21 - 38
Hlavní autoři: Schlette, Daniel, Böhm, Fabian, Caselli, Marco, Pernul, Günther
Médium: Journal Article
Jazyk:angličtina
Vydáno: Berlin/Heidelberg Springer Berlin Heidelberg 01.02.2021
Springer Nature B.V
Témata:
Best interests
Coding and Information Theory
Collaboration
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Decision analysis
Evaluation
Information gathering
Intelligence
Intelligence gathering
Internet
Management of Computing and Information Systems
Networks
Operating Systems
Quality assessment
Quality control
Regular Contribution
Security
Subject specialists
Subjectivity
Threat evaluation
Threats
Data quality
Threat intelligence formats
Cyber threat intelligence
Threat intelligence sharing
Information security visualization
ISSN:1615-5262, 1615-5270
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The very raison d’être of cyber threat intelligence (CTI) is to provide meaningful knowledge about cyber security threats. The exchange and collaborative generation of CTI by the means of sharing platforms has proven to be an important aspect of practical application. It is evident to infer that inaccurate, incomplete, or outdated threat intelligence is a major problem as only high-quality CTI can be helpful to detect and defend against cyber attacks. Additionally, while the amount of available CTI is increasing it is not warranted that quality remains unaffected. In conjunction with the increasing number of available CTI, it is thus in the best interest of every stakeholder to be aware of the quality of a CTI artifact. This allows for informed decisions and permits detailed analyses. Our work makes a twofold contribution to the challenge of assessing threat intelligence quality. We first propose a series of relevant quality dimensions and configure metrics to assess the respective dimensions in the context of CTI. In a second step, we showcase the extension of an existing CTI analysis tool to make the quality assessment transparent to security analysts. Furthermore, analysts’ subjective perceptions are, where necessary, included in the quality assessment concept.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-020-00490-y