A Methodology to Evaluate Standards and Platforms within Cyber Threat Intelligence

Silva, Alessandra de Melo e; Gondim, João José Costa; Albuquerque, Robson de Oliveira; Villalba, Luis Javier García

doi:10.3390/fi12060108

Cited by 39 publications

(24 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors enhance previous CTI comparisons by emphasizing strengths, weaknesses, and structure as well as use cases for CTI formats [58]. Other current works reproduce CTI format analysis with similar evaluation criteria and results [59], [60] or extend research to the evaluation of CTI sharing platforms. In this respect, Bauer et al [61] identified the necessity of CTI standardization for information description and CTI sharing use cases within their non-functional platform criteria.…”

Section: B Related Workmentioning

confidence: 85%

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Schlette

Caselli

Pernul

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

IEEE Communications Surveys & Tutorials IEEE COMMUNICATIONS SURVEYS & TUTORIALS 2 followed by Detection & Analysis, Containment, Eradication & Recovery and concludes with Post-Incident Activity. It is worth mentioning that between the four phases feedback loops exist. Other incident handling process models (e.g., CERT/CC [24], ITIL [25], [26], [27]) are in line with the NIST incident response life cycle. Nevertheless, often incident response is narrowed down to only the Containment, Eradication & Recovery activities, whereas incident management and incident handling provide the larger reference framework [27], [21]. We follow this more precise approach and center on the pivotal activities of incident response. An elementary subarea in conjunction with incident response and its community is digital forensics. Digital forensics concerns data gathering and the detailed analysis of circumstances surrounding a security incident [26]. Within the NIST incident response life cycle, digital forensics mainly precedes the incident response action itself and can be attributed to Detection & Analysis. For our work, we separate between digital forensics and incident response and exclude the former. However, due to the nature of the analyzed data formats, there is at times overlap concerning investigative incident response activities. This situation leads to the focus of this survey described in Figure 2. The starting point of incident response and its standardization is hereby defined as trigger, alert, or event detected by an Intrusion Detection System (IDS), Security Information and Event Management (SIEM), or similar system, which then requires incident response actions. Also, CTI feeds, and structured threat reports are possible external starting points.

show abstract

Section: B Related Workmentioning

confidence: 85%

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

Schlette

Caselli

Pernul

2021

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

show abstract

“…This information can be shared amongst trusted stakeholders [46]. Different CTI platforms were evaluated in [47]. According to this paper, MISP is a reliable platform for CTI sharing.…”

Section: Related Workmentioning

confidence: 99%

A Threat Hunting Framework for Industrial Control Systems

Jadidi¹,

Lü

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Since its inception within military circles, MISP has grown into one of the leading open-source sharing platforms used by over 6000 organizations worldwide 1 . MISP is also one of the most studied platforms [14], [15], [16], characterized as holistic and applicable in diverse scenarios as well as flexible considering the compatibility with different formats [11].…”

Section: Context and Related Workmentioning

confidence: 99%

“…Furthermore, usability has been included as key evaluation criteria in recent frameworks for comparing the state-of-theart in CTI sharing platforms [11]. Nevertheless, despite this acknowledgment on the importance of UX in the context of CTI sharing platforms, empirical evidence on their usability, or perceived UX is scarce to non-existent.…”

Section: Introductionmentioning

confidence: 99%

A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms

Stojkovski

Lenzini

2021

2021 IEEE International Conference on Cyber Security and Resilience (CSR)

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) sharing platforms are valuable tools in cybersecurity. However, despite the fact that effective CTI exchange highly depends on human aspects, cyber behavior in CTI sharing platforms has been notably less investigated by the security research community.Motivated by this research gap, we ground our work in the concrete challenge of understanding users' perceptions of information sharing in CTI platforms. To this end, we propose a conceptual workflow and toolchain that would seek to verify whether users have an accurate comprehension of how far information travels when shared in a CTI sharing platform.We contextualize our concept within MISP as a use case, and discuss the benefits of our socio-technical approach as a potential tool for security analysis, simulation, or education/training support. We conclude with a brief outline of future work that would seek to evaluate and validate the proposed model.

show abstract

A Methodology to Evaluate Standards and Platforms within Cyber Threat Intelligence

Cited by 39 publications

References 42 publications

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

A Comparative Study on Cyber Threat Intelligence: The Security Incident Response Perspective

A Threat Hunting Framework for Industrial Control Systems

A workflow and toolchain proposal for analyzing users’ perceptions in cyber threat intelligence sharing platforms

Contact Info

Product

Resources

About