A Reference Model for Cyber Threat Intelligence (CTI) Systems

Sakellariou, Georgios; Fouliras, Panayotis; Mavridis, Ioannis; Sarigiannidis, Panagiotis

doi:10.3390/electronics11091401

Cited by 17 publications

(9 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Integrating CTI into risk management enhances defenders’ ability to mitigate the increasing risk of cyber threats [ 47 ]. Sakellariou et al [ 48 ] introduced essential CTI concepts and an eight-layer CTI in a similar study, with a reference model that can aid in the development of CTI systems. The model’s effectiveness is demonstrated through three case studies, resulting in the creation of CTI [ 48 ].…”

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

Cybersecurity is a significant concern for businesses worldwide, as cybercriminals target business data and system resources. Cyber threat intelligence (CTI) enhances organizational cybersecurity resilience by obtaining, processing, evaluating, and disseminating information about potential risks and opportunities inside the cyber domain. This research investigates how companies can employ CTI to improve their precautionary measures against security breaches. The study follows a systematic review methodology, including selecting primary studies based on specific criteria and quality valuation of the selected papers. As a result, a comprehensive framework is proposed for implementing CTI in organizations. The proposed framework is comprised of a knowledge base, detection models, and visualization dashboards. The detection model layer consists of behavior-based, signature-based, and anomaly-based detection. In contrast, the knowledge base layer contains information resources on possible threats, vulnerabilities, and dangers to key assets. The visualization dashboard layer provides an overview of key metrics related to cyber threats, such as an organizational risk meter, the number of attacks detected, types of attacks, and their severity level. This relevant systematic study also provides insight for future studies, such as how organizations can tailor their approach to their needs and resources to facilitate more effective collaboration between stakeholders while navigating legal/regulatory constraints related to information sharing.

show abstract

Section: Resultsmentioning

confidence: 99%

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Saeed,

Suayyid,

Al-Ghamdi

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…The CTI lifecycle is a systematic and iterative process designed to enhance an organization's cybersecurity posture by providing timely and relevant information about potential threats. This lifecycle involves several stages, for which various perspectives can be found in the literature [3,12,17]. In the context of this research, the model referred to in [12] was selected, comprising four stages: direction, collection, processing, and dissemination.…”

Section: Cti Lifecycle Stagesmentioning

confidence: 99%

Cyber Threat Intelligence on Blockchain: A Systematic Literature Review

Chatziamanetoglou,

Rantos

2024

Computers

View full text Add to dashboard Cite

Cyber Threat Intelligence (CTI) has become increasingly important in safeguarding organizations against cyber threats. However, managing, storing, analyzing, and sharing vast and sensitive threat intelligence data is a challenge. Blockchain technology, with its robust and tamper-resistant properties, offers a promising solution to address these challenges. This systematic literature review explores the recent advancements and emerging trends at the intersection of CTI and blockchain technology. We reviewed research papers published during the last 5 years to investigate the various proposals, methodologies, models, and implementations related to the distributed ledger technology and how this technology can be used to collect, store, analyze, and share CTI in a secured and controlled manner, as well as how this combination can further support additional dimensions such as quality assurance, reputation, and trust. Our findings highlight the focus of the CTI and blockchain convergence on the dissemination phase in the CTI lifecycle, reflecting a substantial emphasis on optimizing the efficacy of communication and sharing mechanisms, based on an equitable emphasis on both permissioned, private blockchains and permissionless, public blockchains, addressing the diverse requirements and preferences within the CTI community. The analysis reveals a focus towards the tactical and technical dimensions of CTI, compared to the operational and strategic CTI levels, indicating an emphasis on more technical-oriented utilization within the domain of blockchain technology. The technological landscape supporting CTI and blockchain integration emerges as multifaceted, featuring pivotal roles played by smart contracts, machine learning, federated learning, consensus algorithms, IPFS, deep learning, and encryption. This integration of diverse technologies contributes to the robustness and adaptability of the proposed frameworks. Moreover, our exploration unveils the overarching significance of trust and privacy as predominant themes, underscoring their pivotal roles in shaping the landscape within our research realm. Additionally, our study addresses the maturity assessment of these integrated systems. The approach taken in evaluating maturity levels, distributed across the Technology Readiness Level (TRL) scale, reveals an average balance, indicating that research efforts span from early to mid-stages of maturity in implementation. This study signifies the ongoing evolution and maturation of research endeavors within the dynamic intersection of CTI and blockchain technology, identifies trends, and also highlights research gaps that can potentially be addressed by future research on the field.

show abstract

“…Sakellariou et al defined the core concepts of the CTI framework and presented an eight-layer CTI reference model for advanced system design. The authors validated the proposed model through three case studies and created a CTI reference architecture based on them [14]. The authors examined standardized shared environments for cyber threat intelligence, such as STIX, TAXII, and CybOX, and evaluated their implementations.…”

Section: Literature Reviewmentioning

confidence: 99%

Practical Cyber Threat and OSINT Analysis based on Implementation of CTI Sharing Platform

Alzahrani,

Lee,

Kim

2024

Preprint

View full text Add to dashboard Cite

Cybercrime Threat Intelligence (CTI) allows us to change our actions from reactive to proactive in the fight against threat actors, and to make more informed, data-driven security decisions. Thus this study proposes the practical implementation of CTI in the Arab world. This study focuses on strengthening CTI by integrating Indicators of Compromise (IoCs) and collecting realistic security alerts from honeypot systems and open source intelligence. The collected data is stored in the Malware Information Sharing Platform (MISP), an open source platform that allows users to create and share IoCs with other organizations while staying informed about new threats. It features an intuitive interface for data analysis and threat identification, facilitating sharing, storage, and correlation of IoCs. Therefore, we leveraged MISP to generate IoCs based on the collected data and analyzed the results to identify potential cyber threats. The implemented platform aims to provide organizations with actionable information to prevent, detect and respond to cybercrime. This study presents a practical approach to strengthening CTI in the Arab world and provides an opportunity to strengthen the region’s security posture.

show abstract

A Reference Model for Cyber Threat Intelligence (CTI) Systems

Cited by 17 publications

References 53 publications

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

A Systematic Literature Review on Cyber Threat Intelligence for Organizational Cybersecurity Resilience

Cyber Threat Intelligence on Blockchain: A Systematic Literature Review

Practical Cyber Threat and OSINT Analysis based on Implementation of CTI Sharing Platform

Contact Info

Product

Resources

About