On the Assessment of Completeness and Timeliness of Actionable Cyber Threat Intelligence Artefacts

Abstract: In this paper we propose an approach for hunting adversarial tactics technics and procedures (TTPs) by leveraging information described in structured cyber threat intelligence (CTI) models. We focused on the properties of timeliness and completeness of CTI indicators to drive the discovery of TTPs placed highly on the so-called Pyramid of Pain (PoP). We used the unit42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing proce… Show more

“…Actionable information should be relevant, timely, accurate, complete, and ingestible [23]. The IITMAF aims to meet these actionable information requirements for malware in infringing IPTV technologies by providing a solution that can quickly analyse identified URLs for illicit IPTV websites, app stores, and software files using static and dynamic analysis techniques and can consecutively generate a comprehensive report in a structured format.…”

Investigating IPTV Malware in the Wild

“…Actionable information should be relevant, timely, accurate, complete, and ingestible [23]. The IITMAF aims to meet these actionable information requirements for malware in infringing IPTV technologies by providing a solution that can quickly analyse identified URLs for illicit IPTV websites, app stores, and software files using static and dynamic analysis techniques and can consecutively generate a comprehensive report in a structured format.…”

Investigating IPTV Malware in the Wild

Challenges and Opportunities for Network Intrusion Detection in a Big Data Environment

Social botnets and the challenges of cyber situation awareness