On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts

Authors: Yucel, C., Chalkias, I., Mallis, D., Karagiannis, E., Cetinkaya, D. and Katos, V.

Journal: Communications in Computer and Information Science

Volume: 1284 CCIS

Pages: 51-66

eISSN: 1865-0937

ISBN: 9783030589998

ISSN: 1865-0929

DOI: 10.1007/978-3-030-59000-0_5

Abstract:

In this paper we propose an approach for hunting adversarial tactics, techniques and procedures by leveraging information described in structured cyber threat intelligence models. We focused on the properties of timeliness and completeness of cyber threat intelligence indicators to drive the discovery of tactics, techniques and procedures placed highly on the so-called Pyramid of Pain. We used the unit 42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing process for high pain tactics, techniques and procedures discovery. We applied the Levenshtein Distance in order to present a metric between the attack vectors constructed from the kill chain phases for completeness and timeliness.

http://eprints.bournemouth.ac.uk/34259/

Source: Scopus

On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts

Authors: Yucel, C., Chalkias, I., Mallis, D., Karagiannis, E., Cetinkaya, D. and Katos, V.

Conference: Multimedia Communications, Services & Security (MCSS'20)

Dates: 8-9 October 2020

Journal: Springer

http://eprints.bournemouth.ac.uk/34259/

Source: Manual

On the Assessment of Completeness and Timeliness of Actionable Cyber Threat Intelligence Artefacts.

Authors: Yucel, C., Chalkias, I., Mallis, D., Karagiannis, E., Cetinkaya, D. and Katos, V.

Editors: Dziech, A., Mees, W. and Czyzewski, A.

Journal: MCSS

Volume: 1284

Pages: 51-66

Publisher: Springer

ISBN: 978-3-030-58999-8

http://eprints.bournemouth.ac.uk/34259/

https://doi.org/10.1007/978-3-030-59000-0

Source: DBLP

On the assessment of completeness and timeliness of actionable cyber threat intelligence artefacts

Authors: Yucel, C., Chalkias, I., Mallis, D., Karagiannis, E., Cetinkaya, D. and Katos, V.

Conference: Multimedia Communications, Services & Security (MCSS'20)

Abstract:

In this paper we propose an approach for hunting adversarial tactics technics and procedures (TTPs) by leveraging information described in structured cyber threat intelligence (CTI) models. We focused on the properties of timeliness and completeness of CTI indicators to drive the discovery of TTPs placed highly on the so-called Pyramid of Pain (PoP).

We used the unit42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing process for high pain TTP discovery.

http://eprints.bournemouth.ac.uk/34259/

Source: BURO EPrints