Skip to main content
SpringerLink
Log in

Unifying Cyber Threat Intelligence

  • Conference paper
  • First Online:
Trust, Privacy and Security in Digital Business (TrustBus 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11711))

Included in the following conference series:

Abstract

The threat landscape and the associated number of IT security incidents are constantly increasing. In order to address this problem, a trend towards cooperative approaches and the exchange of information on security incidents has been developing over recent years. Today, several different data formats with varying properties are available that allow to structure and describe incidents as well as cyber threat intelligence (CTI) information. Observed differences in data formats implicate problems in regard to consistent understanding and compatibility. This ultimately builds a barrier for efficient information exchange. Moreover, a common definition for the components of CTI formats is missing. In order to improve this situation, this work presents an approach for the description and unification of these formats. Therefore, we propose a model that describes the elementary properties as well as a common notation for entities within CTI formats. In addition, we develop a unified model to show the results of our work, to improve the understanding of CTI data formats and to discuss possible future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.congress.gov/bill/113th-congress/house-bill/3696.

  2. 2.

    https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148.

  3. 3.

    http://tinyurl.com/y44jmaz4.

  4. 4.

    https://csirtgadgets.com/collective-intelligence-framework.

  5. 5.

    https://otx.alienvault.com/.

  6. 6.

    https://stixproject.github.io/about/STIX_Whitepaper_v1.1.pdf.

  7. 7.

    https://tools.ietf.org/html/rfc5070.

  8. 8.

    https://maecproject.github.io/.

  9. 9.

    https://cee.mitre.org.

  10. 10.

    https://cyboxproject.github.io/.

  11. 11.

    https://oasis-open.github.io/cti-documentation/.

  12. 12.

    https://tools.ietf.org/html/rfc7970.

  13. 13.

    http://veriscommunity.net.

  14. 14.

    http://xarf.org/.

  15. 15.

    https://www.misp-project.org/.

  16. 16.

    https://github.com/mandiant/OpenIOC_1.1.

  17. 17.

    https://cve.mitre.org/.

  18. 18.

    https://www.first.org/cvss/.

  19. 19.

    https://capec.mitre.org/.

  20. 20.

    https://cwe.mitre.org/cwss/cwss_v1.0.1.html.

  21. 21.

    https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7502.pdf.

  22. 22.

    https://nvd.nist.gov/products/cpe.

  23. 23.

    https://nvd.nist.gov/config/cce/index.

References

  1. Böhm, F., Menges, F., Pernul, G.: Graph-based visual analytics for cyber threat intelligence. Cybersecurity 1(1), 16 (2018)

    Article  Google Scholar 

  2. Bourgue, R., Budd, J., Homola, J., Wlasenko, M., Kulawik, D.: Detect, share, protect. Technical report, ENISA, November 2013

    Google Scholar 

  3. Brown, S., Gommers, J., Serrano, O.: From cyber security information sharing to threat management. In: Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, pp. 43–49 (2015)

    Google Scholar 

  4. Burger, E.W., Goodman, M.D., Kampanakis, P., Zhu, K.A.: Taxonomy model for cyber threat intelligence information exchange technologies. In: WISCS 2014 Proceedings of the 2014 ACM Workshop on Information Sharing & Collaborative Security, WISCS 14, pp. 51–60 (2014)

    Google Scholar 

  5. Falk, C.: An ontology for threat intelligence. In: 15th European Conference on Cyber Warfare and Security, ECCWS 2016, pp. 111–116 (2016)

    Google Scholar 

  6. Falk, C., Way, C.: Using an ontology to classify cyber threat actors using an ontology to classify cyber threat actors (2018)

    Google Scholar 

  7. Fenz, S., Ekelhart, A.: Formalizing information security knowledge. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security - ASIACCS 2009, p. 183 (2009)

    Google Scholar 

  8. Fransen, F., Smulders, A., Kerkdijk, R.: Cyber security information exchange to gain insight into the effects of cyber threats and incidents. e & i Elektrotechnik und Informationstechnik 132(2), 106–112 (2015)

    Article  Google Scholar 

  9. Grecio, A., Bonacin, R., Nabuco, O., Afonso, V.M., De Geus, P.L., Jino, M.: Ontology for malware behavior: a core model proposal. In: Proceedings of the Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE, pp. 453–458 (2014)

    Google Scholar 

  10. Howard, J., Longstaff, T.: A common language for computer security incidents (1998)

    Google Scholar 

  11. Iannacone, M., et al.: Developing an ontology for cyber security knowledge graphs. In: Proceedings of the 10th Annual Cyber and Information Security Research Conference on - CISR 2015, March 2017, pp. 1–4 (2015)

    Google Scholar 

  12. Kampanakis, P.: Security automation and threat information-sharing options. IEEE Secur. Priv. 12(5), 42–51 (2014)

    Article  Google Scholar 

  13. Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Lab Washington DC (2011)

    Google Scholar 

  14. Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: Proceedings - EISIC 2017, pp. 91–98 (2017)

    Google Scholar 

  15. Mavroeidis, V., Jøsang, A.: Data-driven threat hunting using Sysmon. In: Proceedings of the 2nd International Conference on Cryptography, Security and Privacy, pp. 82–88. ACM (2018)

    Google Scholar 

  16. Menges, F., Pernul, G.: A comparative analysis of incident reporting formats. Comput. Secur. 73, 87–101 (2018)

    Article  Google Scholar 

  17. Obrst, L., Chase, P., Markeloff, R.: Developing an ontology of the cyber security domain. In: CEUR Workshop Proceedings, vol. 966, pp. 49–56 (2014)

    Google Scholar 

  18. Oltramari, A., Cranor, L.F., Walls, R.J., McDaniel, P.: Building an ontology of cyber security. In: CEUR Workshop Proceedings, vol. 1304, pp. 54–61 (2014)

    Google Scholar 

  19. Sillaber, C., Sauerwein, C., Mussmann, A., Breu, R.: Data quality challenges and future research directions in threat intelligence sharing practice. In: Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security, pp. 65–70 (2016)

    Google Scholar 

  20. Sprinkle, J., Rumpe, B., Vangheluwe, H., Karsai, G.: 3 metamodelling. In: Giese, H., Karsai, G., Lee, E., Rumpe, B., Schätz, B. (eds.) MBEERTS 2007. LNCS, vol. 6100, pp. 57–76. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-16277-0_3

    Chapter  Google Scholar 

  21. Steinberger, J., Sperotto, A., Golling, M., Baier, H.: How to exchange security events? Overview and evaluation of formats and protocols. In: IEEE International Symposium on Integrated Network Management (IM), pp. 261–269 (2015)

    Google Scholar 

  22. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Proceedings of the AAAI Workshop on Artificial Intelligence for Cyber Security, pp. 14–21 (2015)

    Google Scholar 

  23. Zhao, Y., Lang, B., Liu, M.: Ontology-based unified model for heterogeneous threat intelligence integration and sharing. In: 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification (ASID), pp. 11–15, October 2017

    Google Scholar 

Download references

Acknowledgments

This research was supported by the Federal Ministry of Education and Research, Germany, as part of the BMBF DINGfest project (https://dingfest.ur.de).

Author information

Authors and Affiliations

  1. University of Regensburg, Universitätsstraße 31, 93053, Regensburg, Germany

    Florian Menges, Christine Sperl & Günther Pernul

Authors
  1. Florian Menges
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christine Sperl
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Günther Pernul
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Florian Menges .

Editor information

Editors and Affiliations

  1. University of the Aegean, Mytilene, Greece

    Stefanos Gritzalis

  2. SBA Research, Vienna, Austria

    Edgar R. Weippl

  3. Norwegian University of Science and Technology, Trondheim, Norway

    Sokratis K. Katsikas

  4. Johannes Kepler University of Linz, Linz, Austria

    Gabriele Anderst-Kotsis

  5. Software Competence Center Hagenberg, Hagenberg im Mühlkreis, Austria

    A Min Tjoa

  6. Johannes Kepler University of Linz, Linz, Austria

    Ismail Khalil

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Menges, F., Sperl, C., Pernul, G. (2019). Unifying Cyber Threat Intelligence. In: Gritzalis, S., Weippl, E., Katsikas, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2019. Lecture Notes in Computer Science(), vol 11711. Springer, Cham. https://doi.org/10.1007/978-3-030-27813-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-27813-7_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-27812-0

  • Online ISBN: 978-3-030-27813-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation