Академический Документы
Профессиональный Документы
Культура Документы
Refernce
Samtani, S., Chinn, K., Larson, C. and Chen, H., 2016, September. AZSecure Hacker Assets Portal: Cyber
threat intelligence and malware analysis. In 2016 IEEE Conference on Intelligence and Security
Informatics (ISI) (pp. 19-24). Ieee.
Threat intelligence is the provision of evidence-based knowledge about existing or potential threats.
Benefits of threat intelligence include improved efficiency and effectiveness in security operations in
terms of detective and preventive capabilities. Successful threat intelligence within the cyber domain
demands a knowledge base of threat information and an expressive way to represent this knowledge.
This purpose is served by the use of taxonomies, sharing standards, and ontologies. This paper
introduces the Cyber Threat Intelligence (CTI) model, which enables cyber defenders to explore their
threat intelligence capabilities and understand their position against the ever-changing cyber threat
landscape. In addition, we use our model to analyze and evaluate several existing taxonomies, sharing
standards, and ontologies relevant to cyber threat intelligence. Our results show that the cyber security
community lacks an ontology covering the complete spectrum of threat intelligence. To conclude, we
argue the importance of developing a multi-layered cyber threat intelligence ontology based on the CTI
model and the steps should be taken under consideration, which are the foundation of our future work.
reference
Mavroeidis, V. and Bromander, S., 2017, September. Cyber threat intelligence model: an evaluation of
taxonomies, sharing standards, and ontologies within cyber threat intelligence. In 2017 European
Intelligence and Security Informatics Conference (EISIC) (pp. 91-98). IEEE.
Cyber attacks cost the global economy approximately $445 billion per year. To mitigate attacks, many
companies rely on cyber threat intelligence (CTI), or threat intelligence related to computers, networks,
and information technology (IT). However, CTI traditionally analyzes attacks after they have already
happened, resulting in reactive advice. While useful, researchers and practitioners have been seeking to
develop proactive CTI by better understanding the threats present in hacker communities. This study
contributes a novel CTI framework by leveraging an automated and principled web, data, and text
mining approach to collect and analyze vast amounts of malicious hacker tools directly from large,
international underground hacker communities. By using this framework, we identified many freely
available malicious assets such as crypters, keyloggers, web, and database exploits. Some of these tools
may have been the cause of recent breaches against organizations such as the Office of Personnel
Management (OPM). The study contributes to our understanding and practice of the timely proactive
identification of cyber threats.
Refences
Samtani, S., Chinn, R., Chen, H. and Nunamaker Jr, J.F., 2017. Exploring emerging hacker assets and key
hackers for proactive cyber threat intelligence. Journal of Management Information Systems, 34(4),
pp.1023-1053.