CTI sharing optimizations and automating threat detection based on actionable intelligence
Βελτιστοποιήσεις κοινής χρήσης νοημοσύνης κυβερνοαπειλής και αυτοματοποίηση ανίχνευσης απειλών βασισμένη σε ενεργή νοημοσύνη
View/
Keywords
Cyber threat intelligence ; Security Operations Center ; BridgeAbstract
Security for businesses and organizations is essential to protect operational
activities, trust relationships with potential clients and financial viability. Increased
interest for research concerning cybersecurity issues has been shown recently, while at
the same time professionals of this sector are employed to ensure safety. In turn, the
efficacy and performance of both the researchers and professionals rely on the
information provided by Cyber Threat Intelligence (CTI) infrastructures. Automation
of procedures regarding the collection, harmonization and processing of information
is of utmost importance for CTI, in order to effectively relay to the community
intelligence concerning newly emerged threats. Nevertheless, the process regarding
the transfer of knowledge between CTI and cybersecurity specialists is based on
frameworks and procedures that are not in line with the needs and standards of
modern times, being performed through obsolete methods and manual labor. In this
paper, we propose BRIDGE, the first tool that streamlines the flow of intelligence
between CTI and cybersecurity professionals, by taking advantage of the STIX
standard, utilizing blockchain technology and automatically converting the
intelligence needed in the form that researchers and other professionals require. Our
experimental results demonstrate the efficiency of BRIDGE in terms of swiftness and
performance improvement compared to the mainstream approach.