Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents

Cristoffer Leite, Jerry Den Hartog, Daniel R. Dos Santos, Elisa Costante

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The lack of automation is one of the main issues hindering the broad usage of high-level Cyber Threat Intelligence (CTI). Creating and using such information by capturing Tactics, Techniques and Procedures (TTPs) is currently an arduous manual task for Cyber Security Incident Response Teams (CSIRT). For CSIRTs, a Network Intrusion Detection System (NIDS) automates the detection of cyber threats. It provides relevant information about alerts to the analysts. This information could generate CTI reports to help others better protect themselves from similar attacks. Due to the demanding work involved in manually creating high-level CTI reports for multi-host incidents, automating this process has become increasingly important.In this paper, a solution is presented to automate the creation of verifiable high-level cyber threat intelligence reports by mapping chains of alerts to TTPs. The solution enables visualisation of attack chains and tactics used, but also manual analysis and validation of the reports created. The proposed approach is evaluated by comparing generating reports with existing CTI, validating any additional TTPs found. The evaluation shows that, not only it was able to match existing reports, but it was also able to improve the knowledge about these threats.

Original languageEnglish
Title of host publicationProceedings - 2023 IEEE International Conference on Big Data, BigData 2023
EditorsJingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal
PublisherInstitute of Electrical and Electronics Engineers
Pages2999-3008
Number of pages10
ISBN (Electronic)9798350324457
DOIs
Publication statusPublished - 2023
Event2023 IEEE International Conference on Big Data, BigData 2023 - Sorrento, Italy
Duration: 15 Dec 202318 Dec 2023

Publication series

NameProceedings - 2023 IEEE International Conference on Big Data, BigData 2023

Conference

Conference2023 IEEE International Conference on Big Data, BigData 2023
Country/TerritoryItaly
CitySorrento
Period15/12/2318/12/23

Bibliographical note

Publisher Copyright:
© 2023 IEEE.

Keywords

  • Automation
  • Cyber Threat Intelligence (CTI)
  • Tactics
  • Techniques and Procedures

Fingerprint

Dive into the research topics of 'Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents'. Together they form a unique fingerprint.

Cite this