Actionable Cyber Threat Intelligence for Automated Incident Response

Cristoffer Leite, Jerry den Hartog, Daniel Ricardo dos Santos, Elisa Costante

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

7 Citaten (Scopus)

Samenvatting

Applying Cyber Threat Intelligence for active cyber defence, while potentially very beneficial, is currently limited to predominantly manual use. In this paper, we propose an automated approach for using Cyber Threat Intelligence during incident response by gathering Tactics, Techniques and Procedures available on intelligence reports, mapping them to network incidents, and then using this map to create attack patterns for specific threats. We consider our method actionable because it provides the operator with contextualised Cyber Threat Intelligence related to observed network incidents in the form of a ranked list of potential related threats, all based on patterns matched with the incidents. We evaluate our approach with publicly available samples of different malware families. Our analysis of the results shows that our method can reliably match network incidents with intelligence reports and relate them to these threats. The approach allows increasing the automation of its use, thus addressing one of the major limiting factors of effective use of suitable Cyber Threat Intelligence.

Originele taal-2Engels
TitelSecure IT Systems - 27th Nordic Conference, NordSec 2022, Proceedings
RedacteurenHans P. Reiser, Marcel Kyas
UitgeverijSpringer
Pagina's368-385
Aantal pagina's18
ISBN van geprinte versie9783031222948
DOI's
StatusGepubliceerd - 2022
Evenement27th Nordic Conference on Secure IT Systems, NordSec 2022 - Reykjavic, IJsland
Duur: 30 nov. 20222 dec. 2022

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13700 LNCS
ISSN van geprinte versie0302-9743
ISSN van elektronische versie1611-3349

Congres

Congres27th Nordic Conference on Secure IT Systems, NordSec 2022
Land/RegioIJsland
StadReykjavic
Periode30/11/222/12/22

Bibliografische nota

Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

Vingerafdruk

Duik in de onderzoeksthema's van 'Actionable Cyber Threat Intelligence for Automated Incident Response'. Samen vormen ze een unieke vingerafdruk.

Citeer dit