Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents

Cristoffer Leite, Jerry Den Hartog, Daniel R. Dos Santos, Elisa Costante

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

Samenvatting

The lack of automation is one of the main issues hindering the broad usage of high-level Cyber Threat Intelligence (CTI). Creating and using such information by capturing Tactics, Techniques and Procedures (TTPs) is currently an arduous manual task for Cyber Security Incident Response Teams (CSIRT). For CSIRTs, a Network Intrusion Detection System (NIDS) automates the detection of cyber threats. It provides relevant information about alerts to the analysts. This information could generate CTI reports to help others better protect themselves from similar attacks. Due to the demanding work involved in manually creating high-level CTI reports for multi-host incidents, automating this process has become increasingly important.In this paper, a solution is presented to automate the creation of verifiable high-level cyber threat intelligence reports by mapping chains of alerts to TTPs. The solution enables visualisation of attack chains and tactics used, but also manual analysis and validation of the reports created. The proposed approach is evaluated by comparing generating reports with existing CTI, validating any additional TTPs found. The evaluation shows that, not only it was able to match existing reports, but it was also able to improve the knowledge about these threats.

Originele taal-2Engels
TitelProceedings - 2023 IEEE International Conference on Big Data, BigData 2023
RedacteurenJingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal
UitgeverijInstitute of Electrical and Electronics Engineers
Pagina's2999-3008
Aantal pagina's10
ISBN van elektronische versie9798350324457
DOI's
StatusGepubliceerd - 2023
Evenement2023 IEEE International Conference on Big Data, BigData 2023 - Sorrento, Italië
Duur: 15 dec. 202318 dec. 2023

Publicatie series

NaamProceedings - 2023 IEEE International Conference on Big Data, BigData 2023

Congres

Congres2023 IEEE International Conference on Big Data, BigData 2023
Land/RegioItalië
StadSorrento
Periode15/12/2318/12/23

Bibliografische nota

Publisher Copyright:
© 2023 IEEE.

Vingerafdruk

Duik in de onderzoeksthema's van 'Automated Cyber Threat Intelligence Generation on Multi-Host Network Incidents'. Samen vormen ze een unieke vingerafdruk.

Citeer dit