Samenvatting
The lack of automation is one of the main issues hindering the broad usage of high-level Cyber Threat Intelligence (CTI). Creating and using such information by capturing Tactics, Techniques and Procedures (TTPs) is currently an arduous manual task for Cyber Security Incident Response Teams (CSIRT). For CSIRTs, a Network Intrusion Detection System (NIDS) automates the detection of cyber threats. It provides relevant information about alerts to the analysts. This information could generate CTI reports to help others better protect themselves from similar attacks. Due to the demanding work involved in manually creating high-level CTI reports for multi-host incidents, automating this process has become increasingly important.In this paper, a solution is presented to automate the creation of verifiable high-level cyber threat intelligence reports by mapping chains of alerts to TTPs. The solution enables visualisation of attack chains and tactics used, but also manual analysis and validation of the reports created. The proposed approach is evaluated by comparing generating reports with existing CTI, validating any additional TTPs found. The evaluation shows that, not only it was able to match existing reports, but it was also able to improve the knowledge about these threats.
Originele taal-2 | Engels |
---|---|
Titel | Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023 |
Redacteuren | Jingrui He, Themis Palpanas, Xiaohua Hu, Alfredo Cuzzocrea, Dejing Dou, Dominik Slezak, Wei Wang, Aleksandra Gruca, Jerry Chun-Wei Lin, Rakesh Agrawal |
Uitgeverij | Institute of Electrical and Electronics Engineers |
Pagina's | 2999-3008 |
Aantal pagina's | 10 |
ISBN van elektronische versie | 9798350324457 |
DOI's | |
Status | Gepubliceerd - 2023 |
Evenement | 2023 IEEE International Conference on Big Data, BigData 2023 - Sorrento, Italië Duur: 15 dec. 2023 → 18 dec. 2023 |
Publicatie series
Naam | Proceedings - 2023 IEEE International Conference on Big Data, BigData 2023 |
---|
Congres
Congres | 2023 IEEE International Conference on Big Data, BigData 2023 |
---|---|
Land/Regio | Italië |
Stad | Sorrento |
Periode | 15/12/23 → 18/12/23 |
Bibliografische nota
Publisher Copyright:© 2023 IEEE.