Abstract
Cyber-threat intelligence (CTI) is a knowledge-based threat management system that addresses increasing cyber threats. The CTI system creates reputation information for network resources such as IP, URL, and file hash-based on security data collected from security information and event management (SIEM) systems. This information can be applied extensively in industrial infrastructures to provide an effective response process for cyber attacks. This information can also be applied to the security systems of internal IT and OT infrastructures such as Internet objects (IoT) and Surveillance Control and Data Acquisition (SCADA) networks. However, because the performance of infrastructure security using CTI depends on the accuracy of the data on which the system is based, careful consideration of the accuracy of the data is required. In this paper, we propose a new model that can analyze the reliability and validity of data by using comparative analysis between CTI data and present a criterion for evaluating the reliability of feed providing CTI data. The experiment uses approximately 40 000 datasets to provide data accuracy results for four CTI feeds. These results can serve as a basis for substantive validation to use CTI data.
| Original language | English |
|---|---|
| Article number | 8412560 |
| Pages (from-to) | 5428-5435 |
| Number of pages | 8 |
| Journal | IEEE Transactions on Industrial Informatics |
| Volume | 14 |
| Issue number | 12 |
| DOIs | |
| State | Published - Dec 2018 |
Keywords
- Cyber security
- cyber-threat intelligence
- data mining
- open source intelligence
- reliability comparison
- validity analysis
