A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages
The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subse...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2020-05-01
|
| Series: | Electronics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2079-9292/9/5/824 |
| _version_ | 1797567819704958976 |
|---|---|
| author | Andrew Ramsdale Stavros Shiaeles Nicholas Kolokotronis |
| author_facet | Andrew Ramsdale Stavros Shiaeles Nicholas Kolokotronis |
| author_sort | Andrew Ramsdale |
| collection | DOAJ |
| description | The sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats. |
| first_indexed | 2024-03-10T19:47:00Z |
| format | Article |
| id | doaj.art-b39b49ec846240019e79d1463d5ea4b3 |
| institution | Directory Open Access Journal |
| issn | 2079-9292 |
| language | English |
| last_indexed | 2024-03-10T19:47:00Z |
| publishDate | 2020-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Electronics |
| spelling | doaj.art-b39b49ec846240019e79d1463d5ea4b32023-11-20T00:42:46ZengMDPI AGElectronics2079-92922020-05-019582410.3390/electronics9050824A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and LanguagesAndrew Ramsdale0Stavros Shiaeles1Nicholas Kolokotronis2School of Computing, Electronics and Mathematics, Faculty of Science and Engineering, Plymouth University, Plymouth PL4 8AA, UKSchool of Computing, Faculty of Technology, University of Portsmouth, Portsmouth PO1 2UP, UKSchool of Economics and Technology, Faculty of Informatics and Telecommunications, University of Peloponnese, 22131 Tripolis, GreeceThe sharing of cyber-threat intelligence is an essential part of multi-layered tools used to protect systems and organisations from various threats. Structured standards, such as STIX, TAXII and CybOX, were introduced to provide a common means of sharing cyber-threat intelligence and have been subsequently much-heralded as the de facto industry standards. In this paper, we investigate the landscape of the available formats and languages, along with the publicly available sources of threat feeds, how these are implemented and their suitability for providing rich cyber-threat intelligence. We also analyse at a sample of cyber-threat intelligence feeds, the type of data they provide and the issues found in aggregating and sharing the data. Moreover, the type of data supported by various formats and languages is correlated with the data needs for several use cases related to typical security operations. The main conclusions drawn by our analysis suggest that many of the standards have a poor level of adoption and implementation, with providers opting for custom or traditional simple formats.https://www.mdpi.com/2079-9292/9/5/824cyber-threat intelligencethreat exchangevulnerability alertsincident reportingindicators of compromisecyber-observables |
| spellingShingle | Andrew Ramsdale Stavros Shiaeles Nicholas Kolokotronis A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages Electronics cyber-threat intelligence threat exchange vulnerability alerts incident reporting indicators of compromise cyber-observables |
| title | A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages |
| title_full | A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages |
| title_fullStr | A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages |
| title_full_unstemmed | A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages |
| title_short | A Comparative Analysis of Cyber-Threat Intelligence Sources, Formats and Languages |
| title_sort | comparative analysis of cyber threat intelligence sources formats and languages |
| topic | cyber-threat intelligence threat exchange vulnerability alerts incident reporting indicators of compromise cyber-observables |
| url | https://www.mdpi.com/2079-9292/9/5/824 |
| work_keys_str_mv | AT andrewramsdale acomparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages AT stavrosshiaeles acomparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages AT nicholaskolokotronis acomparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages AT andrewramsdale comparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages AT stavrosshiaeles comparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages AT nicholaskolokotronis comparativeanalysisofcyberthreatintelligencesourcesformatsandlanguages |