Context-Aware Cyber Threat Intelligence Exchange Platform

Authors

  • Michael Motlhabi Council for Scientific and Industrial Research, South Africa
  • Phumeza Pantsi Council for Scientific and Industrial Research, South Africa
  • Bokang Mangoale Council for Scientific and Industrial Research, South Africa
  • Rofhia Netshiya Council for Scientific and Industrial Research, South Africa
  • Samson Chishiri Council for Scientific and Industrial Research, South Africa

DOI:

https://doi.org/10.34190/iccws.17.1.42

Keywords:

security event management, security information management, threat intelligence, cybersecurity, collaboration, data exchange, indicators of compromise, TAXI/STIXX, tactics, techniques and procedures

Abstract

The ubiquity of network and internet-connected devices has increased exponentially in the past decade. The proliferation of end-user devices has created a lucrative environment for cybercriminals to exploit unsuspecting users at a personal and organizational level. Moreover, businesses and governments are heavily reliant on cyberspace to conduct their business. According to Accenture, in 2019 South Africa saw a spike in cyberattacks on all fronts—banks, Internet Service Providers (ISPs), utilities and eCommerce platforms. This shows that threat actors are continuously looking to exploit new and old vulnerabilities at ever-increasing rates. Furthermore, threat actors are sharing tactics, tools, and procedures to expand their attack surface and to improve the effectiveness of their attacks. Security research tends to be an insular process and rarely do individuals or groups share threat data. This is due to lack of trust, organizational policies, or simply the inability to get the information out to the masses. The idea behind this paper is to design a context-aware threat intelligence exchange platform that encourages collaboration and creates a federated environment amongst different industry stakeholders to share Indicators of Compromise. This paper further aims to define the process of transforming raw Indicators of Compromise into cyber threat intelligence. The platform described in this paper, when implemented, would provide the basic building blocks for developing a highly effective cybersecurity intelligence-sharing system that can improve vulnerability detection
and remediation by speeding up the time required to identify/resolve incidents.

Downloads

Published

2022-03-02