Abstract
The importance of correlation analysis between cyber threat incidents using Cyber Threat Intelligence (CTI) from multiple sources is growing for the enhanced international collaboration on cyber threats. Well-analyzed CTI can increase capabilities to deter possible cyber threats. To this end, many standards have been proposed for efficient CTI expression and sharing to increase attack tractability and to prevent future cyber threats. Even though the standards are proposed, the lack of analysis methodologies reduces the usability of CTI. To overcome this limitation, we propose a general framework to support the efficient correlation analysis of cyber threat incidents using CTI. In the framework, related events are represented by the tree structure named Event Relation Tree (ERT), and the temporal transition of the event characteristics is expressed by Event Transition Graph (ETG). Through the case studies on our CTI dataset, we show the usefulness of ERT and ETG for the correlation analysis.
| Original language | English |
|---|---|
| Title of host publication | MILCOM 2016 - 2016 IEEE Military Communications Conference |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 782-787 |
| Number of pages | 6 |
| ISBN (Electronic) | 9781509037810 |
| DOIs | |
| Publication status | Published - 2016 Dec 22 |
| Event | 35th IEEE Military Communications Conference, MILCOM 2016 - Baltimore, United States Duration: 2016 Nov 1 → 2016 Nov 3 |
Other
| Other | 35th IEEE Military Communications Conference, MILCOM 2016 |
|---|---|
| Country/Territory | United States |
| City | Baltimore |
| Period | 16/11/1 → 16/11/3 |
Keywords
- Correlation Analysis
- Cyber Threat Intelligence (CTI)
- Event Relation Tree (ERT)
- Event Transition Graph (ETG)
ASJC Scopus subject areas
- Electrical and Electronic Engineering