'I know what you did before': General framework for correlation analysis of cyber threat incidents

Daegeon Kim, Jiyoung Woo, Huy Kang Kim

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    12 Citations (Scopus)


    The importance of correlation analysis between cyber threat incidents using Cyber Threat Intelligence (CTI) from multiple sources is growing for the enhanced international collaboration on cyber threats. Well-analyzed CTI can increase capabilities to deter possible cyber threats. To this end, many standards have been proposed for efficient CTI expression and sharing to increase attack tractability and to prevent future cyber threats. Even though the standards are proposed, the lack of analysis methodologies reduces the usability of CTI. To overcome this limitation, we propose a general framework to support the efficient correlation analysis of cyber threat incidents using CTI. In the framework, related events are represented by the tree structure named Event Relation Tree (ERT), and the temporal transition of the event characteristics is expressed by Event Transition Graph (ETG). Through the case studies on our CTI dataset, we show the usefulness of ERT and ETG for the correlation analysis.

    Original languageEnglish
    Title of host publicationMILCOM 2016 - 2016 IEEE Military Communications Conference
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Number of pages6
    ISBN (Electronic)9781509037810
    Publication statusPublished - 2016 Dec 22
    Event35th IEEE Military Communications Conference, MILCOM 2016 - Baltimore, United States
    Duration: 2016 Nov 12016 Nov 3


    Other35th IEEE Military Communications Conference, MILCOM 2016
    Country/TerritoryUnited States


    • Correlation Analysis
    • Cyber Threat Intelligence (CTI)
    • Event Relation Tree (ERT)
    • Event Transition Graph (ETG)

    ASJC Scopus subject areas

    • Electrical and Electronic Engineering

    Cite this