'I know what you did before': General framework for correlation analysis of cyber threat incidents

Daegeon Kim, Jiyoung Woo, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

12 Citations (Scopus)


The importance of correlation analysis between cyber threat incidents using Cyber Threat Intelligence (CTI) from multiple sources is growing for the enhanced international collaboration on cyber threats. Well-analyzed CTI can increase capabilities to deter possible cyber threats. To this end, many standards have been proposed for efficient CTI expression and sharing to increase attack tractability and to prevent future cyber threats. Even though the standards are proposed, the lack of analysis methodologies reduces the usability of CTI. To overcome this limitation, we propose a general framework to support the efficient correlation analysis of cyber threat incidents using CTI. In the framework, related events are represented by the tree structure named Event Relation Tree (ERT), and the temporal transition of the event characteristics is expressed by Event Transition Graph (ETG). Through the case studies on our CTI dataset, we show the usefulness of ERT and ETG for the correlation analysis.

Original languageEnglish
Title of host publicationMILCOM 2016 - 2016 IEEE Military Communications Conference
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)9781509037810
Publication statusPublished - 2016 Dec 22
Event35th IEEE Military Communications Conference, MILCOM 2016 - Baltimore, United States
Duration: 2016 Nov 12016 Nov 3

Publication series

NameProceedings - IEEE Military Communications Conference MILCOM


Other35th IEEE Military Communications Conference, MILCOM 2016
Country/TerritoryUnited States

Bibliographical note

Publisher Copyright:
© 2016 IEEE.


  • Correlation Analysis
  • Cyber Threat Intelligence (CTI)
  • Event Relation Tree (ERT)
  • Event Transition Graph (ETG)

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this