Professional Documents
Culture Documents
net/publication/361276941
CITATIONS READS
0 2,010
3 authors, including:
Nimisha Goel
Wells Fargo
3 PUBLICATIONS 6 CITATIONS
SEE PROFILE
All content following this page was uploaded by Nimisha Goel on 14 June 2022.
Abstract - In today’s digital era, organizations and even individuals face enormous cyber-based attacks by persistent threat
actors who try to bypass the security of networks, devices and manipulate sensitive information. Cyber Threat Intelligence
(CTI) enables the cyber firms to gather the knowledge related to a cyber attack, its evidences, threat actors and their Tactics,
Techniques and Procedures (TTP), Indicators of Compromise (IOC) to mitigate and further reduce the impact of those
attacks. In the modern landscape of cyber threats, bridging the security gap is more than just securing data. Moreover,
accessing the cyber content safely is the fundamental right of a human. This paper briefs about the state of the art of CTI and
its various challenges that must be addressed to maintain sufficient early warning and threat detection systems.
Keywords - Cyber attacks, Cyber Threat Intelligence (CTI), Indicators of Compromise (IOC), Tactics, Techniques and
Procedures (TTP), Threat actors
months or even years and pose danger to an DDoS attacks, malware attacks, phishing etc. Some
enterprise. of these tools are open-source whereas others are
Operational Cyber Threat Intelligence licensed to protect sensitive information against cyber
It deals with timing and nature of an attack. It uses attacks. According to the SANS CTI Survey 2021 [8],
private and public sources like social media, dark some of the major CTI tools are Cisco Umbrella,
webs, chats etc. to investigate communication DeCYFIR, Echosec, Grey Noise etc. The CTI
channels of cyber threat actors and anticipate the platforms can be software-as-a-service (SaaS) or on
incoming attacks. premises solutions which help to analyze and
investigate potential cyber crimes. While these are
II. PROGRESSIVE TECHNIQUES OF CYBER common CTI tools/platforms used worldwide, it is
THREAT INTELLIGENCE important to mention some of the considerable and
worthy contributions of the researchers in threat
Today, there exist many CTI tools and platforms to intelligence over the past few years as mentioned in
combat various cyber threats like data breaches, Table 1.
Proposed model/
Authors Explanation Challenges/ Future work
framework for CTI
The authors proposed a visual-
based analytics method to study,
modify and visualize the CTI
Graphical and visual In the interviews conducted
information. Knowledge
F. Böhm, F. Menges, analytics by authors, it was found that
Acquisition, Visualization and
and G. Pernul [9] there were some drawbacks
Assessment System (KAVAS)
in the STIX standard.
was used and combined with the
CTI vault.
M. Landauer, F. CTI framework for Raw Log The authors implemented a The future work is to
Skopik, data extraction framework to identify and parse enhance the working of
Sharing Platform (MISP) leads to insufficient [2] W. Tounsi and H. Rais, “A survey on technical threat
intelligence in the age of sophisticated cyber attacks,”
data during cyber attacks. CTI experts must be Computers & Security, vol. 72, pp. 212–233, 2018.
provided with specialized training in MISP to [3] J. Cha, S. K. Singh, Y. Pan, and J. H. Park, “Blockchain-
effectively store IOCs, share and visualize the based Cyber Threat Intelligence System Architecture for
CTI data and monitor the attacks. Sustainable Computing,” Sustainability, vol. 12, no. 16, p.
6401, 2020.
Absence of human expertise to understand and [4] J. Zhao, Q. Yan, J. Li, M. Shao, Z. He, and B. Li, “TIMiner:
interpret the threat data can result in an Automatically extracting and analyzing categorized cyber
ineffective CTI process. It’s necessary that the threat intelligence from Social Data,” Computers & Security,
threat intelligence experts timely identify the vol. 95, p. 101867, 2020.
[5] Y. Gao, X. Li, H. Peng, B. Fang, and P. S. Yu, “Hincti: A
vulnerabilities, proactively look for the evidence, cyber threat intelligence modeling and identification system
identify the TTPs associated with threat actors, based on Heterogeneous Information Network,” IEEE
prioritize the security measures and implement Transactions on Knowledge and Data Engineering, vol. 34,
the incident response efficiently. no. 2, pp. 708–722, 2022.
[6] D. Preuveneers and W. Joosen, “Sharing machine learning
While sharing CTI information, there are often models as indicators of compromise for Cyber Threat
privacy issues faced by organizations. Intelligence,” Journal of Cybersecurity and Privacy, vol. 1,
Establishing trust among organizations and no. 1, pp. 140–163, 2021.
sharing threat intelligence information on [7] M. F. Haque and R. Krishnan, “Toward automated cyber
defense with secure sharing of Structured Cyber Threat
platforms is necessary to timely mitigate the Intelligence,” Information Systems Frontiers, vol. 23, no. 4,
cyber attacks. pp. 883–896, 2021.
[8] “Jennifer e Santiago Jennifer e Santiago,” SANS Institute,
Considering the above challenges of CTI, 02-Mar-2022. [Online]. Available:
https://www.sans.org/white-papers/40080/.
organizations must address them for a well-planned [9] F. Böhm, F. Menges, and G. Pernul, “Graph-based visual
threat intelligence procedure and mitigate the cyber analytics for Cyber Threat Intelligence,” Cybersecurity, vol.
threats quickly and efficiently. 1, no. 1, 2018.
[10] N. Serketzis, V. Katos, C. Ilioudis, D. Baltatzis, and G.
Pangalos, “Improving forensic triage efficiency through
IV. CONCLUSION AND FUTURE WORK Cyber Threat Intelligence,” Future Internet, vol. 11, no. 7, p.
162, 2019.
Cyber Threat Intelligence provides information that is [11] H. Almohannadi, I. Awan, J. Al Hamar, A. Cullen, J. P.
important for an organization to make an informed Disso, and L. Armitage, “Cyber threat intelligence from
honeypot data using Elasticsearch,” 2018 IEEE 32nd
and effective decision. Also, true CTI is actionable. It International Conference on Advanced Information
serves a role of regular security monitoring and is a Networking and Applications (AINA), 2018.
valuable tool in incident response to protect against [12] M. Landauer, F. Skopik, M. Wurzenberger, W. Hotwagner,
the zero-day attacks. This paper briefly explains and A. Rauber, “A framework for cyber threat intelligence
extraction from Raw Log Data,” 2019 IEEE International
about CTI, its importance, levels, and most Conference on Big Data (Big Data), 2019.
importantly its state of the art. Further, several [13] R. Meier, C. Scherrer, D. Gugelmann, V. Lenders, and L.
challenges of CTI have been identified which are Vanbever, “FeedRank: A tamper- resistant method for the
usually faced by organizations today. ranking of Cyber Threat Intelligence feeds,” 2018 10th
International Conference on Cyber Conflict (CyCon), 2018.
[14] M. Al-Fawa'reh, M. Al-Fayoumi, S. Nashwan, and S. Fraihat,
It is necessary that organizations address these “Cyber threat intelligence using PCA-DNN model to detect
challenges in future by conducting various CTI abnormal network behavior,” Egyptian Informatics Journal,
trainings, proactively identifying the unknown threats 2021.
[15] M. Odemis, C. Yucel, and A. Koltuksuz, “Detecting user
by adopting cutting-edge technologies such as block behavior in cyber threat intelligence: Development of
chain, cloud computing, machine learning/deep honeypsy system,” Security and Communication Networks,
learning to completely automate the process, vol. 2022, pp. 1–28, 2022.
prioritizing and timely mitigating the cyber attacks. [16] J. Liu, J. Yan, J. Jiang, Y. He, X. Wang, Z. Jiang, P. Yang,
and N. Li, “TRICTI: An actionable cyber threat intelligence
discovery system via trigger-enhanced neural network,”
REFERENCES Cybersecurity, vol. 5, no. 1, 2022.
[17] “What is threat intelligence?,” Recorded Future, 11-Sep-
[1] D. Wagner, K. Mahbub, E. Palomar, and A. E. Abdallah, 2020. [Online]. Available:
“Cyber threat intelligence sharing: Survey and research https://www.recordedfuture.com/threat-intelligence/
directions,” Computers & Security, vol. 87, p. 101589, 2019.