Abstract
Purpose of work: study of existing standards of compromise indicators and methods of their exchange for enrichment of protection systems of information and cyber-physical systems. Research method: systematic analysis of open sources of data on indicators of compromise, standards of their description and methods of exchange in the organization of cyberintelligence. The result obtained: the actual problems of proactive search of threats are formulated on the example of the application of open sources of indicators of compromise in the processing of event flows in security event management systems. The classification of indicators derived from internal sources is proposed. The main problems of processing dynamic threat data streams under changing attack vectors are formulated. It was found that the threat intelligence industry currently lacks a unified solution in terms of standardization of information exchange between different platforms, but there are a number of dominant standards and formats of such data exchange. In the course of preparing the review of existing, the tasks of identifying previously unknown attack methods based on the use of open sources of indicators of compromise in data processing in security incident management systems were considered and structured, and methods for their solution were proposed. Scientific novelty: the presented article is one of the first domestic works, devoted to the analysis of research in recent years in the field of organization of work with threat intelligence data sources. Reviewed and systematized the sources of indicators of compromise and proposed their classification. Formulated the main problems of processing dynamic threat data streams under conditions of variable attack vectors.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
