Abstract
Cyber-threat intelligence (CTI) is a knowledge-based threat management system that addresses increasing cyber threats. The CTI system creates reputation information for network resources such as IP, URL, and file hash-based on security data collected from security information and event management (SIEM) systems. This information can be applied extensively in industrial infrastructures to provide an effective response process for cyber attacks. This information can also be applied to the security systems of internal IT and OT infrastructures such as Internet objects (IoT) and Surveillance Control and Data Acquisition (SCADA) networks. However, because the performance of infrastructure security using CTI depends on the accuracy of the data on which the system is based, careful consideration of the accuracy of the data is required. In this paper, we propose a new model that can analyze the reliability and validity of data by using comparative analysis between CTI data and present a criterion for evaluating the reliability of feed providing CTI data. The experiment uses approximately 40 000 datasets to provide data accuracy results for four CTI feeds. These results can serve as a basis for substantive validation to use CTI data.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
