HDA-TIP: A Framework for Heterogeneous Data Aggregation for Threat Intelligence Platform

Abstract

Cyber threat intelligence works on the prior reports about the cyber-attacks so that future attacks can be identified. The derived situational aware evidence builds firm grounds for detection and prevention of cyber threats. The main issue in threat intelligence is the excessive feeds may be redundant from numerous heterogeneous data sources with different formats. There is a variety of available formats to share threat feeds which leads toward the structural heterogeneity. For any threat intelligent system to incorporate multiple feeds, result in a huge processing overload requiring more time and resources. However, the heterogeneity in threat intelligence sharing platforms need to be addressed. In this work, a framework has been proposed for data aggregation for heterogeneous sources. Therefore, fourteen heterogeneous threat intelligence sources have been explored systematically. The framework is composed of Machine Learning based mapper that maps the threat feed into target Threat Intelligence Platform (TIP). The experimental results show that this model has achieved recall and F1 Score of 99.95% with least root mean squared error of 0.0395. The objective is to have a mechanism that can transform data from heterogeneous sources into an integrated form that can assist the TIP for data mapping.