Abstract
The importance of correlation analysis between cyber threat incidents using Cyber Threat Intelligence (CTI) from multiple sources is growing for the enhanced international collaboration on cyber threats. Well-analyzed CTI can increase capabilities to deter possible cyber threats. To this end, many standards have been proposed for efficient CTI expression and sharing to increase attack tractability and to prevent future cyber threats. Even though the standards are proposed, the lack of analysis methodologies reduces the usability of CTI. To overcome this limitation, we propose a general framework to support the efficient correlation analysis of cyber threat incidents using CTI. In the framework, related events are represented by the tree structure named Event Relation Tree (ERT), and the temporal transition of the event characteristics is expressed by Event Transition Graph (ETG). Through the case studies on our CTI dataset, we show the usefulness of ERT and ETG for the correlation analysis.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
