Abstract

Cyber Threat intelligence (CTI) systems offer new capabilities in the arsenal of information security experts, who can explore new sources of data that were partially exploited during the past decades. This paper deals with the exploitation of discussion forums as a source of raw data for a cyber threat intelligence process. Specifically, it analyzes the discussion forums’ characteristics and investigates their relationship with CTI. It proposes a semantic schema for the representation of data collected from discussion forums. Then, it applies a systematic methodology to design the reference architecture of the SECDFAN system, which handles the creation of CTI products following a comprehensive approach from the source selection to CTI product sharing and security experts’ collaboration. The final product of this work is the SECDFAN reference architecture. The contribution of this paper is the development of a CTI reference architecture of a system that, by design, handles all CTI-related issues for creating CTI products by analyzing the content of discussion forums.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call