Towards an Automated Dissemination Process of Cyber Threat Intelligence Data using STIX

Abstract

Cyber Threat Intelligence (CTI) is an actionable, evidence-based knowledge management system of cyber threats data. CTI consists of 3 (three) major parts, namely information gathering, analysis, and dissemination. To carry out dissemination in CTI, Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII) have been developed as open and interoperable standards for the CTI dissemination. An effective CTI is a CTI that can be integrated into the organization's security operations processes. Many organizations today runs CTI with a mechanism for reporting and distributing information in the dissemination process or known as cyber threat information sharing which has significant effects on security operations performance. In this study, user requirements analysis and design of cyber threat information sharing processes were carried out. From the results of the requirement analysis, a suitable business process re-engineering were proposed to accelerate the automation of CTI, especially in the information sharing part. Lastly, the designed processes were tested by simulating the processes using STIX and TAXII-based platform. The results of this study indicate that the designed processes can be run on STIX and TAXII-based platforms, ergo a step toward to a fully automated CTI.