TY - GEN
T1 - Cytime
T2 - 13th International Conference on Future Internet Technologies, CFI 2018
AU - Kim, Eunsoo
AU - Kim, Kuyju
AU - Shin, Dongsoon
AU - Jin, Beomjin
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/6/20
Y1 - 2018/6/20
N2 - It is becoming increasingly necessary for organizations to build a Cyber Threat Intelligence (CTI) platform to fight against sophisticated attacks. To reduce the risk of cyber attacks, security administrators and/or analysts can use a CTI platform to aggregate relevant threat information about adversaries, targets and vulnerabilities, analyze it and share key observations from the analysis with collaborators. In this paper, we introduce CyTIME (Cyber Threat Intelligence ManagEment framework) which is a framework for managing CTI data. CyTIME can periodically collect CTI data from external CTI data repositories via standard interfaces such as Trusted Automated Exchange of Indicator Information (TAXII). In addition, CyTIME is designed to automatically generate security rules without human intervention to mitigate discovered new cybersecurity threats in real time. To show the feasibility of CyTIME, we performed experiments to measure the time to complete the task of generating the security rule corresponding to a given CTI data. We used 1,000 different CTI files related to network attacks. Our experiment results demonstrate that CyTIME automatically generates security rules and store them into the internal database within 12.941 seconds on average (max = 13.952, standard deviation = 0.580).
AB - It is becoming increasingly necessary for organizations to build a Cyber Threat Intelligence (CTI) platform to fight against sophisticated attacks. To reduce the risk of cyber attacks, security administrators and/or analysts can use a CTI platform to aggregate relevant threat information about adversaries, targets and vulnerabilities, analyze it and share key observations from the analysis with collaborators. In this paper, we introduce CyTIME (Cyber Threat Intelligence ManagEment framework) which is a framework for managing CTI data. CyTIME can periodically collect CTI data from external CTI data repositories via standard interfaces such as Trusted Automated Exchange of Indicator Information (TAXII). In addition, CyTIME is designed to automatically generate security rules without human intervention to mitigate discovered new cybersecurity threats in real time. To show the feasibility of CyTIME, we performed experiments to measure the time to complete the task of generating the security rule corresponding to a given CTI data. We used 1,000 different CTI files related to network attacks. Our experiment results demonstrate that CyTIME automatically generates security rules and store them into the internal database within 12.941 seconds on average (max = 13.952, standard deviation = 0.580).
KW - Cyber threat intelligence
KW - Intrusion detection systems
KW - Security rules
UR - https://www.scopus.com/pages/publications/85053706056
U2 - 10.1145/3226052.3226056
DO - 10.1145/3226052.3226056
M3 - Conference contribution
AN - SCOPUS:85053706056
SN - 9781450364669
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 13th International Conference on Future Internet Technologies, CFI 2018
PB - Association for Computing Machinery
Y2 - 20 June 2018 through 22 June 2018
ER -