Towards Automated Matching of Cyber Threat Intelligence Reports based on Cluster Analysis in an Internet-of-Vehicles Environment

Connected and automated vehicles are a transformative technology that is getting closer to maturity and offers many benefits to the Internet-of-Vehicles ecosystem. Considering their multi-diverse nature and the vast amount of data they collect, process, and exchange, they attract varying malicious activities that jeopardize security and safety aspects. Therefore, the successful confrontation of such activities is crucial. When detecting such activities, information about the incoming threat is collected and analyzed during and after the incident. Organizations and security experts use cyber threat intelligence to organize such information. Considering that threats can be related to each other, it is important to provide the security experts with tools that would help them identify and attribute the threats. Towards this direction, in this paper, we present a tool that automatically matches cyber threat intelligence reports based on cluster analysis. Through this tool, the security experts can correlate an incoming attack with previously reported ones and follow similar methods to analyze it, aiming to speed up the attack attribution process.