A Quantitative Evaluation of Trust in the Quality of Cyber Threat Intelligence Sources

Threat intelligence sharing has become a cornerstone of cooperative and collaborative cybersecurity. Sources providing such data have become more widespread in recent years, ranging from public entities (driven by legislatorial changes) to commercial companies and open communities that provide threat intelligence in order to help organisations and individuals to better understand and assess the cyber threat landscape putting their systems at risk. Tool support to automatically process this information is emerging concurrently. It has been observed that the quality of information received by the sources varies significantly and that in order to assess the quality of a threat intelligence source it is not sufficient to only consider qualitative indications of the source itself, but it is necessary to monitor the data provided by the source continuously to be able to draw conclusions about the quality of information provided by a source. In this paper, we propose a methodology for evaluating cyber threat information sources based on quantitative parameters. The methodology aims to facilitate trust establishment to threat intelligence sources, based on a weighted evaluation method that allows each entity to adapt it to its own needs and priorities. The approach facilitates automated tools utilising threat intelligence, since information to be considered can be prioritised based on which source is trusted the most at the time the intelligence arrives.

[1]  David Waltermire,et al.  Guide to Cyber Threat Information Sharing , 2016 .

[2]  Ali E. Abdallah,et al.  A Novel Trust Taxonomy for Shared Cyber Threat Intelligence , 2018, Secur. Commun. Networks.

[3]  Anna-Lan Huang,et al.  Similarity Measures for Text Document Clustering , 2008 .

[4]  Gerald Quirchmayr,et al.  Applying Soft Systems Methodology to Complex Problem Situations in Critical Infrastructures: The CS-AWARE Case Study , 2018 .

[5]  Regina Borges de Araujo,et al.  Methodology for Data and Information Quality Assessment in the Context of Emergency Situational Awareness , 2017, Universal Access in the Information Society.

[6]  Xin Wang,et al.  A Quality Evaluation Method of Cyber Threat Intelligence in User Perspective , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[7]  Zhou Li,et al.  Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence , 2016, CCS.

[8]  Paulo Simões,et al.  Trust and Reputation for Information Exchange in Critical Infrastructures , 2010, CRITIS.

[9]  Aziz Mohaisen,et al.  Beyond Free Riding: Quality of Indicators for Assessing Participation in Information Sharing for Threat Intelligence , 2017, ArXiv.

[10]  Hongwei Zhu,et al.  Information Quality Framework for Verifiable Intelligence Products , 2009 .

[11]  Rajesh Eswarawaka,et al.  A Latest Comprehensive Study on Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII) , 2016, FICTA.

[12]  Laurent Vanbever,et al.  FeedRank: A tamper- resistant method for the ranking of cyber threat intelligence feeds , 2018, 2018 10th International Conference on Cyber Conflict (CyCon).

[13]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[14]  Pascal Bouvry,et al.  Trust based interdependency weighting for on-line risk monitoring in interdependent critical infrastructures , 2011, 2011 6th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[15]  Yangyong Zhu,et al.  The Challenges of Data Quality and Data Quality Assessment in the Big Data Era , 2015, Data Sci. J..

[16]  Gérard Wagener,et al.  Taxonomy driven indicator scoring in MISP threat intelligence platforms , 2019, ArXiv.

[17]  Yolanda Gil,et al.  A survey of trust in computer science and the Semantic Web , 2007, J. Web Semant..