论文信息 - Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies

Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies

The cyber threat intelligence information exchange ecosystem is a holistic approach to the automated sharing of threat intelligence. For automation to succeed, it must handle tomorrow's attacks, not just yesterday's. There are numerous ontologies that attempt to enable the sharing of cyber threats, such as OpenIOC, STIX, and IODEF. To date, most ontologies are based on various use cases. Ontology developers collect threat indicators that through experi-ence seem to be useful for exchange. This approach is pragmatic and offers a collection of useful threat indicators in real-world scenarios. However, such a selection method is episodic. What is useful today may not be useful tomorrow. What we consider to be chaff or too hard to share today might become a critically im-portant piece of information. Therefore, in addition to use case-based ontology, ontologies need to be based on first principles. In this document we propose taxonomy for classifying threat-sharing technologies. The purpose of this taxonomy is to classify existing technologies using an agnostic framework, identify gaps in existing technologies, and explain their differences from a sci-entific perspective. We are currently working on a thesaurus that will describe, compare, and classify detailed cyber security terms. This paper focuses on the classification of the ontologies them-selves.

[1] Kathleen M. Moriarty. Real-time Inter-network Defense (RID) , 2010, RFC.

[2] Dominikus Herzberg,et al. The use of layers and planes for architectural design of communication systems , 2001, Fourth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. ISORC 2001.

[3] D. L. Parnas,et al. On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[4] Youki Kadobayashi,et al. An Incident Object Description Exchange Format (IODEF) Extension for Structured Cybersecurity Information , 2014, RFC.

[5] Panos Kampanakis,et al. Security Automation and Threat Information-Sharing Options , 2014, IEEE Security & Privacy.

[6] Juha Savolainen,et al. Layered architecture revisited — Comparison of research and practice , 2009, 2009 Joint Working IEEE/IFIP Conference on Software Architecture & European Conference on Software Architecture.

[7] Yuri Demchenko,et al. The Incident Object Description Exchange Format , 2007, RFC.

[8] Benoit Claise,et al. Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information , 2008, RFC.

[9] Benoit Claise,et al. Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of Flow Information , 2013, RFC.

[10] Brian Trammell,et al. Internet Engineering Task Force (ietf) Transport of Real-time Inter-network Defense (rid) Messages over Http/tls , 2022 .