Indicators of compromise (IOCs) data fatigue and prioritization
Over the past few years, Cyber Threat Intelligence (CTI) has rapidly evolved, thanks to various threat intelligence platforms and organizations around the world. Through automated analysis and the real-time sharing of threat intelligence information, orga- nizations are better equipped to mitigate t...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2023
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/165879 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | Over the past few years, Cyber Threat Intelligence (CTI) has rapidly evolved, thanks to various threat intelligence platforms and organizations around the world. Through automated analysis and the real-time sharing of threat intelligence information, orga- nizations are better equipped to mitigate the risks posed by cyber threats and attacks. Indicators of Compromise (IOCs) are one of the most widely analyzed and shared threat data used to generate actionable threat intelligence. They are considered one of the most fundamental threat data that are utilized to detect and prevent cyber intrusions at an early stage. However, much of the collected IOC data is limited in quality, and the amount and type of real-time threat data collected can be overwhelming for security analysts, leading to IOC data fatigue.
To address this issue, a new scoring mechanism has been proposed to prioritize a set of IOCs. The mechanism utilizes various IOC attributes and relationships provided by the VirusTotal online scanning engine analysis results. By prioritizing the IOCs that are properly analyzed and ranked from a large dataset, the scoring mechanism can help allocate resources and efforts more effectively. Overall, this approach can enhance the accuracy and efficiency of IOC analysis and improve the ability of organizations to respond to cybersecurity threats. |
|---|