SCE17-0185: STIX representation of cyber threat intelligence
In Cybersecurity operation, it is an important task to share Cyber Threat Intelligence (CTI). In order to facilitate CTI sharing, we need to have a flexible representation for these information. To allow organizations to perform automated checking to determine whether the IT environment of the organ...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/75696 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-75696 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-756962023-03-03T20:41:58Z SCE17-0185: STIX representation of cyber threat intelligence Phua, Kin Wee Lam Kwok Yan School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering::Computing methodologies::Document and text processing In Cybersecurity operation, it is an important task to share Cyber Threat Intelligence (CTI). In order to facilitate CTI sharing, we need to have a flexible representation for these information. To allow organizations to perform automated checking to determine whether the IT environment of the organization matches the profile of such cyber threat targets. A proper machine-readable presentation is critical. Currently, it is very easy for anyone to download and retrieve huge amounts of shared CTIs every single day. Digesting such huge amounts of CTIs manually is both inefficient and unproductive, not to mention the possibility of redundant CTIs. Therefore, this project aims to develop a software system, that is able to compare and consolidate these downloaded CTI reports and based on these CTI reports, proactively search for relevant information on the internet. This software system would utilize and leverage on STIX’s, a structured language for cyber threat intelligence, expressiveness, flexibility, extensibility, automatability and human-readability to generate CTI reports that would increase the efficiency and productivity of ingesting CTIs. The individual components of the implemented software system should be loosely-coupled, so that the it would be easily scalable in the future and ease the task of debugging when error occurs. The implemented system is python-based and is designed in a modular fashion such that each key component is a single python file on its own and the main python file would import the corresponding functions from these python files when required. The results of this project are generally positive; however, certain situations would result in undesirable outcomes such as inaccuracy of the generated reports. The improvement in productivity of the generated reports are difficult to measure due to the subjective nature of what information the end-user is looking for in a CTI report. The implemented solution could definitely be further enhanced to increase its accuracy, proactiveness and overall robustness in handling more complex situations, such as utilizing neural network technologies or venturing further in the internet to search for value-added information. Bachelor of Engineering (Computer Engineering) 2018-06-07T07:52:33Z 2018-06-07T07:52:33Z 2018 Final Year Project (FYP) http://hdl.handle.net/10356/75696 en Nanyang Technological University 45 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering::Computing methodologies::Document and text processing |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering::Computing methodologies::Document and text processing Phua, Kin Wee SCE17-0185: STIX representation of cyber threat intelligence |
| description |
In Cybersecurity operation, it is an important task to share Cyber Threat Intelligence (CTI). In order to facilitate CTI sharing, we need to have a flexible representation for these information. To allow organizations to perform automated checking to determine whether the IT environment of the organization matches the profile of such cyber threat targets. A proper machine-readable presentation is critical. Currently, it is very easy for anyone to download and retrieve huge amounts of shared CTIs every single day. Digesting such huge amounts of CTIs manually is both inefficient and unproductive, not to mention the possibility of redundant CTIs. Therefore, this project aims to develop a software system, that is able to compare and consolidate these downloaded CTI reports and based on these CTI reports, proactively search for relevant information on the internet. This software system would utilize and leverage on STIX’s, a structured language for cyber threat intelligence, expressiveness, flexibility, extensibility, automatability and human-readability to generate CTI reports that would increase the efficiency and productivity of ingesting CTIs. The individual components of the implemented software system should be loosely-coupled, so that the it would be easily scalable in the future and ease the task of debugging when error occurs. The implemented system is python-based and is designed in a modular fashion such that each key component is a single python file on its own and the main python file would import the corresponding functions from these python files when required. The results of this project are generally positive; however, certain situations would result in undesirable outcomes such as inaccuracy of the generated reports. The improvement in productivity of the generated reports are difficult to measure due to the subjective nature of what information the end-user is looking for in a CTI report. The implemented solution could definitely be further enhanced to increase its accuracy, proactiveness and overall robustness in handling more complex situations, such as utilizing neural network technologies or venturing further in the internet to search for value-added information. |
| author2 |
Lam Kwok Yan |
| author_facet |
Lam Kwok Yan Phua, Kin Wee |
| format |
Final Year Project |
| author |
Phua, Kin Wee |
| author_sort |
Phua, Kin Wee |
| title |
SCE17-0185: STIX representation of cyber threat intelligence |
| title_short |
SCE17-0185: STIX representation of cyber threat intelligence |
| title_full |
SCE17-0185: STIX representation of cyber threat intelligence |
| title_fullStr |
SCE17-0185: STIX representation of cyber threat intelligence |
| title_full_unstemmed |
SCE17-0185: STIX representation of cyber threat intelligence |
| title_sort |
sce17-0185: stix representation of cyber threat intelligence |
| publishDate |
2018 |
| url |
http://hdl.handle.net/10356/75696 |
| _version_ |
1759857885530030080 |