Abstract
Cyber Threat Intelligence (CTI) is a source of useful information for organizations to take countermeasures against cyber-attacks. The process of using CTI is not automatic and requires human interventions, because we have to (1) check the CTI data to avoid obstructing business before executing countermeasures and (2) identify the similarity among CTI data to make the countermeasures effective. However, human tasks in using CTI are difficult, because CTI is inherently not human friendly and a large amount of CTI data is provided. Hence, we have to spend a lot of time before taking countermeasures. To solve this problem, we developed an analysis tool which can pick up and visualize a useful subset of CTI information as a graph, together with attributes of the organization, to help human judgment. By using graph structure, the relevancy to the organization and the similarity among CTI data are revealed at a glance. Moreover, the tool enables the reconciliation of CTI data, i.e. adding new relationships between them, to store the result of the analysis for later use. This helps us to take sophisticated countermeasures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlienVault, Open Threat Exchange (OTX). https://www.alienvault.com/open-threat-exchange
Gartner, Reviews for Security Threat Intelligence Products and Services. https://www.gartner.com/reviews/market/security-threat-intelligence-services
HAIL A TAXII. http://hailataxii.com/
OASIS, Introduction to STIX. https://oasis-open.github.io/cti-documentation/stix/intro
OASIS, Introduction to TAXII. https://oasis-open.github.io/cti-documentation/taxii/intro
Masuoka, R., Satomi, T., Yamada, K.: Strategies for semantics-rich machine-understandable CTI - human - machine cybersecurity collaboration. In: Borderless Cyber Conference and FIRST Technical Symposium (2017)
Katayama, Y., et al.: Use of cyber threat intelligence for organizations. In: Japanese, Symposium on Cryptography and Information Security (SCIS) (2017)
Kambara, Y., et al.: How to set the expiration date of cyber threat intelligence. In: Japanese, Symposium on Cryptography and Information Security (SCIS) (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kambara, Y., Katayama, Y., Oikawa, T., Furukawa, K., Torii, S., Izu, T. (2019). Developing the Analysis Tool of Cyber-Attacks by Using CTI and Attributes of Organization. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2019. Advances in Intelligent Systems and Computing, vol 927. Springer, Cham. https://doi.org/10.1007/978-3-030-15035-8_65
Download citation
DOI: https://doi.org/10.1007/978-3-030-15035-8_65
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15034-1
Online ISBN: 978-3-030-15035-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)