Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data

Cyber attacks have increased in frequency in recent years, affecting small, medium and large companies, creating an urgent need for tools capable of helping the mitigation of such threats. Thus, with the increasing number of cyber attacks, we have a large amount of threat data from heterogeneous sou...

Descripción completa

Detalles Bibliográficos
Autores: Borges Amaro, Lucas José, Percilio Azevedo, Bruce William, Lopes de Mendonca, Fabio Lucio, Ferreira Giozza, William, Oliveira Albuquerque, Robson de, García Villalba, Luis Javier
Tipo de recurso: artículo
Fecha de publicación:2022
País:España
Institución:Universidad Complutense de Madrid (UCM)
Repositorio:Docta Complutense
Idioma:inglés
OAI Identifier:oai:docta.ucm.es:20.500.14352/72082
Acceso en línea:https://hdl.handle.net/20.500.14352/72082
Access Level:acceso abierto
Palabra clave:analytics
cyber threat intelligence
framework
sharing
visualization
vulnerabilities
Bases de datos (Informática)
Seguridad informática
Descripción
Sumario:Cyber attacks have increased in frequency in recent years, affecting small, medium and large companies, creating an urgent need for tools capable of helping the mitigation of such threats. Thus, with the increasing number of cyber attacks, we have a large amount of threat data from heterogeneous sources that needs to be ingested, processed and analyzed in order to obtain useful insights for their mitigation. This study proposes a methodological framework to collect, organize, filter, share and visualize cyber-threat data to mitigate attacks and fix vulnerabilities, based on an eight-step cyber threat intelligence model with timeline visualization of threats information and analytic data insights. We developed a tool to address needs in which the cyber security analyst can insert threat data, analyze them and create a timeline to obtain insights and a better contextualization of a threat. Results show the facilitation of understanding the context in which the threats are inserted, rendering the mitigation of vulnerabilities more effective.