BIBLIOS

  Sistema de Gestão de Referências Bibliográficas de Ciências

Modo Visitante (Login)
Need help?


Voltar

Detalhes Referência

Tipo
Artigos em Conferência

Tipo de Documento
Artigo Completo

Título
Enriching Threat Intelligence Platforms Capabilities

Participantes na publicação
Mario Faiella (Author)
Gustavo Gonzalez-Granadillo (Author)
Ibéria Medeiros (Author)
Dep. Informática
LASIGE
Rui Azevedo (Author)
Susana Gonzalez-Zarzosa (Author)

Resumo
One of the weakest points in actual security detection and monitoring systems is the data retrieval from Open Source Intelligence (OSINT), as well as how this kind of information should be processed and normalized, considering their unstructured nature. This cybersecurity related information (e.g., Indicator of Compromise -IoC) is obtained from diverse and different sources and collected by Threat Intelligence Platforms (TIPs). In order to improve its quality, such information should be correlated with real-time data coming from the monitored infrastructure, before being further analyzed and shared. In this way, it could be prioritized, allowing a faster incident detection and response. This paper presents an Enriched Threat Intelligence Platform as a way to extend import, quality assessment processes, and information sharing capabilities in current TIPs. The platform receives structured cyber threat information from multiple sources, and performs the correlation among them with both static and dynamic data coming from the monitored infrastructure. This allows the evaluation of a threat score through heuristic-based analysis, used for enriching the information received from OSINT and other sources. The final result, expressed in a well defined format, is sent to external entities, which is further used for monitoring and detecting incidents (e.g., SIEMs), or for more in-depth analysis, and shared with trusted organizations.

Data de Publicação
2019

Instituição
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Evento
Proceedings of the 16th International Joint Conference on e-Business and Telecommunications

Identificadores da Publicação
ISBN - 9789897583780

Local
Prague, Czech Republic

Editora
SCITEPRESS - Science and Technology Publications

Identificadores do Documento
DOI - https://doi.org/10.5220/0007830400370048
URL - http://dx.doi.org/10.5220/0007830400370048

Identificadores de Qualidade
CORE B (2018) -
Google Metrics (2019) - 13


Exportar referência

APA
Mario Faiella, Gustavo Gonzalez-Granadillo, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa, (2019). Enriching Threat Intelligence Platforms Capabilities. Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, -

IEEE
Mario Faiella, Gustavo Gonzalez-Granadillo, Ibéria Medeiros, Rui Azevedo, Susana Gonzalez-Zarzosa, "Enriching Threat Intelligence Platforms Capabilities" in Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, Prague, Czech Republic, 2019, pp. -, doi: 10.5220/0007830400370048

BIBTEX
@InProceedings{43378, author = {Mario Faiella and Gustavo Gonzalez-Granadillo and Ibéria Medeiros and Rui Azevedo and Susana Gonzalez-Zarzosa}, title = {Enriching Threat Intelligence Platforms Capabilities}, booktitle = {Proceedings of the 16th International Joint Conference on e-Business and Telecommunications}, year = 2019, pages = {-}, address = {Prague, Czech Republic}, publisher = {SCITEPRESS - Science and Technology Publications} }