BIBLIOS

  Ciências References Management System

Visitor Mode (Login)
Need help?


Back

Publication details

Document type
Conference papers

Document subtype
Full paper

Title
PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT

Participants in the publication
Rui Azevedo (Author)
Iberia Medeiros (Author)
Dep. Informática
LASIGE
Alysson Bessani (Author)
Dep. Informática
LASIGE

Summary
Cybersecurity has become a top priority for most organizations. To more aptly protect themselves, organizations are moving from reactive to proactive defensive measures. They are investing in cyber threat intelligence (CTI) to provide them forewarning about the risks they face, as well as to accelerate their response times in the detection of attacks. A mean to obtain CTI is the collection of open source intelligence (OSINT) information via threat intelligence platforms and their representation as indicators of compromise (IoC). However, most of these platforms are providing threat information with little to no processing, presenting thus limitations on generating useful quality data. This work presents an approach for improving OSINT processing to generate threat intelligence of quality in the form of enriched IoCs. This improved intelligence is obtained by correlating and combining IoCs coming from different OSINT feeds that contain information about the same threat, aggregating them into clusters, and then representing the threat information contained within those clusters in a single enriched IoC. The approach was implemented in the PURE platform and evaluated with 34 OSINT feeds, which allowed the creation of enriched IoCs that permitted the identification of attacks not previously possible by analyzing the IoCs individually.

Date of Publication
2019-08

Institution
FACULDADE DE CIÊNCIAS DA UNIVERSIDADE DE LISBOA

Event
2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

Publication Identifiers
ISBN - 9781728127774

Address
Rotorua, New Zealand

Publisher
IEEE

Document Identifiers
URL - http://dx.doi.org/10.1109/trustcom/bigdatase.2019.00071
DOI - https://doi.org/10.1109/trustcom/bigdatase.2019.00071

Rankings
CORE A (2018) -
Google Metrics (2019) - 24


Export

APA
Rui Azevedo, Iberia Medeiros, Alysson Bessani, (2019). PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), -

IEEE
Rui Azevedo, Iberia Medeiros, Alysson Bessani, "PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT" in 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 2019, pp. -, doi: 10.1109/trustcom/bigdatase.2019.00071

BIBTEX
@InProceedings{43379, author = {Rui Azevedo and Iberia Medeiros and Alysson Bessani}, title = {PURE: Generating Quality Threat Intelligence by Clustering and Correlating OSINT}, booktitle = {2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)}, year = 2019, pages = {-}, address = {Rotorua, New Zealand}, publisher = {IEEE} }