On the Assessment of Completeness and Timeliness of Actionable Cyber Threat Intelligence Artefacts

Author

Cagatay Yucel, Ioannis Chalkias, Dimitrios Mallis, Evangelos Karagiannis, Deniz Cetinkaya and Vasilios Katos

Published in

Dziech A., Mees W., Czyżewski A. (eds) Multimedia Communications, Services and Security. MCSS 2020. Communications in Computer and Information Science

Keywords

ATT&CK framework, cyber threat intelligence, unified cyber kill chain, pyramid of pain, data quality dimensions

Open Access

Abstract

In this paper we propose an approach for hunting adversarial tactics, techniques and procedures by leveraging information described in structured cyber threat intelligence models. We focused on the properties of timeliness and completeness of cyber threat intelligence indicators to drive the discovery of tactics, techniques and procedures placed highly on the so-called Pyramid of Pain.

We used the unit 42 playbooks dataset to evaluate the proposed approach and illustrate the limitations and opportunities of a systematic intelligence sharing process for high pain tactics, techniques and procedures discovery. We applied the Levenshtein Distance in order to present a metric between the attack vectors constructed from the kill chain phases for completeness and timeliness.

Source

https://link.springer.com/chapter/10.1007/978-3-030-59000-0_5