Development of a semantic-enabled cybersecurity threat intelligence sharing model

Abstract

Big Data is transforming the global technological landscape by elevating online information access required for addressing everyday challenges, such as detecting in real-time the spread of diseases within areas of interest. As the data in the cyberspace continues to grow in a gargantuan manner due to the popularity and successes of Web 2.0 technologies and social networks, amongst other reasons, organizations also continue to face the complex challenge of sifting through this data to timely detect and respond to security threats relevant to their operating domain. Traditional businesses and governmental organisations generally rely on inefficient and discrete solutions that rely on limited sources of information, signature-based and anomaly-based approaches to detect known cyber threats and attacks. On the contrary, threat agents continue to develop advanced techniques for their cyber espionage, reconnaissance missions, and ultimately devastating attacks. In addition, emerging cybersecurity intelligence solutions lack the semantic knowledge essential for automated sharing of timely and context-aware information within a specific operating domain. Moreover, existing cybersecurity information sharing solutions lack the visualization and intelligence necessary for handling the large volume of unstructured data generated by multiple sources across different sectors. In an attempt to address some of these challenges, this paper presents a preposition of a semantic-enabled sharing model for exchanging timely and relevant cybersecurity intelligence with trusted collaborators. Drawing from previous research and open source sharing platforms, such as CRITS, this model is underpinned by common information exchange standards, such as STIX and TAXII. The proposed cross-platform sharing model is evaluated by exploiting a large stream of cybersecurity-related tweets and semantic knowledge available from a variety of data sources. Preliminary results suggest that semantic knowledge is essential towards enabling collaborative and automated exchange of timely and actionable cybersecurity intelligence.