Publication: Using CTI Data to Understand Real World Cyberattacks
Loading...
Identifiers
Publication date
2023-03-23
Defense date
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
Impact
Export
Abstract
The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.
Description
Proceeding of: 2023 18th Wireless On-Demand Network Systems and Services Conference (WONS), 30 January 2023 - 01 February 2023, Madonna di Campiglio, Italy.
Keywords
Wireless communication, Forensics, Knowledge based systems, Collaboration, Market research, Malware, Cyber threat intelligence
Bibliographic citation
2023 18th Wireless On-Demand Network Systems and Services Conference (WONS). IEEE, 2023. Pp. 100-103.