RT Conference Proceedings
T1 Using CTI Data to Understand Real World Cyberattacks
A1 Allegretta, Mauro
A1 Siracusano, Giuseppe
A1 González Sánchez, Roberto
A1 Vallina Rodríguez, Pelayo
A1 Gramaglia, Marco
AB The forensic analysis of Cyber Threat Intelligence (CTI) data is of capital importance for businesses and enterprises to understand what has possibly gone wrong in a cybersecurity system. Moreover, the fast evolution of the techniques used by cybercriminals requires collaboration among multiple partners to provide efficient security mechanisms. STIX has emerged as the industrial standard to share CTI data in a structured format, allowing entities from over the world to exchange information to broaden the knowledge base in the area. In this work, we shed light on the type of information contained in these datasets shared among partners. We analyze a large real-world STIX dataset and identify trends for the reporting of CTI data. Then, we deep dive into two kinds of attack patterns found in the dataset: Command & Control and Malicious Software Download. We found the data is not only useful for forensic analysis but can also be used to improve the protection against new attacks.
PB IEEE
SN 978-3-903176-56-0
YR 2023
FD 2023-03-23
LK https://hdl.handle.net/10016/37100
UL https://hdl.handle.net/10016/37100
LA eng
NO Proceeding of: 2023 18th Wireless On-Demand Network Systems and Services Conference (WONS), 30 January 2023 - 01 February 2023, Madonna di Campiglio, Italy.
NO The work of UC3M has been supported by the Spanish Ministry of Economic Affairs and Digital Transformation and the European Union-NextGenerationEU through the UNICO 5G I+D project 6G-RIEMANN. The work of NEC Laboratories Europe has been supported by the EU research project MARSAL (Grant Agreement 101017171).
DS e-Archivo
RD 17 jul. 2024