Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Contextualized Filtering for Shared Cyber Threat Information

Published

Author(s)

Athanasios Dimitriadis, Christos Prassas, Jose L. Flores, Boonserm Kulvatunyou, Nenad Ivezic, Dimitris Gritzalis, Ioannis Mavridis

Abstract

Cyber threat information sharing is an imperative process towards achieving collaborative security, but it poses several challenges. One crucial challenge is the plethora of shared threat information. Therefore, there is a need to advance filtering of such information. While the state-of-theart in filtering relies primarily on keyword- and domain-based searching, these approaches require sizable human involvement and rarely available domain expertise. Recent research revealed the need for harvesting of business information to fill the gap in filtering, albeit it resulted in providing coarse-grained filtering based on the utilization of such information. This paper presents a novel contextualized filtering approach that exploits standardized and multi-level contextual information of business processes. The contextual information describes the conditions under which a given threat information is actionable from an organization perspective. Therefore, it can automate filtering by measuring the equivalence between the context of the shared threat information and the context of the consuming organization. The paper directly contributes to filtering challenge and indirectly to automated customized threat information sharing. Moreover, the paper proposes the architecture of a cyber threat information sharing ecosystem that operates according to the proposed filtering approach and defines the characteristics that are advantageous to filtering approaches. Implementation of the proposed approach can support compliance with the Special Publication 800-150 of the National Institute of Standards and Technology.
Citation
Sensors
Volume
21
Issue
14

Keywords

cyber threat information sharing, actionable threat information, filtering, business process context

Citation

Dimitriadis, A. , Prassas, C. , Flores, J. , Kulvatunyou, B. , Ivezic, N. , Gritzalis, D. and Mavridis, I. (2021), Contextualized Filtering for Shared Cyber Threat Information, Sensors, [online], https://doi.org/10.3390/s21144890, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=932642 (Accessed October 18, 2021)
Created July 18, 2021, Updated July 19, 2021