Paper Info
Title
Taxonomy Model for Cyber Threat Intelligence Information Exchange Technologies
Abstract
The cyber threat intelligence information exchange ecosystem is a holistic approach to the automated sharing of threat intelligence. For automation to succeed, it must handle tomorrow's attacks, not just yesterday's. There are numerous ontologies that attempt to enable the sharing of cyber threats, such as OpenIOC, STIX, and IODEF. To date, most ontologies are based on various use cases. Ontology developers collect threat indicators that through experi-ence seem to be useful for exchange. This approach is pragmatic and offers a collection of useful threat indicators in real-world scenarios. However, such a selection method is episodic. What is useful today may not be useful tomorrow. What we consider to be chaff or too hard to share today might become a critically im-portant piece of information. Therefore, in addition to use case-based ontology, ontologies need to be based on first principles. In this document we propose taxonomy for classifying threat-sharing technologies. The purpose of this taxonomy is to classify existing technologies using an agnostic framework, identify gaps in existing technologies, and explain their differences from a sci-entific perspective. We are currently working on a thesaurus that will describe, compare, and classify detailed cyber security terms. This paper focuses on the classification of the ontologies them-selves.
Year
DOI
Venue
2014
10.1145/2663876.2663883
WISCS@CCS
Keywords
Field
DocType
security and protection,taxonomy,standards,ontology,information sharing,data sharing
Ontology (information science),Ontology,World Wide Web,Use case,Computer science,Information exchange,Cyber threat intelligence,Automation,Yesterday,Information sharing
Conference
Citations 
PageRank 
References 
22
1.14
4
Authors
4
Name
Order
Citations
PageRank
Eric W. Burger1221.48
Michael D. Goodman2221.14
Panos Kampanakis3222.49
Kevin A. Zhu4221.14