Title | ||
---|---|---|
An Actionable Threat Intelligence system using a Publish-Subscribe communications model |
Abstract | ||
---|---|---|
We designed a system for securely distributing Threat Intelligence and recommended Courses of Action (CoAs), combining that information with local contextual information, determining which response system(s) can carry it out, and then putting the course of action into effect. Our system uses STIX to express threat information, including CoAs. We identified the problem of matching CoAs with the actions that a response system can carry out as a major design challenge, and found a robust and scalable decentralized solution to that challenge by adopting a publish-subscribe model. We built a solution based on the Extensible Messaging and Presence Protocol (XMPP) architecture and communications protocol as it provided the right security properties as well as the needed extensibility for both data model and transport protocols. We motivate and describe our system, and the use cases of Cyber Threat Prevention, Cyber Threat Detection, and Incident Response. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1145/2808128.2808131 | WISCS@CCS |
Field | DocType | Citations |
Publication,Architecture,Use case,Computer security,Models of communication,Application programming interface,Engineering,Data model,Scalability,Communications protocol | Conference | 4 |
PageRank | References | Authors |
0.59 | 0 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Syam Appala | 1 | 4 | 0.93 |
Nancy Cam-Winget | 2 | 88 | 11.65 |
David A. McGrew | 3 | 4 | 0.93 |
Jyoti Verma | 4 | 4 | 1.27 |