Trends in Existing and Emerging Cyber Threat Intelligence Platforms
Adarsh Kumar1, Kriti Sharma2, Saurabh Jain3, Deepak Sharma4, Alok Aggarwal5
1Adarsh Kumar*, School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttrakhand, India.
2Kriti Sharma*, Department of Computer Science, School of Engineering, KR Manglam University, Gurgaon, India.
3Saurabh Jain, School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttrakhand, India.
4Deepak Kumar Sharma, School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttrakhand, India.
5Alok Aggarwal, School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttrakhand, India.
Manuscript received on September 16, 2019. | Revised Manuscript received on 24 September, 2019. | Manuscript published on October 10, 2019. | PP: 3194-3201 | Volume-8 Issue-12, October 2019. | Retrieval Number: L3188081219/2019©BEIESP | DOI: 10.35940/ijitee.L3188.1081219
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The purpose of this paper is to present comparative analysis of cyber threat intelligence platforms and their features. This work include comparative analysis of existing ontologies for cyber threat collectors/sensor, data enrichment and data analytical techniques used for raw data analysis and community models for sharing cyber threats, intelligence and countermeasures. Firstly, this work performs comparative analysis of various data sensors designed for collecting raw data from different networks: wired, wireless and mobile. Secondly, detail analysis is performed on various interfaces designed to map ontologies into schemas. Thirdly, efficient methods for data analysis are considered for comparative and detailed report. These method extracts threat information from raw data. Lastly, various cybersecurity community models are analyzed with an aim of identifying an efficient cyber threat sharing model. It is observed that ontology based data sensor mechanisms are more efficient as compared to taxonomy models. It helps in identifying various cyber threats in stipulated time period. In another observation, it is found that decision tree based data analytical techniques are more efficient for critical infrastructure based cyber threat intelligence systems as compared to other machine learning techniques. Further, open source community for cyber threat sharing is efficient if it allows everyone to share their threat information, create groups for specialized interests and keep logs of every subscriber. The proposed analysis is performed for open source and commercial cyber threat sharing platforms however various ontology models are available for intrusion detection systems in cyberspace. This work may be extended for other ontology models, deep learning threat analytical models and quality based threat sharing communities for non-IT sectors like: gas plants, water and electricity supply system etc. The proposed cybersecurity platform is useful for various practical systems where need of cybersecurity is increasing day by day. For example, Supervisory Control and Data Acquisition (SCADA) systems like: energy, oil/gas, transportation, power, water and waste water management systems etc. The conducted analysis is helpful in identifying appropriate cyber threat sharing platform for different applications.
Keywords: Cyber Threat Intelligence, Threat Sharing, Community, Cybersecurity, Cryptography.
Scope of the Article: Community Information Systems