TY - GEN
T1 - Analysis of Threat Intelligence Information Exchange via the STIX Standard
AU - Krauss, Oliver
AU - Papesh, Konstantin
N1 - Funding Information:
We thank the Austrian Research Promotion Agency (FFG) for funding this research. This research was funded via the program track General Program, project number 43013376 and was done in cooperation with the company Nextpart Security Intelligence GmbH.
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Threat Information exchange is a highly relevant topic in today's environment of increasing data breaches, hacks and scams. Standardized formats for exchanging such information exist, but if and how they are used by an active community is determinant for gaining information from such provided information. We provide an in depth analysis of the current state of the Structured Threat Information Expression (STIX) standard, consisting of 5 different active threat information providers. Based on an analysis of 480,867 threat information objects, we find that the STIX standard is not used to its full capabilities, and lacks usefulness due to the quality and up-to-dateness of the information. We give suggestions for future improvements of standards based threat information exchange, such as more adherence to the core standard, and fostering an active community.
AB - Threat Information exchange is a highly relevant topic in today's environment of increasing data breaches, hacks and scams. Standardized formats for exchanging such information exist, but if and how they are used by an active community is determinant for gaining information from such provided information. We provide an in depth analysis of the current state of the Structured Threat Information Expression (STIX) standard, consisting of 5 different active threat information providers. Based on an analysis of 480,867 threat information objects, we find that the STIX standard is not used to its full capabilities, and lacks usefulness due to the quality and up-to-dateness of the information. We give suggestions for future improvements of standards based threat information exchange, such as more adherence to the core standard, and fostering an active community.
KW - Computer Network Security
KW - Data Mining
KW - Standardized Data Exchange
UR - http://www.scopus.com/inward/record.url?scp=85146420827&partnerID=8YFLogxK
U2 - 10.1109/ICECCME55909.2022.9988073
DO - 10.1109/ICECCME55909.2022.9988073
M3 - Conference contribution
AN - SCOPUS:85146420827
T3 - International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022
BT - International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022
Y2 - 16 November 2022 through 18 November 2022
ER -