Analysis of Threat Intelligence Information Exchange via the STIX Standard

Oliver Krauss, Konstantin Papesh

Research output: Chapter in Book/Report/Conference proceedingsConference contributionpeer-review

1 Citation (Scopus)

Abstract

Threat Information exchange is a highly relevant topic in today's environment of increasing data breaches, hacks and scams. Standardized formats for exchanging such information exist, but if and how they are used by an active community is determinant for gaining information from such provided information. We provide an in depth analysis of the current state of the Structured Threat Information Expression (STIX) standard, consisting of 5 different active threat information providers. Based on an analysis of 480,867 threat information objects, we find that the STIX standard is not used to its full capabilities, and lacks usefulness due to the quality and up-to-dateness of the information. We give suggestions for future improvements of standards based threat information exchange, such as more adherence to the core standard, and fostering an active community.

Original languageEnglish
Title of host publicationInternational Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665470957
DOIs
Publication statusPublished - 2022
Event2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022 - Male, Maldives
Duration: 16 Nov 202218 Nov 2022

Publication series

NameInternational Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022

Conference

Conference2022 International Conference on Electrical, Computer, Communications and Mechatronics Engineering, ICECCME 2022
Country/TerritoryMaldives
CityMale
Period16.11.202218.11.2022

Keywords

  • Computer Network Security
  • Data Mining
  • Standardized Data Exchange

Fingerprint

Dive into the research topics of 'Analysis of Threat Intelligence Information Exchange via the STIX Standard'. Together they form a unique fingerprint.

Cite this