A Summary of the Development of Cyber Security Threat Intelligence Sharing

A Summary of the Development of Cyber Security Threat Intelligence Sharing

Lili Du (JiLin University, China), Yaqin Fan (JiLin University, China), Lvyang Zhang (Yiwu Industrial and Commercial College, China), Lianying Wang (Tencent Security Xuanwu Lab, China) and Tianhang Sun (Electrical Engineering and Telecommunications, University of New South Wales, Australia)
Copyright: © 2020 |Pages: 14
DOI: 10.4018/IJDCF.2020100105

Abstract

In recent years, the sharing of cybersecurity threat intelligence (hereinafter referred to as threat intelligence) has received increasing attention from national network security management organizations and network security enterprises. Academia and industry have conducted research on threat intelligence analysis and sharing. This paper first introduces the value and significance of threat intelligence. Then it introduces the commonly used threat intelligence analysis model. Then it organizes and classifies the threat intelligence sharing norms and threat intelligence vendors. Then it starts from the main problems faced by threat intelligence sharing. A solution to build regional network security capabilities is presented; finally, the future research direction of threat intelligence sharing is explored.
Article Preview
Top

1. Introduction

1.1. Definition and Significance of Threat Intelligence

With the diversification, complexity and specialization of today's cyber-attacks, the passive protection methods of traditional security have gradually failed, and the defense against attacks has gradually turned to the active defense method based on detection and analysis. However, the current global detection of attacks is not optimistic. In order to effectively solve the problem of offensive and defensive information in the offensive and defensive process, more and more enterprises are beginning to pay attention to the construction of threat intelligence platforms, through the collection and sharing of threat intelligence. Improve the efficiency of the corporate security team (RFSID,2017).

The definition of threat intelligence in the industry is different. Most of the literature refers to the definition proposed by Gartner in the 2014 Market Guide for Security Threat Intelligence Service: Threat Intelligence is about IT. Evidence-based knowledge of existing or potential threats to information assets, including contexts, mechanisms, indicators, inferences, and feasible recommendations that can provide a basis for decision-making on threat response.

In the era of big data, any behavior can be recorded and analyzed. Once a cybersecurity incident occurs, the behavioral methods involved in the incident will be recorded and analyzed, and corresponding threat information will be generated for reference by other parties to avoid the trick. This is the meaning of threat intelligence. Threat Intelligence provides strong data support for all stages of security analysis with its highly standardized data format, high knowledge density of data content, high accuracy and strong correlation. As a result, security teams in various countries are actively exploring the value of threat intelligence data and researching threat intelligence analysis and sharing technologies(Solomon,2017).

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 13: 6 Issues (2021): Forthcoming, Available for Pre-Order
Volume 12: 4 Issues (2020)
Volume 11: 4 Issues (2019)
Volume 10: 4 Issues (2018)
Volume 9: 4 Issues (2017)
Volume 8: 4 Issues (2016)
Volume 7: 4 Issues (2015)
Volume 6: 4 Issues (2014)
Volume 5: 4 Issues (2013)
Volume 4: 4 Issues (2012)
Volume 3: 4 Issues (2011)
Volume 2: 4 Issues (2010)
Volume 1: 4 Issues (2009)
View Complete Journal Contents Listing