Investigating Sharing of Cyber Threat Intelligence and Proposing A New Data Model for Enabling Automation in Knowledge Representation and Exchange
Siri Bromander, Morton Swimmer, Lilly Pijnenburg Muller, Audun Jøsang, Martin Eian, Geir Skjøtskift, Fredrik Borg
Abstract
For a strong, collective defense in the digital domain, we need to produce, consume, analyze, and share cyber threat intelligence. With an increasing amount of available information, we need automation to ensure adequate efficiency. We present the results from a questionnaire investigating the use of standards and standardization and how practitioners share and use cyber threat intelligence (CTI). We propose a strict data model for CTI that enables consumption of all relevant data, data validation, and analysis of consumed content. The main contribution of this article is insight into how CTI is shared and used by practitioners, and the strictness of the data model that enforces input of information and enables automation and deduction of new knowledge.