Advertisement

Developing the Analysis Tool of Cyber-Attacks by Using CTI and Attributes of Organization

  • Yusuke KambaraEmail author
  • Yoshinori Katayama
  • Takanori Oikawa
  • Kazuyoshi Furukawa
  • Satoru Torii
  • Tetsuya Izu
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 927)

Abstract

Cyber Threat Intelligence (CTI) is a source of useful information for organizations to take countermeasures against cyber-attacks. The process of using CTI is not automatic and requires human interventions, because we have to (1) check the CTI data to avoid obstructing business before executing countermeasures and (2) identify the similarity among CTI data to make the countermeasures effective. However, human tasks in using CTI are difficult, because CTI is inherently not human friendly and a large amount of CTI data is provided. Hence, we have to spend a lot of time before taking countermeasures. To solve this problem, we developed an analysis tool which can pick up and visualize a useful subset of CTI information as a graph, together with attributes of the organization, to help human judgment. By using graph structure, the relevancy to the organization and the similarity among CTI data are revealed at a glance. Moreover, the tool enables the reconciliation of CTI data, i.e. adding new relationships between them, to store the result of the analysis for later use. This helps us to take sophisticated countermeasures.

References

  1. 1.
    AlienVault, Open Threat Exchange (OTX). https://www.alienvault.com/open-threat-exchange
  2. 2.
    Gartner, Reviews for Security Threat Intelligence Products and Services. https://www.gartner.com/reviews/market/security-threat-intelligence-services
  3. 3.
  4. 4.
  5. 5.
  6. 6.
    Masuoka, R., Satomi, T., Yamada, K.: Strategies for semantics-rich machine-understandable CTI - human - machine cybersecurity collaboration. In: Borderless Cyber Conference and FIRST Technical Symposium (2017)Google Scholar
  7. 7.
    Katayama, Y., et al.: Use of cyber threat intelligence for organizations. In: Japanese, Symposium on Cryptography and Information Security (SCIS) (2017)Google Scholar
  8. 8.
    Kambara, Y., et al.: How to set the expiration date of cyber threat intelligence. In: Japanese, Symposium on Cryptography and Information Security (SCIS) (2017)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yusuke Kambara
    • 1
    Email author
  • Yoshinori Katayama
    • 1
  • Takanori Oikawa
    • 1
  • Kazuyoshi Furukawa
    • 1
  • Satoru Torii
    • 1
  • Tetsuya Izu
    • 1
  1. 1.Fujitsu Laboratories Ltd.Nakahara-ku, KawasakiJapan

Personalised recommendations