NUST Institutional Repository
Which STIX feeds are relevant to my network? : An Ontology-Driven Approach for Cyber-Threat Intelligence
- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Security
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Qamar, Sara | |
| dc.date.accessioned | 2020-11-04T06:43:52Z | |
| dc.date.available | 2020-11-04T06:43:52Z | |
| dc.date.issued | 2016 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/9524 | |
| dc.description | Supervisor: Dr. Zahid Anwar | en_US |
| dc.description.abstract | Automated analytics of cyber threat knowledge is crucial for network threat isolation and risk mitigation. Consequently, there has been growing interest in implementing a proactive line of defense through threats pro ling. How- ever, determining the resiliency of particular network con gurations with respect to relevant threats reported in cyber threat intelligence (CTI) shared data remains a challenge, largely due to lack of semantics and contextual information present in textual representation of the threat knowledge. To overcome the limitations of existing CTI frameworks, we devise a threat ana- lytics framework known as STIX-Analyzer based on OntologyWeb Language (OWL) for formal speci cation, semantic reasoning and contextual analy- sis that allows the derivation of network associated threats from volumes of shared threat feeds. Our ontology represents constructs of Structured Threat Information eXpression (STIX) with the additional concepts of Cyber Ob- servable eXpression (Cybox), network con gurations, and Common Vulner- abilities and Exposures (CVEs) for risk analysis and threat actors pro ling. STIX-Analyzer provides an automated mechanism for realizing cyber threats targeting the network under question by classifying the threat relevance, de- termining threat likelihood, total loss of a ected assets, threat reachability and attributing threats to their sources through formulated rules and infer- ence. Threat attribution analyzes threat frequency, tra c and actors pro le. Comprehensive structural and conceptual evaluation is performed on criti- cal APTs/espionages from credible source on collection of arbitrary network to examine OWL clarity, consistency, capability, expandability, reusability, scalability in terms of reasoning time, memory reservation and processor uti- lization with the quality of reasoning achieved during threat relevance identi- cation and threat actors attribution with the attributes present in network imported instances. | en_US |
| dc.publisher | SEECS, National University of Science & Technology | en_US |
| dc.subject | Information Security, STIX feeds, Ontology-Driven Approach | en_US |
| dc.title | Which STIX feeds are relevant to my network? : An Ontology-Driven Approach for Cyber-Threat Intelligence | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [146]