A Robust Architecture for Aggregation of Heterogeneous Data for Threat Intelligence Platforms

2022 24th International Multitopic Conference (INMIC) Pub Date : 2022-10-21 DOI:10.1109/INMIC56986.2022.9972973

Afzal Yasmeen, Asim Muhammad, Khan Kifayat Ullah

{"title":"A Robust Architecture for Aggregation of Heterogeneous Data for Threat Intelligence Platforms","authors":"Afzal Yasmeen, Asim Muhammad, Khan Kifayat Ullah","doi":"10.1109/INMIC56986.2022.9972973","DOIUrl":null,"url":null,"abstract":"With increased dependency on computers, the threat of cyber-attacks becomes more prevalent. Cyber threat intelligence gathers reports from previous threats and helps to identify potential future attacks. The challenge for threat intelligence is overloaded threat feeds from various sources with structural heterogeneity. Currently, most of the sources share same type of data in heterogeneous format with different identifiers. In this paper, an architecture has been proposed for data aggregation from heterogeneous sources. The architecture is based on a three tier model that maps the heterogeneous sources' feeds into the target Threat Intelligence Platform (TIP). In this model, each layer has its own set of tasks and works in a step-by-step pattern, the output of one layer is input to the next layer. The working of this model is entirely dependent on the XML broker for dynamic mapping of sources. The objective is to have a unified system that can transform data from heterogeneous sources into a unified form that can assist the TIP in further statistics generation for analysis. This architecture has been implemented over six heterogeneous sources and performed data aggregation.","PeriodicalId":404424,"journal":{"name":"2022 24th International Multitopic Conference (INMIC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 24th International Multitopic Conference (INMIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INMIC56986.2022.9972973","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With increased dependency on computers, the threat of cyber-attacks becomes more prevalent. Cyber threat intelligence gathers reports from previous threats and helps to identify potential future attacks. The challenge for threat intelligence is overloaded threat feeds from various sources with structural heterogeneity. Currently, most of the sources share same type of data in heterogeneous format with different identifiers. In this paper, an architecture has been proposed for data aggregation from heterogeneous sources. The architecture is based on a three tier model that maps the heterogeneous sources' feeds into the target Threat Intelligence Platform (TIP). In this model, each layer has its own set of tasks and works in a step-by-step pattern, the output of one layer is input to the next layer. The working of this model is entirely dependent on the XML broker for dynamic mapping of sources. The objective is to have a unified system that can transform data from heterogeneous sources into a unified form that can assist the TIP in further statistics generation for analysis. This architecture has been implemented over six heterogeneous sources and performed data aggregation.

查看原文本刊更多论文

一种面向威胁情报平台的异构数据聚合鲁棒架构

随着人们对计算机依赖程度的提高，网络攻击的威胁变得更加普遍。网络威胁情报收集以往威胁的报告，并帮助识别潜在的未来攻击。威胁情报面临的挑战是来自各种来源且结构异构的威胁信息过载。目前，大多数数据源以不同标识符的异构格式共享同一类型的数据。本文提出了一种异构数据源数据聚合的体系结构。该体系结构基于三层模型，该模型将异构源的馈送映射到目标威胁情报平台(TIP)。在这个模型中，每一层都有自己的一组任务，并以循序渐进的模式工作，一层的输出输入到下一层。该模型的工作完全依赖于源动态映射的XML代理。目标是拥有一个统一的系统，可以将来自异构源的数据转换为统一的形式，从而帮助TIP进一步生成用于分析的统计数据。该体系结构已经在六个异构源上实现，并执行了数据聚合。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 24th International Multitopic Conference (INMIC)

自引率

0.00%

发文量