Current approaches and future directions for Cyber Threat Intelligence sharing: A survey

IF 3.8 2区计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Information Security and Applications Pub Date : 2024-05-17 DOI:10.1016/j.jisa.2024.103786

Poopak Alaeifar , Shantanu Pal , Zahra Jadidi , Mukhtar Hussain , Ernest Foo

{"title":"Current approaches and future directions for Cyber Threat Intelligence sharing: A survey","authors":"Poopak Alaeifar , Shantanu Pal , Zahra Jadidi , Mukhtar Hussain , Ernest Foo","doi":"10.1016/j.jisa.2024.103786","DOIUrl":null,"url":null,"abstract":"<div><p>Cyber Threat Intelligence (CTI) is essential knowledge concerning cyber and physical threats aimed at mitigating potential cyber attacks. The rapid evolution of Information and Communications Technology (ICT), the Internet of Things (IoT), and Industry 5.0 has spawned a multitude of sources regarding current or potential cyber threats against organizations. Consequently, CTI sharing among organizations holds considerable promise for facilitating swift responses to attacks and enabling mutual benefits through active participation. However, exchanging CTI among different organizations poses significant challenges, including legal and regulatory obligations, interoperability standards, and data reliability. The current CTI sharing landscape remains inadequately explored, hindering a comprehensive examination of organizations’ critical needs and the challenges they encounter during CTI sharing. This paper presents a comprehensive survey on CTI sharing, beginning with an exploration of CTI fundamentals and its advancements in assessing cyber and physical threats and threat actors from various perspectives. For instance, we discuss the benefits of CTI, its applications, and diverse CTI sharing architectures. Additionally, we extensively discuss a list of CTI sharing challenges and evaluate how available CTI sharing proposals address these challenges. Finally, we provide an inventory of unique future research directions to offer insightful guidelines for CTI sharing.</p></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"83 ","pages":"Article 103786"},"PeriodicalIF":3.8000,"publicationDate":"2024-05-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2214212624000899/pdfft?md5=2ea406819c601d78af91b9fc6cd88be8&pid=1-s2.0-S2214212624000899-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212624000899","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Cyber Threat Intelligence (CTI) is essential knowledge concerning cyber and physical threats aimed at mitigating potential cyber attacks. The rapid evolution of Information and Communications Technology (ICT), the Internet of Things (IoT), and Industry 5.0 has spawned a multitude of sources regarding current or potential cyber threats against organizations. Consequently, CTI sharing among organizations holds considerable promise for facilitating swift responses to attacks and enabling mutual benefits through active participation. However, exchanging CTI among different organizations poses significant challenges, including legal and regulatory obligations, interoperability standards, and data reliability. The current CTI sharing landscape remains inadequately explored, hindering a comprehensive examination of organizations’ critical needs and the challenges they encounter during CTI sharing. This paper presents a comprehensive survey on CTI sharing, beginning with an exploration of CTI fundamentals and its advancements in assessing cyber and physical threats and threat actors from various perspectives. For instance, we discuss the benefits of CTI, its applications, and diverse CTI sharing architectures. Additionally, we extensively discuss a list of CTI sharing challenges and evaluate how available CTI sharing proposals address these challenges. Finally, we provide an inventory of unique future research directions to offer insightful guidelines for CTI sharing.

查看原文本刊更多论文

网络威胁情报共享的当前方法和未来方向：调查

网络威胁情报 (CTI) 是有关网络和物理威胁的基本知识，旨在减轻潜在的网络攻击。信息与通信技术 (ICT)、物联网 (IoT) 和工业 5.0 的快速发展催生了大量有关组织当前或潜在网络威胁的信息来源。因此，组织之间共享 CTI 有助于快速应对攻击，并通过积极参与实现互惠互利。然而，在不同组织之间交换 CTI 面临着巨大的挑战，包括法律和监管义务、互操作性标准和数据可靠性。目前对 CTI 共享情况的探索仍不充分，这阻碍了对组织的关键需求以及在 CTI 共享过程中遇到的挑战进行全面研究。本文对 CTI 共享进行了全面调查，首先探讨了 CTI 的基本原理及其在从不同角度评估网络和物理威胁以及威胁行为者方面的进展。例如，我们讨论了 CTI 的优势、应用和各种 CTI 共享架构。此外，我们还广泛讨论了 CTI 共享面临的一系列挑战，并评估了现有的 CTI 共享建议如何应对这些挑战。最后，我们列出了独特的未来研究方向，为 CTI 共享提供有见地的指导。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Information Security and Applications Computer Science-Computer Networks and Communications

CiteScore

10.90

自引率

5.40%

发文量

206

审稿时长

56 days

期刊介绍： Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.