Seulgi Lee, Hyeisun Cho, Nakhyun Kim, Byungik Kim, Junhyung Park
{"title":"在图形数据库中管理网络威胁情报:分析入侵集、威胁参与者和活动的方法","authors":"Seulgi Lee, Hyeisun Cho, Nakhyun Kim, Byungik Kim, Junhyung Park","doi":"10.1109/platcon.2018.8472752","DOIUrl":null,"url":null,"abstract":"Efforts to cope jointly with the ever-increasing number of breach incidents have resulted in the establishment of the standard format and protocol and given birth to many consultative groups. In addition, various channels that distribute Cyber Threat Intelligence information free of charge have emerged, and studies on utilizing such channels have spread. As the market for sharing information professionally is expanding, the need to manage the shared information in various ways in order to achieve better result has arisen. This paper proposes a standardized management structure and method based on the standardized format and a meaning and standard of Cyber Threat Intelligence that can be shared outside when loading OSINT information collected from various channels into the graph database. This paper also proposes a method of supporting the detection provided by existing security equipment with the information saved in the graph database and an effective method of analysis. Lastly, the paper discusses the advantages that can be expected from saving cyber threat information in the graph database developed using information collected from the outside.","PeriodicalId":231523,"journal":{"name":"2018 International Conference on Platform Technology and Service (PlatCon)","volume":"110 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Managing Cyber Threat Intelligence in a Graph Database: Methods of Analyzing Intrusion Sets, Threat Actors, and Campaigns\",\"authors\":\"Seulgi Lee, Hyeisun Cho, Nakhyun Kim, Byungik Kim, Junhyung Park\",\"doi\":\"10.1109/platcon.2018.8472752\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Efforts to cope jointly with the ever-increasing number of breach incidents have resulted in the establishment of the standard format and protocol and given birth to many consultative groups. In addition, various channels that distribute Cyber Threat Intelligence information free of charge have emerged, and studies on utilizing such channels have spread. As the market for sharing information professionally is expanding, the need to manage the shared information in various ways in order to achieve better result has arisen. This paper proposes a standardized management structure and method based on the standardized format and a meaning and standard of Cyber Threat Intelligence that can be shared outside when loading OSINT information collected from various channels into the graph database. This paper also proposes a method of supporting the detection provided by existing security equipment with the information saved in the graph database and an effective method of analysis. Lastly, the paper discusses the advantages that can be expected from saving cyber threat information in the graph database developed using information collected from the outside.\",\"PeriodicalId\":231523,\"journal\":{\"name\":\"2018 International Conference on Platform Technology and Service (PlatCon)\",\"volume\":\"110 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Conference on Platform Technology and Service (PlatCon)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/platcon.2018.8472752\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Platform Technology and Service (PlatCon)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/platcon.2018.8472752","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Managing Cyber Threat Intelligence in a Graph Database: Methods of Analyzing Intrusion Sets, Threat Actors, and Campaigns
Efforts to cope jointly with the ever-increasing number of breach incidents have resulted in the establishment of the standard format and protocol and given birth to many consultative groups. In addition, various channels that distribute Cyber Threat Intelligence information free of charge have emerged, and studies on utilizing such channels have spread. As the market for sharing information professionally is expanding, the need to manage the shared information in various ways in order to achieve better result has arisen. This paper proposes a standardized management structure and method based on the standardized format and a meaning and standard of Cyber Threat Intelligence that can be shared outside when loading OSINT information collected from various channels into the graph database. This paper also proposes a method of supporting the detection provided by existing security equipment with the information saved in the graph database and an effective method of analysis. Lastly, the paper discusses the advantages that can be expected from saving cyber threat information in the graph database developed using information collected from the outside.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
