Developing the Analysis Tool of Cyber-Attacks by Using CTI and Attributes of Organization

Abstract

Cyber Threat Intelligence (CTI) is a source of useful information for organizations to take countermeasures against cyber-attacks. The process of using CTI is not automatic and requires human interventions, because we have to (1) check the CTI data to avoid obstructing business before executing countermeasures and (2) identify the similarity among CTI data to make the countermeasures effective. However, human tasks in using CTI are difficult, because CTI is inherently not human friendly and a large amount of CTI data is provided. Hence, we have to spend a lot of time before taking countermeasures. To solve this problem, we developed an analysis tool which can pick up and visualize a useful subset of CTI information as a graph, together with attributes of the organization, to help human judgment. By using graph structure, the relevancy to the organization and the similarity among CTI data are revealed at a glance. Moreover, the tool enables the reconciliation of CTI data, i.e. adding new relationships between them, to store the result of the analysis for later use. This helps us to take sophisticated countermeasures.