Trends in existing and emerging cyber threat intelligence platforms

Abstract

The purpose of this paper is to present comparative analysis of cyber threat intelligence platforms and their features. This work include comparative analysis of existing ontologies for cyber threat collectors/sensor, data enrichment and data analytical techniques used for raw data analysis and community models for sharing cyber threats, intelligence and countermeasures. Firstly, this work performs comparative analysis of various data sensors designed for collecting raw data from different networks: wired, wireless and mobile. Secondly, detail analysis is performed on various interfaces designed to map ontologies into schemas. Thirdly, efficient methods for data analysis are considered for comparative and detailed report. These method extracts threat information from raw data. Lastly, various cybersecurity community models are analyzed with an aim of identifying an efficient cyber threat sharing model. It is observed that ontology based data sensor mechanisms are more efficient as compared to taxonomy models. It helps in identifying various cyber threats in stipulated time period. In another observation, it is found that decision tree based data analytical techniques are more efficient for critical infrastructure based cyber threat intelligence systems as compared to other machine learning techniques. Further, open source community for cyber threat sharing is efficient if it allows everyone to share their threat information, create groups for specialized interests and keep logs of every subscriber. The proposed analysis is performed for open source and commercial cyber threat sharing platforms however various ontology models are available for intrusion detection systems in cyberspace. This work may be extended for other ontology models, deep learning threat analytical models and quality based threat sharing communities for non-IT sectors like: gas plants, water and electricity supply system etc. The proposed cybersecurity platform is useful for various practical systems where need of cybersecurity is increasing day by day. For example, Supervisory Control and Data Acquisition (SCADA) systems like: energy, oil/gas, transportation, power, water and waste water management systems etc. The conducted analysis is helpful in identifying appropriate cyber threat sharing platform for different applications.