Enhancements to Threat, Vulnerability, and Mitigation Knowledge for Cyber Analytics, Hunting, and Simulations

16Citations
Citations of this article
63Readers
Mendeley users who have this article in their library.

Abstract

Cross-linked threat, vulnerability, and defensive mitigation knowledge is critical in defending against diverse and dynamic cyber threats. Cyber analysts consult it by deductively or inductively creating a chain of reasoning to identify a threat starting from indicators they observe or vice versa. Cyber hunters use it abductively to reason when hypothesizing specific threats. Threat modelers use it to explore threat postures. We aggregate five public sources of threat knowledge and three public sources of knowledge that describe cyber defensive mitigations, analytics, and engagements and which share some unidirectional links between them. We unify the sources into a graph, and in the graph, we make all unidirectional cross-source links bidirectional. This enhancement of the knowledge makes the questions that analysts and automated systems formulate easier to answer. We demonstrate this in the context of various cyber analytic and hunting tasks as well as modeling and simulations. Because the number of linked entries is very sparse, to further increase the analytic utility of the data, we use natural language processing and supervised machine learning to identify new links. These two contributions demonstrably increase the value of the knowledge sources for cyber security activities.

Cite

CITATION STYLE

APA

Hemberg, E., Turner, M. J., Rutar, N., & O’Reilly, U. M. (2024). Enhancements to Threat, Vulnerability, and Mitigation Knowledge for Cyber Analytics, Hunting, and Simulations. Digital Threats: Research and Practice, 5(1). https://doi.org/10.1145/3615668

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free