Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/75696
Title: SCE17-0185: STIX representation of cyber threat intelligence
Authors: Phua, Kin Wee
Keywords: DRNTU::Engineering::Computer science and engineering::Computing methodologies::Document and text processing
Issue Date: 2018
Abstract: In Cybersecurity operation, it is an important task to share Cyber Threat Intelligence (CTI). In order to facilitate CTI sharing, we need to have a flexible representation for these information. To allow organizations to perform automated checking to determine whether the IT environment of the organization matches the profile of such cyber threat targets. A proper machine-readable presentation is critical. Currently, it is very easy for anyone to download and retrieve huge amounts of shared CTIs every single day. Digesting such huge amounts of CTIs manually is both inefficient and unproductive, not to mention the possibility of redundant CTIs. Therefore, this project aims to develop a software system, that is able to compare and consolidate these downloaded CTI reports and based on these CTI reports, proactively search for relevant information on the internet. This software system would utilize and leverage on STIX’s, a structured language for cyber threat intelligence, expressiveness, flexibility, extensibility, automatability and human-readability to generate CTI reports that would increase the efficiency and productivity of ingesting CTIs. The individual components of the implemented software system should be loosely-coupled, so that the it would be easily scalable in the future and ease the task of debugging when error occurs. The implemented system is python-based and is designed in a modular fashion such that each key component is a single python file on its own and the main python file would import the corresponding functions from these python files when required. The results of this project are generally positive; however, certain situations would result in undesirable outcomes such as inaccuracy of the generated reports. The improvement in productivity of the generated reports are difficult to measure due to the subjective nature of what information the end-user is looking for in a CTI report. The implemented solution could definitely be further enhanced to increase its accuracy, proactiveness and overall robustness in handling more complex situations, such as utilizing neural network technologies or venturing further in the internet to search for value-added information.
URI: http://hdl.handle.net/10356/75696
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP report(amended).pdf
  Restricted Access
Amended Final Year Report1.57 MBAdobe PDFView/Open

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.