'I know what you did before': General framework for correlation analysis of cyber threat incidents

Daegeon Kim, Jiyoung Woo, Huy Kang Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

The importance of correlation analysis between cyber threat incidents using Cyber Threat Intelligence (CTI) from multiple sources is growing for the enhanced international collaboration on cyber threats. Well-analyzed CTI can increase capabilities to deter possible cyber threats. To this end, many standards have been proposed for efficient CTI expression and sharing to increase attack tractability and to prevent future cyber threats. Even though the standards are proposed, the lack of analysis methodologies reduces the usability of CTI. To overcome this limitation, we propose a general framework to support the efficient correlation analysis of cyber threat incidents using CTI. In the framework, related events are represented by the tree structure named Event Relation Tree (ERT), and the temporal transition of the event characteristics is expressed by Event Transition Graph (ETG). Through the case studies on our CTI dataset, we show the usefulness of ERT and ETG for the correlation analysis.

Original languageEnglish
Title of host publicationMILCOM 2016 - 2016 IEEE Military Communications Conference
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages782-787
Number of pages6
ISBN (Electronic)9781509037810
DOIs
Publication statusPublished - 2016 Dec 22
Event35th IEEE Military Communications Conference, MILCOM 2016 - Baltimore, United States
Duration: 2016 Nov 12016 Nov 3

Other

Other35th IEEE Military Communications Conference, MILCOM 2016
CountryUnited States
CityBaltimore
Period16/11/116/11/3

Keywords

  • Correlation Analysis
  • Cyber Threat Intelligence (CTI)
  • Event Relation Tree (ERT)
  • Event Transition Graph (ETG)

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Kim, D., Woo, J., & Kim, H. K. (2016). 'I know what you did before': General framework for correlation analysis of cyber threat incidents. In MILCOM 2016 - 2016 IEEE Military Communications Conference (pp. 782-787). [7795424] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MILCOM.2016.7795424