ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00129774" target="_blank" >RIV/00216224:14610/22:00129774 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.1109/NOMS54207.2022.9789882" target="_blank" >https://doi.org/10.1109/NOMS54207.2022.9789882</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789882" target="_blank" >10.1109/NOMS54207.2022.9789882</a>
Alternative languages
Result language
angličtina
Original language name
ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence
Original language description
In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/VI20202022164" target="_blank" >VI20202022164: Advanced security orchestration and intelligent threat management</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2022
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022
ISBN
9781665406017
ISSN
1542-1201
e-ISSN
—
Number of pages
4
Pages from-to
1-4
Publisher name
IEEE
Place of publication
USA
Event location
Budapest, Hungary
Event date
Jan 1, 2022
Type of event by nationality
WRD - Celosvětová akce
UT code for WoS article
000851572700136