ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14610%2F22%3A00129774" target="_blank" >RIV/00216224:14610/22:00129774 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1109/NOMS54207.2022.9789882" target="_blank" >https://doi.org/10.1109/NOMS54207.2022.9789882</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789882" target="_blank" >10.1109/NOMS54207.2022.9789882</a>

Jazyk výsledku

angličtina

Název v původním jazyce

ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence

Popis výsledku v původním jazyce

In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.

Název v anglickém jazyce

ObservableDB: An Inverted Index for Graph-Based Traversal of Cyber Threat Intelligence

Popis výsledku anglicky

In this paper, we address the lack of analytical tools and search interfaces, which would help both humans and machines to navigate and correlate the floods of heterogeneous cyber threat intelligence (CTI) data generated every day. This work supports our long-term goal of machine-assisted discovery and inference of detectable indicators for adversarial tactics, techniques, and procedures from the available CTI. In particular, we present the idea of an observable database that works as an inverted index for CTI. This observable-centric concept is supported by a fully-functional practical result that leverages a meta-programming approach to auto-generate a graph-based API for data search and manipulation. The created prototype allows for powerful graph-based filtering, traversal and retrieval of the stored cyber observables and the referenced CTI.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20202022164" target="_blank" >VI20202022164: Pokročilá orchestrace bezpečnosti a inteligentní řízení hrozeb</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022

ISBN

9781665406017

ISSN

1542-1201

e-ISSN

—

Počet stran výsledku

4

Strana od-do

1-4

Název nakladatele

IEEE

Místo vydání

USA

Místo konání akce

Budapest, Hungary

Datum konání akce

1. 1. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000851572700136