APPLICATION OF THE THREAT INTELLIGENCE PLATFORM TO INCREASE THE SECURITY OF GOVERNMENT INFORMATION RESOURCES
Bohdan Nikolaienko
nikolaenko_iszzi@ukr.netInstitute for Special Communication and Information Protection of the National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Department of Telecommunication Systems (Ukraine)
http://orcid.org/0000-0002-6888-5947
Serhii Vasylenko
Institute for Special Communication and Information Protection of the National Technical University of Ukraine, “Igor Sikorsky Kyiv Polytechnic Institute” (Ukraine)
http://orcid.org/0000-0001-6779-8246
Abstract
With the development of information technology, the need to solve the problem of information security has increased, as it has become the most important strategic resource. At the same time, the vulnerability of the modern information society to unreliable information, untimely receipt of information, industrial espionage, computer crime, etc. is increasing. In this case, the speed of threat detection, in the context of obtaining systemic information about attackers and possible techniques and tools for cyberattacks in order to describe them and respond to them quickly is one of the urgent tasks. In particular, there is a challenge in the application of new systems for collecting information about cyberevents, responding to them, storing and exchanging this information, as well as on its basis methods and means of finding attackers using integrated systems or platforms. To solve this type of problem, the promising direction of Threat Intelligence as a new mechanism for acquiring knowledge about cyberattacks is studied. Threat Intelligence in cybersecurity tasks is defined. The analysis of cyberattack indicators and tools for obtaining them is carried out. The standards of description of compromise indicators and platforms of their processing are compared. The technique of Threat Intelligence in tasks of operative detection and blocking of cyberthreats to the state information resources is developed. This technique makes it possible to improve the productivity of cybersecurity analysts and increase the security of resources and information systems.
Keywords:
threat intelligence, cybersecurity, cyberdefenseReferences
Hutchins E. M. et al.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, 2010.
Google Scholar
Palacín V.: Practical Threat Intelligence and Data-Driven Threat Hunting. Packt Publishing Ltd., 2021.
Google Scholar
Potiy O. et al.: Conceptual principles of implementation of organizational and technical model of cyber defense of Ukraine. Information protection 23(1), 2021.
Google Scholar
Rid T. et al.: Attributing Cyber Attacks. The Journal of Strategic Studies 38(1-2), 2015, 4–37.
DOI: https://doi.org/10.1080/01402390.2014.977382
Google Scholar
Shackleford D.: Who's Using Cyberthreat Intelligence and How? SANS Institute 2015.
Google Scholar
Zhylin M. et al.: Functional model of cybersecurity situation center. Information Technology and Security 6(2), 2018, 51–67 [http://doi.org/10.20535/2411-031.2018.6.2.153490].
DOI: https://doi.org/10.20535/2411-1031.2018.6.2.153490
Google Scholar
Exploring the opportunities and limitations of current Threat Intelligence Platforms. Public version 1.0, ENISA, December 2017.
Google Scholar
Standards and tools for exchange and processing of actionable information. European Union Agency for Network and Information Security, 2017.
Google Scholar
https://attack.mitre.org
Google Scholar
https://rvision.pro/blog-posts/chto-takoe-threat-intelligence-iv-chem-ego-tsennost
Google Scholar
https://threatconnect.com/blog/diamond-model-threat-intelligence-star-wars/
Google Scholar
https://www.anomali.com/resources/what-is-a-tip
Google Scholar
https://www.cisco.com/c/uk_ua/products/security/security-reports.html
Google Scholar
https://www.forcepoint.com/cyber-edu/threat-intelligence
Google Scholar
https://www.fortinet.com/ru
Google Scholar
https://www.ncsc.gov.uk
Google Scholar
https://www.ncsc.gov.uk/content//files/protected_files/guidance_files//MWR_Threat_Intelligence_whitepaper-2015.pdf
Google Scholar
https://www.nist.gov
Google Scholar
https://zakon.rada.gov.ua/laws/show/2163-19#Text
Google Scholar
https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF#Text
Google Scholar
Authors
Bohdan Nikolaienkonikolaenko_iszzi@ukr.net
Institute for Special Communication and Information Protection of the National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Department of Telecommunication Systems Ukraine
http://orcid.org/0000-0002-6888-5947
Authors
Serhii VasylenkoInstitute for Special Communication and Information Protection of the National Technical University of Ukraine, “Igor Sikorsky Kyiv Polytechnic Institute” Ukraine
http://orcid.org/0000-0001-6779-8246
Statistics
Abstract views: 402PDF downloads: 263
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
