Advanced Threat Intelligence Modeling for Proactive Cyber Defense Systems

Abstract

Today’s cyber threat landscape is characterized by a broad spectrum of attacks with significant impact on businesses, societies, and nations. Most of these attacks involve espionage, cybercrime, or hacktivism. The key actors are well-known: the state in many countries, organized crime groups, and a loose coalition of hacktivists, self-styled idealists, etc. In addition to espionage and cybercrime, groups seeking fame, infamy or monetary gain are also involved; this introduces a recreational motivation to the threat landscape. Recently published reports provide valuable insights into the current threat intelligence landscape as well as emerging trends. However, ever-increasing budget constraints, the omnipresence of targeted threat, scarcity of first-hand threat intelligence, trustworthiness, veracity, up-to- dateness, timeframe, and underlying data sources have created dilemmas and challenges for organizations seeking timely, rel- evant, accurate, and helpful threat intelligence. Regardless of which type of threat actors an organization faces, most defensive tactics and counter-measures are generally well known. State- of-the-art proactive approaches may even allow defenders to anticipate, predict and proactively neutralize highly sophisti- cated and destructive cyber-attacks before the attackers have finalized their preparations. Developing such proactive cyber- defence capabilities requires aligning the defence life-cycle with the attack life-cycle and utilizing threat intelligence to support the defence life-cycle functions of real-time threat assessment, prediction, simulation and scoring. The success of these functions in mitigating imminent threats hinges on the freshness, accuracy, relevance, completeness, scale, quality and explainability of the threat intelligence involved.