Taxonomy driven indicator scoring in MISP threat intelligence platforms

by   Sami Mokaddem, et al.

IT security community is recently facing a change of trend from closed to open working groups and from restrictive information to full information disclosure and sharing. One major feature for this trend change is the number of incidents and various Indicators of compromise (IoC) that appear on a daily base, which can only be faced and solved in a collaborative way. Sharing information is key to stay on top of the threats. To cover the needs of having a medium for information sharing, different initiatives were taken such as the Open Source Threat Intelligence and Sharing Platform called MISP. At current state, this sharing and collection platform has become far more than a malware information sharing platform. It includes all kind of IoCs, malware and vulnerabilities, but also financial threat or fraud information. Hence, the volume of information is increasing and evolving. In this paper we present implemented distributed data interaction methods for MISP followed by a generic scoring model for decaying information that is shared within MISP communities. As the MISP community members do not have the same objectives, use cases and implementations of the scoring model are discussed. A commonly encountered use case in practice is the detection of indicators of compromise in operational networks.


page 2

page 4

page 8

page 9


Decaying Indicators of Compromise

The steady increase in the volume of indicators of compromise (IoC) as w...

Orchestrating Collaborative Cybersecurity: A Secure Framework for Distributed Privacy-Preserving Threat Intelligence Sharing

Cyber Threat Intelligence (CTI) sharing is an important activity to redu...

Collaborative Information Sharing for ML-Based Threat Detection

Recently, coordinated attack campaigns started to become more widespread...

Cybersecurity Threat Hunting and Vulnerability Analysis Using a Neo4j Graph Database of Open Source Intelligence

Open source intelligence is a powerful tool for cybersecurity analysts t...

Creating Android Malware Knowledge Graph Based on a Malware Ontology

As mobile and smart connectivity continue to grow, malware presents a pe...

Efficient Collective Action for Tackling Time-Critical Cybersecurity Threats

The latency reduction between the discovery of vulnerabilities, the buil...

Please sign up or login with your details

Forgot password? Click here to reset