CLEVER: Crafting Intelligent MISP for Cyber Threat Intelligence
2024 (English)In: Proceedings - Conference on Local Computer Networks, LCN, IEEE Computer Society, 2024Conference paper, Published paper (Refereed)
Abstract [en]
Cyber Threat Intelligence (CTI) is crucial for modern cybersecurity because it provides the knowledge and insights needed to defend against a wide range of cyber threats. However, there are issues associated with incomplete and inconsistent CTI data that can lead to inaccurate threat assessments, increasing the risk of both false alarms and undetected threats. This paper introduces CLEVER, an extended version of the Malware Information Sharing Platform (MISP) platform that includes machine learning (ML) models to support the management and processing of CTI data. The models are designed to address specific challenges such as (i) prioritizing and ranking Indicators of Compromise (IoCs) based on severity and potential impact, (ii) classifying IoCs by attack type or threat, and (iii) aggregating similar IoCs into clusters. The effectiveness of the ML models employed in CLEVER has been thoroughly tested on three public CTI datasets, and the results provide encouraging outcomes in enhancing CTI management and analysis.
Place, publisher, year, edition, pages
IEEE Computer Society, 2024.
Keywords [en]
Adversarial machine learning, Phishing, Cyber security, Cyber threats, Extended versions, Falsealarms, Information sharing platforms, Intelligence analysis, Machine learning models, Malwares, Potential impacts, Threat assessment, Cyber attacks
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-69836DOI: 10.1109/LCN60385.2024.10639749ISI: 001433480800065Scopus ID: 2-s2.0-85214936871ISBN: 9798350388008 (print)OAI: oai:DiVA.org:mdh-69836DiVA, id: diva2:1930854
Conference
49th IEEE Conference on Local Computer Networks, LCN 2024, Caen, France, 8-10 October, 2024
2025-01-242025-01-242025-10-10Bibliographically approved