Taxonomical Challenges for Cyber Incident Response Threat Intelligence: A Review

As attackers continue to devise new means of exploiting vulnerabilities in computer systems, security personnel are doing their best to identify loopholes and threats. Analysis of threats to come up with effective mitigation techniques requires all-encompassing information about them. Security analysts can represent and share cyber threat information with semantic knowledge graphs within cyber security space to access. However, there should be no conflicting information because the response to threats must be immediate. This calls for a standardized taxonomy that is generally accepted within the cybersecurity space to represent information, ultimately making cyber threat intelligence (CTI) credible. This review looks into existing CTI-based ontologies, taxonomies, and knowledge graphs. The absence of standardized taxonomy identified could be responsible for limited taxonomy encoding and integration among existing CTI-based ontologies, as well as missing interconnections between taxonomies and existing ontologies. Hence, the development of a standardized taxonomy will enhance CTI effectiveness.