Cyber Threat Intelligence Model: An Evaluation of Taxonomies and Sharing Platforms

To defend assets, data, and information against state-of-the-art and increasing number of cyber threats, cyber defenders should be one step ahead of these cybercriminals. This phase is possible if and only if the cyber defender gathers enough information about threats, risks, vulnerabilities, attacks, and countermeasures on time or before an incident is going to happen. Cyberse- curity staff collects cyber threat information from multiple sources, extending from inter-organizations to publicly available sources, threat intelligence sharing platforms such as mailing lists or expert blogs, etc. Intelligence provides evidence-based knowledge regarding potential or existing threats. The advantages of threat intelligence are the effectiveness of security opera- tions and better efficiency in detection and prevention abilities. Good threat intelligence for cyber domains requires a knowledge base containing threat 4information and an effective way to present this knowledge. For this purpose, taxonomies, ontologies, and sharing platforms are used. The proposed cyber threat intelligence model enables cybersecurity experts to investigate their capabilities for threat intelligence and comprehend their position against the continuously changing landscape of cyber threats. Moreover, this model is used for analyzing and evaluating numerous existing sharing platform taxonomies, ontologies, and sharing platforms related to cyber threat intel- ligence. The results indicate a need for an ontology that covers the whole spectrum of CTI in the community of cybersecurity. Cybersecurity staff collects cyber threat information from multiple sources, extending from inter-organizations to publicly available sources, threat intelligence sharing platforms such as mailing lists or expert blogs, etc. Intelligence provides evidence-based knowledge regarding potential or existing threats. There has been very little research on public "information security" data sources and the sharing of threats. This chapter address gaps by analyzing publicly available threat intelligence sharing platforms. A consequence of this is the unavailability of public data security sources and their dependencies are not systematically or comprehensively reviewed by research and practice. Advanced persistent threats (APT) and the fast-changing cyberattack landscape mutual exchange of relevant cyber threats information. Mostly, exploiting weaknesses exists in multiple systems, products, or networks rather than la