Publicação
Leveraging OSINT to improve threat intelligence quality
| datacite.subject.fos | Departamento de Informática | pt_PT |
| dc.contributor.advisor | Medeiros, Ibéria Vitória de Sousa, 1971- | |
| dc.contributor.advisor | Bessani, Alysson Neves, 1978- | |
| dc.contributor.author | Azevedo, Rui Correia Neves Cordeiro de | |
| dc.date.accessioned | 2019-02-27T10:36:54Z | |
| dc.date.available | 2019-02-27T10:36:54Z | |
| dc.date.issued | 2019 | |
| dc.date.submitted | 2019 | |
| dc.description | Tese de mestrado, Segurança Informática, Universidade de Lisboa, Faculdade de Ciências, 2019 | pt_PT |
| dc.description.abstract | The Impact of cyber-attacks and its cost has become a top priority for most organizations. To more aptly protect themselves, organizations are moving from reactive to proactive defensive measures, investing in cyber threat intelligence (CTI) to provide them forewarning about the risks they face, as well as to accelerate their response times in the detection of attacks. One means to obtain CTI is the collection of open source intelligence (OSINT) feeds via threat intelligence platforms and their representation as indicators of compromise (IoC). However, most of these platforms are providing threat information with little to no processing. This Situation increases the pressure on security analysts who, already faced with the arduous task of sorting through the multitude of alerts originating from their networks must also sort this additional flow of data to find relevant intelligence.This dissertation proposes an architecture to generate threat intelligence of quality in the form of new intelligence is obtained by correlating IoCs coming from different OSINT feeds that contain information on the same threat, aggregation them into clusters, and then representing the threat information contained within those clusters in a single enriched IoC. This dissertation first offers an overview of the use of CTI, methodologies, and technologies used, before proposing an architecture focused on a clustering approach, for which two methods are introduced, the naïve and the n-level aggregation. It then describes the implementation of this architecture and its validation. The proposal was implemented in a prototype confirmed with 34 OSINT feeds, which allowed the creation of enriched IoCs that may enable the identification of cyber-attacks not previously possible by analyzing the received IoCs individually. | pt_PT |
| dc.identifier.tid | 202195929 | |
| dc.identifier.uri | http://hdl.handle.net/10451/37202 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Cibersegurança | pt_PT |
| dc.subject | Open source intelligence (OSINT) | pt_PT |
| dc.subject | Informações de fonte aberta | pt_PT |
| dc.subject | Plataforma de partilha de informação sobre ameaças | pt_PT |
| dc.subject | Indicadores de comprometimento | pt_PT |
| dc.subject | Segurança | pt_PT |
| dc.subject | Teses de mestrado - 2019 | pt_PT |
| dc.title | Leveraging OSINT to improve threat intelligence quality | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Segurança Informática | pt_PT |