Ontology-based unified model for heterogeneous threat intelligence integration and sharing

Yishuai Zhao; Bo Lang; Ming Liu

doi:10.1109/ICASID.2017.8285734

Ontology-based unified model for heterogeneous threat intelligence integration and sharing

Yishuai Zhao^*
, Bo Lang
, Ming Liu

^*Corresponding author for this work

School of Computer Science and Engineering

Beihang University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

22 Scopus citations

Abstract

Threat intelligence contains valuable information for cyber security; however, usually the intelligence is from multiple sources and is described with different data formats and schemas, which not only leads to the inefficiency of intelligence integration and analysis, but also makes threat intelligence sharing difficult. Therefore, the unified representation of the threat intelligence becomes a crucial challenge. This paper presents an ontology-based unified model for describing the multi-source and heterogeneous threat intelligence. In our model, we first propose the cyber security ontology and the unified model. Hence, the threat intelligence from different sources can be mapped to our unified model to achieve unified representation, which makes threat intelligence sharing and analysis more efficient. Furthermore, we propose and implement an intelligence integration framework based on our unified intelligence model and the open source intelligence collection tool IntelMQ. The feasibility and effectiveness of our model is verified by the performance of this framework.

Original language	English
Title of host publication	Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017
Editors	Jianyang Zhou, Donghui Guo, Jiyang Dong
Publisher	IEEE Computer Society
Pages	11-15
Number of pages	5
ISBN (Electronic)	9781538605325
DOIs	https://doi.org/10.1109/ICASID.2017.8285734
State	Published - 2 Jul 2017
Event	11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 - Xiamen, China Duration: 27 Oct 2017 → 29 Oct 2017

Publication series

Name	Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID
Volume	2017-October
ISSN (Print)	2163-5048
ISSN (Electronic)	2163-5056

Conference

Conference	11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017
Country/Territory	China
City	Xiamen
Period	27/10/17 → 29/10/17

Keywords

Intelligence integration
Ontology
Threat intelligence
Unified model

Access to Document

10.1109/ICASID.2017.8285734

Cite this

Zhao, Y., Lang, B., & Liu, M. (2017). Ontology-based unified model for heterogeneous threat intelligence integration and sharing. In J. Zhou, D. Guo, & J. Dong (Eds.), Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 (pp. 11-15). (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID; Vol. 2017-October). IEEE Computer Society. https://doi.org/10.1109/ICASID.2017.8285734

Zhao, Yishuai ; Lang, Bo ; Liu, Ming. / Ontology-based unified model for heterogeneous threat intelligence integration and sharing. Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. editor / Jianyang Zhou ; Donghui Guo ; Jiyang Dong. IEEE Computer Society, 2017. pp. 11-15 (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID).

@inproceedings{ee0a0e9bfc624ea3afeedbb704b3c31c,

title = "Ontology-based unified model for heterogeneous threat intelligence integration and sharing",

abstract = "Threat intelligence contains valuable information for cyber security; however, usually the intelligence is from multiple sources and is described with different data formats and schemas, which not only leads to the inefficiency of intelligence integration and analysis, but also makes threat intelligence sharing difficult. Therefore, the unified representation of the threat intelligence becomes a crucial challenge. This paper presents an ontology-based unified model for describing the multi-source and heterogeneous threat intelligence. In our model, we first propose the cyber security ontology and the unified model. Hence, the threat intelligence from different sources can be mapped to our unified model to achieve unified representation, which makes threat intelligence sharing and analysis more efficient. Furthermore, we propose and implement an intelligence integration framework based on our unified intelligence model and the open source intelligence collection tool IntelMQ. The feasibility and effectiveness of our model is verified by the performance of this framework.",

keywords = "Intelligence integration, Ontology, Threat intelligence, Unified model",

author = "Yishuai Zhao and Bo Lang and Ming Liu",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017 ; Conference date: 27-10-2017 Through 29-10-2017",

year = "2017",

month = jul,

day = "2",

doi = "10.1109/ICASID.2017.8285734",

language = "英语",

series = "Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID",

publisher = "IEEE Computer Society",

pages = "11--15",

editor = "Jianyang Zhou and Donghui Guo and Jiyang Dong",

booktitle = "Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017",

address = "美国",

}

Zhao, Y, Lang, B & Liu, M 2017, Ontology-based unified model for heterogeneous threat intelligence integration and sharing. in J Zhou, D Guo & J Dong (eds), Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID, vol. 2017-October, IEEE Computer Society, pp. 11-15, 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017, Xiamen, China, 27/10/17. https://doi.org/10.1109/ICASID.2017.8285734

Ontology-based unified model for heterogeneous threat intelligence integration and sharing. / Zhao, Yishuai; Lang, Bo; Liu, Ming.
Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. ed. / Jianyang Zhou; Donghui Guo; Jiyang Dong. IEEE Computer Society, 2017. p. 11-15 (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID; Vol. 2017-October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Ontology-based unified model for heterogeneous threat intelligence integration and sharing

AU - Zhao, Yishuai

AU - Lang, Bo

AU - Liu, Ming

PY - 2017/7/2

Y1 - 2017/7/2

N2 - Threat intelligence contains valuable information for cyber security; however, usually the intelligence is from multiple sources and is described with different data formats and schemas, which not only leads to the inefficiency of intelligence integration and analysis, but also makes threat intelligence sharing difficult. Therefore, the unified representation of the threat intelligence becomes a crucial challenge. This paper presents an ontology-based unified model for describing the multi-source and heterogeneous threat intelligence. In our model, we first propose the cyber security ontology and the unified model. Hence, the threat intelligence from different sources can be mapped to our unified model to achieve unified representation, which makes threat intelligence sharing and analysis more efficient. Furthermore, we propose and implement an intelligence integration framework based on our unified intelligence model and the open source intelligence collection tool IntelMQ. The feasibility and effectiveness of our model is verified by the performance of this framework.

AB - Threat intelligence contains valuable information for cyber security; however, usually the intelligence is from multiple sources and is described with different data formats and schemas, which not only leads to the inefficiency of intelligence integration and analysis, but also makes threat intelligence sharing difficult. Therefore, the unified representation of the threat intelligence becomes a crucial challenge. This paper presents an ontology-based unified model for describing the multi-source and heterogeneous threat intelligence. In our model, we first propose the cyber security ontology and the unified model. Hence, the threat intelligence from different sources can be mapped to our unified model to achieve unified representation, which makes threat intelligence sharing and analysis more efficient. Furthermore, we propose and implement an intelligence integration framework based on our unified intelligence model and the open source intelligence collection tool IntelMQ. The feasibility and effectiveness of our model is verified by the performance of this framework.

KW - Intelligence integration

KW - Ontology

KW - Threat intelligence

KW - Unified model

UR - https://www.scopus.com/pages/publications/85045253515

U2 - 10.1109/ICASID.2017.8285734

DO - 10.1109/ICASID.2017.8285734

M3 - 会议稿件

AN - SCOPUS:85045253515

T3 - Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID

SP - 11

EP - 15

BT - Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017

A2 - Zhou, Jianyang

A2 - Guo, Donghui

A2 - Dong, Jiyang

PB - IEEE Computer Society

T2 - 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017

Y2 - 27 October 2017 through 29 October 2017

ER -

Zhao Y, Lang B, Liu M. Ontology-based unified model for heterogeneous threat intelligence integration and sharing. In Zhou J, Guo D, Dong J, editors, Proceedings of 2017 11th IEEE International Conference on Anti-Counterfeiting, Security, and Identification, ASID 2017. IEEE Computer Society. 2017. p. 11-15. (Proceedings of the International Conference on Anti-Counterfeiting, Security and Identification, ASID). doi: 10.1109/ICASID.2017.8285734

Ontology-based unified model for heterogeneous threat intelligence integration and sharing

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this