{"title":"A Robust Architecture for Aggregation of Heterogeneous Data for Threat Intelligence Platforms","authors":"Afzal Yasmeen, Asim Muhammad, Khan Kifayat Ullah","doi":"10.1109/INMIC56986.2022.9972973","DOIUrl":null,"url":null,"abstract":"With increased dependency on computers, the threat of cyber-attacks becomes more prevalent. Cyber threat intelligence gathers reports from previous threats and helps to identify potential future attacks. The challenge for threat intelligence is overloaded threat feeds from various sources with structural heterogeneity. Currently, most of the sources share same type of data in heterogeneous format with different identifiers. In this paper, an architecture has been proposed for data aggregation from heterogeneous sources. The architecture is based on a three tier model that maps the heterogeneous sources' feeds into the target Threat Intelligence Platform (TIP). In this model, each layer has its own set of tasks and works in a step-by-step pattern, the output of one layer is input to the next layer. The working of this model is entirely dependent on the XML broker for dynamic mapping of sources. The objective is to have a unified system that can transform data from heterogeneous sources into a unified form that can assist the TIP in further statistics generation for analysis. This architecture has been implemented over six heterogeneous sources and performed data aggregation.","PeriodicalId":404424,"journal":{"name":"2022 24th International Multitopic Conference (INMIC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 24th International Multitopic Conference (INMIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INMIC56986.2022.9972973","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
With increased dependency on computers, the threat of cyber-attacks becomes more prevalent. Cyber threat intelligence gathers reports from previous threats and helps to identify potential future attacks. The challenge for threat intelligence is overloaded threat feeds from various sources with structural heterogeneity. Currently, most of the sources share same type of data in heterogeneous format with different identifiers. In this paper, an architecture has been proposed for data aggregation from heterogeneous sources. The architecture is based on a three tier model that maps the heterogeneous sources' feeds into the target Threat Intelligence Platform (TIP). In this model, each layer has its own set of tasks and works in a step-by-step pattern, the output of one layer is input to the next layer. The working of this model is entirely dependent on the XML broker for dynamic mapping of sources. The objective is to have a unified system that can transform data from heterogeneous sources into a unified form that can assist the TIP in further statistics generation for analysis. This architecture has been implemented over six heterogeneous sources and performed data aggregation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
